diff --git a/smash/templates/latest.html b/smash/templates/latest.html index 579ef15..eb15d24 100644 --- a/smash/templates/latest.html +++ b/smash/templates/latest.html @@ -3,7 +3,7 @@ {% if quotes %} {% for quote in quotes %} -#{{ quote.id }} +#{{ quote.id }} + ({{quote.rating}}) -

{{ quote.content|safe }}

@@ -13,7 +13,7 @@ Tags: {% for tag in quote.tags %} - {{tag.name}} + {{tag.name}} {% endfor %}
diff --git a/smash/views.py b/smash/views.py index 51fb1fd..b181a82 100644 --- a/smash/views.py +++ b/smash/views.py @@ -48,38 +48,24 @@ def login_page(): @app.route('/latest') def latest(): - quotes = reversed(db.select("quotes", "id, rating, content", "approved")) - quotes = [(q[0], q[1], unicode(Markup.escape(q[2])).replace('\n', '
')) for q in quotes] - - quotes_tags = [] + quotes = Quote.query.filter_by(approved=True).order_by(Quote.id.desc()).all() + # Replace line breaks with html breaks and escape special characters for quote in quotes: - tags = db.select("tagsToQuotes", "tagid", "quoteid='{}'".format(quote[0])) - tags_str = [] - for tag in tags: - tags_str.append(db.select("tags", "name", "id='{}'".format(tag[0]))[0][0]) - - quotes_tags.append( - ( - quote[0], - quote[1], - quote[2], - tags_str - ) - ) + quote.content = str(Markup.escape(quote.content)).replace('\n', '
') return render_template( "latest.html", appname=conf.config['APPNAME'], appbrand=conf.config['APPBRAND'], title="Latest", - quotes=quotes_tags + quotes=quotes ) @app.route('/quote/') def quote(id): - quote = Quote.query.filter_by(id=id).first() + quote = Quote.query.filter_by(id=id, approved=True).first() if quote is None: return render_template( @@ -88,6 +74,7 @@ def quote(id): message="No such quote." ) else: + quote.content = str(Markup.escape(quote.content)).replace('\n', '
') return render_template( "latest.html", appname=conf.config['APPNAME'],