forked from crunk/distribusi-verse
sanitized css files using bleach
This commit is contained in:
parent
ce726fb6b3
commit
d5369bc142
@ -5,7 +5,6 @@ black==21.11b1
|
||||
blinker==1.4
|
||||
cffi==1.15.0
|
||||
click==8.0.3
|
||||
-e git+https://git.vvvvvvaria.org/crunk/distribusi-verse.git@1a50898d216ae95c3eb9c144bb7ec678e638daa6#egg=distribusi
|
||||
dnspython==2.1.0
|
||||
email-validator==1.1.3
|
||||
Flask==2.0.2
|
||||
@ -40,3 +39,4 @@ tomli==1.2.2
|
||||
typing-extensions==4.0.1
|
||||
Werkzeug==2.0.2
|
||||
WTForms==3.0.0
|
||||
-e git+https://git.vvvvvvaria.org/crunk/distribusi-verse.git@1a50898d216ae95c3eb9c144bb7ec678e638daa6#egg=distribusi
|
||||
|
3
setup.py
Normal file
3
setup.py
Normal file
@ -0,0 +1,3 @@
|
||||
from setuptools import setup, find_packages
|
||||
|
||||
setup(name='library', version='1.0', packages=find_packages())
|
3
src/.gitignore
vendored
Normal file
3
src/.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
*
|
||||
*/
|
||||
!.gitignore
|
@ -1,5 +1,7 @@
|
||||
import os
|
||||
from flask import render_template
|
||||
import bleach
|
||||
from werkzeug.utils import secure_filename
|
||||
from sqlalchemy.exc import (
|
||||
DataError,
|
||||
DatabaseError,
|
||||
@ -54,16 +56,22 @@ def SaveUploadCssFile(editorform, newcssfolder):
|
||||
if not os.path.exists(newcssfolder):
|
||||
os.mkdir(newcssfolder)
|
||||
cssfile = editorform.cssfile.data
|
||||
cssfile.save(os.path.join(newcssfolder, editorform.cssname.data))
|
||||
cssfilename = f"{secure_filename(editorform.cssname.data)}.css"
|
||||
cssfile.save(os.path.join(newcssfolder, cssfilename))
|
||||
openfile = open(os.path.join(newcssfolder, cssfilename), 'r+')
|
||||
cleancss = bleach.clean(openfile.read())
|
||||
openfile.write(cleancss)
|
||||
openfile.close
|
||||
|
||||
|
||||
def WriteCssToFile(editorform, newcssfolder):
|
||||
if not os.path.exists(newcssfolder):
|
||||
os.mkdir(newcssfolder)
|
||||
|
||||
cssfilename = "{}.css".format(editorform.cssname.data)
|
||||
cssfilename = f"{secure_filename(editorform.cssname.data)}.css"
|
||||
cleancss = bleach.clean(editorform.css.data)
|
||||
with open(os.path.join(newcssfolder, cssfilename), "w") as cssfile:
|
||||
cssfile.write(editorform.css.data)
|
||||
cssfile.write(cleancss)
|
||||
cssfile.close
|
||||
|
||||
|
||||
@ -72,7 +80,7 @@ def MakePublicTheme(editorform, current_distribusi):
|
||||
distribusi = Distribusis.query.filter_by(
|
||||
distribusiname=current_distribusi
|
||||
).first()
|
||||
distribusi.publictheme = editorform.cssname.data
|
||||
distribusi.publictheme = secure_filename(editorform.cssname.data)
|
||||
db.session.commit()
|
||||
|
||||
except InvalidRequestError:
|
||||
|
@ -25,7 +25,7 @@ class EditorForm(FlaskForm):
|
||||
FileAllowed(["css"], "css files only!"),
|
||||
FileSize(
|
||||
max_size=10485760,
|
||||
message="Zipfile size must be smaller than 100MB",
|
||||
message="css file size must be smaller than 10MB",
|
||||
),
|
||||
],
|
||||
)
|
||||
|
@ -73,6 +73,7 @@ def UploadUpdatedFiles(uploadfolder):
|
||||
distribusi.course = uploadform.course.data
|
||||
distribusi.year = uploadform.academicyear.data
|
||||
distribusi.tags = uploadform.tags.data
|
||||
distribusi.visible = False
|
||||
db.session.commit()
|
||||
except (InvalidRequestError, DataError, InterfaceError, DatabaseError):
|
||||
db.session.rollback()
|
||||
|
Loading…
Reference in New Issue
Block a user