diff options
| author | Philip Sargent <philip.sargent@gmail.com> | 2023-08-08 19:23:55 +0300 |
|---|---|---|
| committer | Philip Sargent <philip.sargent@gmail.com> | 2023-08-08 19:23:55 +0300 |
| commit | 741754e676a7845990ebf24570cc919a906646cc (patch) | |
| tree | 2db26463804809505d2175d76db78817654938dd /core/views/uploads.py | |
| parent | c2ae586e5b426e28f1401a7955393d1de1539788 (diff) | |
| download | troggle-741754e676a7845990ebf24570cc919a906646cc.tar.gz troggle-741754e676a7845990ebf24570cc919a906646cc.tar.bz2 troggle-741754e676a7845990ebf24570cc919a906646cc.zip | |
some input validation
Diffstat (limited to 'core/views/uploads.py')
| -rw-r--r-- | core/views/uploads.py | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/core/views/uploads.py b/core/views/uploads.py index 55be212..1ba5cf1 100644 --- a/core/views/uploads.py +++ b/core/views/uploads.py @@ -71,13 +71,23 @@ def logbookedit(request, year=None): return render(request, "errors/generic.html", {"message": message}) else: # validation all to be done yet.. - date = request.POST["date"] # check valid and this year - author = request.POST["author"] # check against personexpedition - others = request.POST["others"] # check each against personexpedition - place = request.POST["place"] # no hyphens ! - title = request.POST["title"] - entry = request.POST["text"] # replace 2 \n or <p> with <br><br> - tu = request.POST["tu"] # check numeric + date = request.POST["date"].strip() # check valid and this year + author = request.POST["author"].strip() # check against personexpedition + others = request.POST["others"].strip() # check each against personexpedition + place = request.POST["place"].strip().replace('-','=') # no hyphens ! + title = request.POST["title"].strip() + entry = request.POST["text"].strip() # get rid of trailing spaces + entry = entry.replace('\r','') # remove HTML-standard CR inserted + entry = entry.replace('\n\n','\n<br /><br />\n') # replace 2 \n with <br><br> + entry = entry.replace('<p','<br /><br') # replace <p> tag, even if it has attributes, with <br><br> + entry = entry.replace('<br>','<br />') # clean up previous hack + tu = request.POST["tu"].strip() + if tu =="": + tu = 0 + try: + tu = float(tu)/1 # check numeric + except: + tu = 0 seq = 99 # should match the number of entries on this date +1 in the db already # OK this could be done by rendering a template, but for such a small bit of HTML, it is easier to have |