Line 36 examines the qr codes for None filename posted to the script to make sure it contains only alphanumeric characters and ends with .xml; if not, the script redirects the client to error.html.

This prevents a malicious user from writing to a system file or otherwise gaining unrestricted access to the server. However, it is important to note that other solutions exist, such as generating filenames on the server. If the filename is permitted, line 43 attempts to create the file by calling function open.

Line 44 opens file forums.xml for reading and writing ("r+"). Line 40 opens the template XML document named template.

xml (Fig. 16.25), which provides a forum s. Page 555 Wednesday, December 19, 2001 2:46 PM 16 . Python XML Processing markup. The template QRCode for None contains an empty forums element, to which the forum name and filename are added programmatically. If an error occurs during an attempt to open any file, the client is redirected to error.

html. Line 51 instantiates a DOM parser and assigns it to variable reader. Line 52 loads and parses forums.

xml; the Document object created is assigned to variable document. Because we wish to create a forum element within forums, line 55 calls the Document object s createElement method with the name of the new element ("forum"). The filename attribute of the new Element node is set by calling setAttribute and passing the attribute s name and value.

The forum element contains only one piece of information the forum name added by lines 58 61. Line 58 creates another Element node named name. To add character data to the new Element node, a child Text node must be created.

We call method createTextNode (line 59) with the forum name from the form (i.e., form[ "name" ].

value). Line 60 appends the Text node to the Element node referenced by name by calling method appendChild. Line 61 adds the Element node referenced by name to the Element node referenced by forum.

Line 64 accesses the documentElement attribute of document to obtain the root element node (i.e., forums).

Lines 65 66 obtain a NodeList of all forum elements by calling method getElementsByTagName, the first of which is assigned to variable firstForum. Line 67 inserts the new Element node referenced by forum before the first child node of forums by calling method insertBefore. With this technique, the most recently added forums appear first in the forum list.

To update forums.xml, line 70 seeks to the beginning and deletes any existing data (by truncating the file to size 0). Line 72 then calls function PrettyPrint to write the updated XML to forumsFile.

Line 76 loads and parses file template.xml (Fig. 16.

25) by calling method fromStream and assigns the Document object created to variable document. Line 77 uses documentElement to get the root element, and line 78 sets its file attribute s value to the specified filename. Lines 81 84 add the name node, and lines 87 88 output the updated XML to newForumFile and close the file.

Lines 89 90 close template.xml and release the Document object from memory. The user is redirected to default.

py in line 92. Figure 16.26 contains the Python script that allows users to add messages to a forum.

When formatting.xsl (Fig. 16.

27) is applied to a forum document, a link to is added to the page, which includes the current forum s filename. This filename is passed to addPost.

py (e.g., addPost.

py file=forum1.xml)..

1 2 3 4 5 6 7 8. < xml version = " QR Code JIS X 0510 for None 1.0" > <!-- Fig. 16.

25: template.xml --> <!-- Empty forum file --> < xml:stylesheet type = "text/xsl" href = "..

/XML/formatting.xsl" > <forum> </forum>.
