#1
  1. Contributing User
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jun 2003
    Location
    Thessaloniki
    Posts
    1,284
    Rep Power
    13

    Question Checking if a file exists in a certain directory


    Hello,

    Is this the correct way to check if a variable has a value and if that value is in fact an actual file from within a specific directory?

    Code:
    cgi_path = '/home/nikos/public_html/cgi-bin/'
    
    if page and os.path.isfile( cgi_path + page ) in os.listdir( cgi_path ):
    What is now proved was once only imagined!
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2013
    Location
    /dev/null
    Posts
    163
    Rep Power
    19
    Code:
    if cgi_path and os.path.exists(cgi_path):
  4. #3
  5. Contributing User
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jun 2003
    Location
    Thessaloniki
    Posts
    1,284
    Rep Power
    13
    No this is wrong. I think the correct statement should ne:

    Code:
    if page and page in os.listdir( cgi_path ):
    What is now proved was once only imagined!
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2013
    Location
    /dev/null
    Posts
    163
    Rep Power
    19
    Originally Posted by Nik
    Code:
    if page and page in os.listdir( cgi_path ):
    IMHO, a better choice would be to do this:
    Code:
    if page and os.path.exists(cgi_path + '/' + page):
    This way, you can avoid creating a list in memory and searching for a entry in the list.
  8. #5
  9. Contributing User
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jun 2003
    Location
    Thessaloniki
    Posts
    1,284
    Rep Power
    13
    Someone can exploit that ba passing values like page="../../../../etc/passwd' while in my code he will fail if he does that.
    What is now proved was once only imagined!

IMN logo majestic logo threadwatch logo seochat tools logo