2
0
mirror of https://expo.survex.com/repositories/troggle/.git synced 2024-11-25 08:41:51 +00:00

some input validation

This commit is contained in:
Philip Sargent 2023-08-08 19:23:55 +03:00
parent c2ae586e5b
commit 741754e676

View File

@ -71,13 +71,23 @@ def logbookedit(request, year=None):
return render(request, "errors/generic.html", {"message": message})
else:
# validation all to be done yet..
date = request.POST["date"] # check valid and this year
author = request.POST["author"] # check against personexpedition
others = request.POST["others"] # check each against personexpedition
place = request.POST["place"] # no hyphens !
title = request.POST["title"]
entry = request.POST["text"] # replace 2 \n or <p> with <br><br>
tu = request.POST["tu"] # check numeric
date = request.POST["date"].strip() # check valid and this year
author = request.POST["author"].strip() # check against personexpedition
others = request.POST["others"].strip() # check each against personexpedition
place = request.POST["place"].strip().replace('-','=') # no hyphens !
title = request.POST["title"].strip()
entry = request.POST["text"].strip() # get rid of trailing spaces
entry = entry.replace('\r','') # remove HTML-standard CR inserted
entry = entry.replace('\n\n','\n<br /><br />\n') # replace 2 \n with <br><br>
entry = entry.replace('<p','<br /><br') # replace <p> tag, even if it has attributes, with <br><br>
entry = entry.replace('<br>','<br />') # clean up previous hack
tu = request.POST["tu"].strip()
if tu =="":
tu = 0
try:
tu = float(tu)/1 # check numeric
except:
tu = 0
seq = 99 # should match the number of entries on this date +1 in the db already
# OK this could be done by rendering a template, but for such a small bit of HTML, it is easier to have