python/cgi/html bug

[Dfenestr8]

Hi.

I've written a cgi messageboard script in python, for an irc chan I happen
to frequent.

Bear with me, it's hard for me to describe what the bug is. So I've
divided this post into two sections: HOW MY SCRIPTS WORKS, and WHAT THE
BUG IS.



HOW MY SCRIPT WORKS 

Basically, it's divided into two executable scripts......

One is the thread viewer, ppthread.py, which views threads. When someone
posts a new topic, for instance called "Generic new topic", it creates
a file called "Generic new topic.thread". It stores the post, and any
subsequent posts under in the thread in that file. Nice and simple I
figured.

The other executable script is the topic viewer, pptopic.py. All that does
is display the topics, by doing a "tops = os.popen('ls -c *.thread')" The
"ls -c" part reads the threads in the order in which they've been
modified, so the first item in the list is always the thread most recently
posted in. 

It then creates an html link to each of the threads ... on the page the
html looks like....

<a href = ppthread.py?subject=foo>foo</a><br>

WHAT THE BUG IS ....

The problem is when someone posts a new topic, and that topic happens to
have "" double quotes, or any other strange character, some strange
glitches occur. 

Best way to describe is to demonstrate it is go to the forum and try
it yourself. Try entering a topic with straight, ordindary characters, not
that you can re enter the thread any time you want and make new posts
under it. Then try entering a thread with new or whacky characters and see
how far you get.

http://funkmunch.net/~pirch/cgi-bin/alphaforum/pptopic.py

BTW, if you want to download the script, here it is in gzipped form
http://funkmunch.net/~pirch/pepperpot.tgz