diff --git a/smash/templates/latest.html b/smash/templates/latest.html index f250858..4bba16b 100644 --- a/smash/templates/latest.html +++ b/smash/templates/latest.html @@ -6,8 +6,19 @@ #{{ quote[0] }} + ({{quote[1]}}) -
- {{ quote[2]|safe }}


+

{{ quote[2]|safe }}

+ +
+ + Tags: + {% for tag in quote[3] %} + {{tag}} + {% endfor %} + +
+ +

{% endfor %} {% endif %} diff --git a/smash/views.py b/smash/views.py index a190641..34145db 100644 --- a/smash/views.py +++ b/smash/views.py @@ -1,8 +1,11 @@ import datetime -from flask import render_template +import logging +from flask import render_template, Markup from smash import app, conf, db +logger = logging.getLogger(__name__) + @app.route('/') def index(): @@ -27,7 +30,7 @@ def index(): @app.route('/latest') def latest(): quotes = reversed(db.select("quotes", "id, rating, content")) - quotes = [(q[0], q[1], q[2].replace('<', '<').replace('>', '>').replace('\n', '
')) for q in quotes] + quotes = [(q[0], q[1], bytes(Markup.escape(q[2]), 'utf-8').decode('utf-8').replace('\n', '
')) for q in quotes] return render_template( "latest.html", @@ -44,11 +47,18 @@ def quote(id): if len(quote)<1: return "No such quote." else: + + tags = db.select("tagsToQuotes", "tagid", "quoteid='{}'".format(quote[0][0])) + tags_str = [] + for tag in tags: + tags_str.append(db.select("tags", "name", "id='{}'".format(tag[0]))[0][0]) + quote = [ ( quote[0][0], quote[0][1], - quote[0][2],replace('<', '<').replace('>', '>').replace('\n', '
') + bytes(Markup.escape(quote[0][2]), 'utf-8').decode('utf-8').replace('\n', '
'), + tags_str ) ] return render_template( @@ -72,4 +82,7 @@ def tags(): @app.route('/search', methods=['POST']) def search(): - pass + if request.method == 'POST': + return 'success' + else: + return 'Invalid request.'