AdamAnt/QuotesDB
1
0
Fork 0
mirror of https://github.com/Adam-Ant/QuotesDB synced 2024-07-06 05:26:10 +00:00
Code Issues Releases Wiki Activity

Strip unneeded whitespace

Browse Source
This commit is contained in:
Adam Dodman 2017-10-05 15:43:56 +01:00
parent 7763ce90cf
commit 60421dcdfb
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
main.py
View File

@ -14,7 +14,7 @@ app = Flask(__name__)
# Remove Trailing and leading whitespace, strip unicode
def cleanup_string(text):
text = text.encode("ascii", "replace").decode()
return text.strip()
return text.strip()
def get_userdb():
global userdb
@ -78,7 +78,7 @@ def do_user_login(user, password):
if pass_ctx.verify(password, userdata[3]):
session['username'] = user
session['uid'] = userdata[0]
session['isAdmin'] = bool(ord(userdata[4]))
session['isAdmin'] = bool(ord(userdata[4]))
return redirect(url_for('index'))
else:
@ -156,8 +156,8 @@ def addquote():
quotein = pymysql.escape_string(request.form['quote'])
contextin = pymysql.escape_string(request.form['context'])
userin = pymysql.escape_string(request.form['user'])
#Remove Trailing and leading whitespace, strip unicode
quotein = cleanup_string(quotein)
contextin = cleanup_string(contextin)
@ -170,27 +170,27 @@ def addquote():
if (len(quotein) > 500) or (len(contextin) > 500):
flash("Error: Quote too long. Stop fucking with the code :P","danger")
return redirect(url_for("addquote"))
# This checks if the user value has been changed to a non integer
try:
userin = int(userin)
except:
flash("Error: Invalid userID. Stop fucking with the code :P","danger")
return redirect(url_for("addquote"))
# Check if the value is out of range of the valid uid's
if (userin > int(userdb[-1][0]) or (userin <= 0)):
flash("Error: Invalid userID. Stop fucking with the code :P","danger")
return redirect(url_for("addquote"))
if not contextin:
contextin = "NULL"
else:
contextin = "\'" + contextin + "\'"
sql = "INSERT INTO `Quotes` (`id`, `quote`, `date`, `user`, `context`, `addedby`) VALUES (NULL, '%s', CURRENT_TIMESTAMP, %d, %s, %s);" % (quotein, userin, contextin, session['uid'])
print(sql)
mysql_do(sql)