[Python-Dev] cgitb.py for Python 2.2

Ka-Ping Yee ping@lfw.org
Mon, 30 Jul 2001 19:43:45 -0700 (PDT) 

Hi guys.

Sorry i've been fairly quiet recently -- at least life isn't dull.
I wanted to put in a few words for cgitb.py for your consideration.

I think you all saw it at IPC 9 -- if you missed the presentation,
there are examples at http://www.lfw.org/python to check out.

What i'm proposing is that we toss cgitb.py into the standard library
(pretty small at about 100 lines, since all the heavy lifting is in
pydoc and inspect).  Then we can add this to site.py:

    if os.environ.has_key("GATEWAY_INTERFACE"):
        import sys, cgitb
        sys.excepthook = cgitb.excepthook

I think this is pretty safe, since GATEWAY_INTERFACE is guaranteed
to exist under the CGI specification and should never appear in any
other context.  cgitb.py is written in paranoid fashion -- if anything
goes wrong during generation of the HTML traceback, sys.stderr still
goes to the browser; and if for some reason the page gets dumped to
a shell somewhere, the original traceback is still visible in a comment
at the end of the page.

The upside is that we *automagically* get pretty tracebacks for all
the Python CGI scripts there, with zero effort from the CGI script
writers.  I think this is a really strong hook for people getting
started with Python.

No more "internal server error" messages followed by the annoying
task of inserting "print 'Content-Type: text/html\n\n<pre>'" into
all your scripts!  As for me, i've probably done this hundreds of
times now, and would love to stop doing it.

I anticipate a possible security concern (as this shows bits of your
source code to strangers when problems happen).  So i have tried to
address that by providing a SECRET flag in cgitb that causes the
tracebacks to get written to files instead of the Web browser.

Opinions and suggestions are welcomed!  (I'm looking at the good
stuff that the WebWare people have done with it, and i plan to
merge in their improvements.  For the HTML-heads out there in
particular, i'm looking for your thoughts on the reset() routine.)


-- ?!ng