From da15d163e2dd5ff609666bc7b40f09f67b441c4c Mon Sep 17 00:00:00 2001 From: Ville Rantanen Date: Sun, 30 Jul 2023 10:07:37 +0300 Subject: [PATCH] custom code, fix thread and comment deletions --- forum/db/sqlite.py | 46 +++++++-------------- forum/main.py | 33 +++++++-------- forum/templates/confirm_delete_comment.html | 4 +- forum/templates/confirm_delete_thread.html | 4 +- 4 files changed, 33 insertions(+), 54 deletions(-) diff --git a/forum/db/sqlite.py b/forum/db/sqlite.py index 91d4f66..70a827e 100644 --- a/forum/db/sqlite.py +++ b/forum/db/sqlite.py @@ -7,17 +7,6 @@ class DB: self.conn = conn pass - # ~ def get_config(self): - # ~ return ( - # ~ self._db() - # ~ .execute( - # ~ """ - # ~ select version, name, description, secret_key, captcha_key, registration_enabled, login_required from config - # ~ """ - # ~ ) - # ~ .fetchone() - # ~ ) - def get_forums(self): return self._db().execute( """ @@ -205,6 +194,21 @@ class DB: .fetchone() ) + def get_comment_thread(self, comment_id): + """ Get the thread of a comment """ + return ( + self._db() + .execute( + """ + select thread_id + from comments + where comment_id = ? + """, + (comment_id,), + ) + .fetchone()[0] + ) + def get_subcomments(self, comment_id): db = self._db() thread_id, parent_id, title = db.execute( @@ -628,26 +632,6 @@ class DB: ) db.commit() - # ~ def set_config( - # ~ self, server_name, server_description, registration_enabled, login_required - # ~ ): - # ~ return self.change_one( - # ~ """ - # ~ update config - # ~ set name = ?, description = ?, registration_enabled = ?, login_required = ? - # ~ """, - # ~ (server_name, server_description, registration_enabled, login_required), - # ~ ) - - # ~ def set_config_secrets(self, secret_key, captcha_key): - # ~ return self.change_one( - # ~ """ - # ~ update config - # ~ set secret_key = ?, captcha_key = ? - # ~ """, - # ~ (secret_key, captcha_key), - # ~ ) - def set_user_ban(self, user_id, until): return self.change_one( """ diff --git a/forum/main.py b/forum/main.py index aa8568e..987ee7d 100644 --- a/forum/main.py +++ b/forum/main.py @@ -13,27 +13,13 @@ import captcha, password, minimd app = Flask(__name__) db = DB(os.getenv("DB")) config = Config(os.getenv("CONF")) +custom_code = os.getenv("CUSTOM_PY",'custom.py') # This defaults to None, which allows CSRF attacks in FireFox # and older versions of Chrome. # 'Lax' is sufficient to prevent malicious POST requests. app.config["SESSION_COOKIE_SAMESITE"] = "Lax" app.config["SECRET_KEY"] = config.secret_key -# ~ class Config: -# ~ pass -# ~ config = Config() -# ~ ( -# ~ config.version, -# ~ config.server_name, -# ~ config.server_description, -# ~ app.config["SECRET_KEY"], -# ~ config.captcha_key, -# ~ config.registration_enabled, -# ~ config.login_required -# ~ ) = db.get_config() -# ~ app.config['user_css'] = os.path.exists(os.path.join(app.static_folder, 'user.css')) -# ~ config.threads_per_page = 50 - if config.version != VERSION: print(f"Incompatible version {config.version} (expected {VERSION})") sys.exit(1) @@ -281,6 +267,7 @@ def confirm_delete_thread(thread_id): config=config, user=get_user(), thread_title=title, + thread_id=thread_id ) @@ -289,13 +276,13 @@ def delete_thread(thread_id): user_id = session.get("user_id") if user_id is None: return redirect(url_for("login")) - + forum_id = db.get_thread_forum(thread_id) if db.delete_thread(user_id, thread_id): flash("Thread has been deleted", "success") else: flash("Thread could not be removed", "error") # TODO return 403, maybe? - return redirect(url_for("index")) + return redirect(url_for("forum", forum_id=forum_id)) def _add_comment_check_user(): @@ -346,6 +333,7 @@ def confirm_delete_comment(comment_id): user=get_user(), thread_title=title, text=text, + comment_id=comment_id ) @@ -354,13 +342,13 @@ def delete_comment(comment_id): user_id = session.get("user_id") if user_id is None: return redirect(url_for("login")) - + thread_id = db.get_comment_thread(comment_id) if db.delete_comment(user_id, comment_id): flash("Comment has been deleted", "success") else: flash("Comment could not be removed", "error") # TODO return 403, maybe? - return redirect(url_for("index")) + return redirect(url_for("thread", thread_id = thread_id)) @app.route("/thread//edit/", methods=["GET", "POST"]) @@ -925,3 +913,10 @@ def trim_text(s): Because browsers LOVE \\r, trailing whitespace etc. """ return s.replace("\r", "") + + +#### custom code +if os.path.exists(custom_code): + with open(custom_code, "rb") as source_file: + code = compile(source_file.read(), custom_code, "exec") + exec(code, globals(), locals()) diff --git a/forum/templates/confirm_delete_comment.html b/forum/templates/confirm_delete_comment.html index 7e1c506..e9cb9ef 100644 --- a/forum/templates/confirm_delete_comment.html +++ b/forum/templates/confirm_delete_comment.html @@ -4,10 +4,10 @@

Are you sure you want to delete this comment on "{{ thread_title }}"?

{{ minimd(text) | safe }}

-

+
-
+

diff --git a/forum/templates/confirm_delete_thread.html b/forum/templates/confirm_delete_thread.html index 47f69b3..53fce5e 100644 --- a/forum/templates/confirm_delete_thread.html +++ b/forum/templates/confirm_delete_thread.html @@ -3,10 +3,10 @@ {% block content %}

Are you sure you want to delete "{{ thread_title }}"?

-

+
-
+