From 5253f8ec8f73011c6d5d29f9cfb32adb64cd52ae Mon Sep 17 00:00:00 2001 From: Darks Date: Thu, 24 Sep 2020 23:25:25 +0200 Subject: [PATCH] =?UTF-8?q?post=20edition:=20added=20redirection=20to=20to?= =?UTF-8?q?pic=20(#49)=20Beware=20that=20the=20urlparse=20method=20may=20r?= =?UTF-8?q?eturn=20unsafe=20results=E2=80=A6=20IDK?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/routes/posts/edit.py | 10 +++++++--- app/templates/forum/topic.html | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/app/routes/posts/edit.py b/app/routes/posts/edit.py index 5b3c1b9..8824fb9 100644 --- a/app/routes/posts/edit.py +++ b/app/routes/posts/edit.py @@ -2,13 +2,18 @@ from app import app, db from app.models.post import Post from app.utils.render import render from app.forms.forum import CommentEditForm, AnonymousCommentEditForm -from flask import redirect, url_for, abort +from urllib.parse import urlparse +from flask import redirect, url_for, abort, request from flask_login import login_required, current_user @app.route('/post/', methods=['GET','POST']) # TODO: Allow guest edit of posts @login_required def edit_post(postid): + # TODO: Maybe not safe + referrer = urlparse(request.args.get('r', default = '/', type = str)).path + print(referrer) + p = Post.query.filter_by(id=postid).first_or_404() # TODO: Check whether privileged user has access to board @@ -25,8 +30,7 @@ def edit_post(postid): db.session.add(p) db.session.commit() - # TODO: Proper redirection - return redirect(url_for('index')) + return redirect(referrer) form.message.data = p.text return render('forum/edit_comment.html', comment=p, form=form) diff --git a/app/templates/forum/topic.html b/app/templates/forum/topic.html index 2aacaac..8a4d0f2 100644 --- a/app/templates/forum/topic.html +++ b/app/templates/forum/topic.html @@ -30,7 +30,7 @@ Posté le {{ c.date_created|dyndate }} {% endif %} | # - | Modifier + | Modifier | Supprimer