kitoy/pywallter
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Escape form for blog

Browse Source
This commit is contained in:
kitoy 2025-12-22 16:23:32 +01:00
parent 7bd8614359
commit 9c36563ffd
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
views/blog.py
View File

@ -31,11 +31,11 @@ DESC_SERVER = app.config['DESC_SERVER']
def new_article(): def new_article():
user = '%s'% escape(session['username']) user = '%s'% escape(session['username'])
if request.method == 'POST': if request.method == 'POST':
title = request.form['title'] title = str(request.form['title'])
subtitle = request.form['subtitle'] subtitle = str(request.form['subtitle'])
category = request.form['category'] category = str(request.form['category'])
content = request.form['content'] content = str(request.form['content'])
status = request.form['status'] status = str(request.form['status'])
post_date = time.strftime("%d/%m/%Y %H:%M:%S") post_date = time.strftime("%d/%m/%Y %H:%M:%S")
if 'blog-unified' in request.form.keys(): if 'blog-unified' in request.form.keys():
status = status+'_unified' status = status+'_unified'
@ -55,18 +55,18 @@ def edit(title):
user='%s'% escape(session['username']) user='%s'% escape(session['username'])
folder_blog = DOSSIER_PERSO + user + "/blog/articles/" folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
if request.method == 'POST' : if request.method == 'POST' :
title = request.form['title'] newtitle = str(request.form['title'])
subtitle = request.form['subtitle'] subtitle = str(request.form['subtitle'])
category = request.form['category'] category = str(request.form['category'])
newcontent = request.form['content'] newcontent = str(request.form['content'])
newstatus = request.form['status'] newstatus = str(request.form['status'])
updated = time.strftime("%d/%m/%Y %H:%M:%S") updated = time.strftime("%d/%m/%Y %H:%M:%S")
conn = sqlite3.connect(DATABASE) conn = sqlite3.connect(DATABASE)
cursor = conn.cursor() cursor = conn.cursor()
if 'blog-unified' in request.form.keys(): if 'blog-unified' in request.form.keys():
newstatus = newstatus+'_unified' newstatus = newstatus+'_unified'
cursor.execute("""UPDATE Blog_posts SET title=?, subtitle=?, category=?, last_updated=?, status=?, content=? WHERE title=? AND author=?""", (title, subtitle, category, updated, newstatus, newcontent, title, user)) cursor.execute("""UPDATE Blog_posts SET title=?, subtitle=?, category=?, last_updated=?, status=?, content=? WHERE title=? AND author=?""", (newtitle, subtitle, category, updated, newstatus, newcontent, title, user))
conn.commit() conn.commit()
conn.close() conn.close()
return redirect(url_for('blog.list_articles_blog')) return redirect(url_for('blog.list_articles_blog'))