admin_service.py: show article content for the newly added article after clicking the button '保存'.

2023-07-14 08:15:15 +08:00 · 2023-07-14 08:15:15 +08:00 · 18c37d583a
parent 472c0c115f
commit 18c37d583a
2 changed files with 6 additions and 2 deletions
--- a/app/admin_service.py
+++ b/app/admin_service.py
@ -53,7 +53,7 @@ def article():
        )  # 最小的page是1
    except ValueError:
        return "page parmas must be int!"
-    
+
    _articles = get_page_articles(_cur_page, _page_size)
    for article in _articles:   # 获取每篇文章的title
        text = escape(article.text) # Fix XSS vulnerability, contributed by Xu Xuan
@ -74,7 +74,10 @@ def article():
        context["text_list"] = get_page_articles(_cur_page, _page_size)
        _articles = get_page_articles(_cur_page, _page_size)
        for article in _articles:   # 获取每篇文章的title
-            article.title = article.text.split("\n")[0]
+            text = escape(article.text) # Fix XSS vulnerability, contributed by Xu Xuan
            article.title = text.split("\n")[0]
            article.content = '<br/>'.join(text.split("\n")[1:])
        context["text_list"] = _articles
    if request.method == "GET":
@ -85,6 +88,7 @@ def article():
        if delete_id:  # delete article
            delete_article_by_id(delete_id)
            _update_context()
    elif request.method == "POST":
        data = request.form
        content = data.get("content", "")
--- a/app/static/wordfreqapp.db
+++ b/app/static/wordfreqapp.db