fix-vuln #101

Closed
xuxuan wants to merge 3 commits from fix-vuln into master
7 changed files with 14 additions and 12 deletions

2
.gitignore vendored
View File

@ -7,7 +7,7 @@ app/static/usr/*.jpg
app/static/img/ app/static/img/
app/static/frequency/frequency_*.pickle app/static/frequency/frequency_*.pickle
app/static/frequency/frequency.p app/static/frequency/frequency.p
app/static/wordfreqapp.db app/wordfreqapp.db
app/static/donate-the-author.jpg app/static/donate-the-author.jpg
app/static/donate-the-author-hidden.jpg app/static/donate-the-author-hidden.jpg
app/model/__pycache__/ app/model/__pycache__/

4
Jenkinsfile vendored
View File

@ -10,8 +10,8 @@ pipeline {
stages { stages {
stage('MakeDatabasefile') { stage('MakeDatabasefile') {
steps { steps {
sh 'touch ./app/static/wordfreqapp.db && rm -f ./app/static/wordfreqapp.db' sh 'touch ./app/wordfreqapp.db && rm -f ./app/wordfreqapp.db'
sh 'cat ./app/static/wordfreqapp.sql | sqlite3 ./app/static/wordfreqapp.db' sh 'cat ./app/static/wordfreqapp.sql | sqlite3 ./app/wordfreqapp.db'
} }
} }
stage('BuildIt') { stage('BuildIt') {

View File

@ -61,15 +61,15 @@ My steps for deploying English on a Ubuntu server.
All articles are stored in the `article` table in a SQLite file called All articles are stored in the `article` table in a SQLite file called
`app/static/wordfreqapp.db`. `app/wordfreqapp.db`.
### Adding new articles ### Adding new articles
To add articles, open and edit `app/static/wordfreqapp.db` using DB Browser for SQLite (https://sqlitebrowser.org). To add articles, open and edit `app/wordfreqapp.db` using DB Browser for SQLite (https://sqlitebrowser.org).
### Extending an account's expiry date ### Extending an account's expiry date
By default, an account's expiry is 30 days after first sign-up. To extend account's expiry date, open and edit `user` table in `app/static/wordfreqapp.db`. Simply update field `expiry_date`. By default, an account's expiry is 30 days after first sign-up. To extend account's expiry date, open and edit `user` table in `app/wordfreqapp.db`. Simply update field `expiry_date`.
### Exporting the database ### Exporting the database

View File

@ -15,7 +15,7 @@ path_prefix = './' # comment this line in deployment
def total_number_of_essays(): def total_number_of_essays():
rq = RecordQuery(path_prefix + 'static/wordfreqapp.db') rq = RecordQuery(path_prefix + 'wordfreqapp.db')
rq.instructions("SELECT * FROM article") rq.instructions("SELECT * FROM article")
rq.do() rq.do()
result = rq.get_results() result = rq.get_results()
@ -33,7 +33,7 @@ def get_article_body(s):
def get_today_article(user_word_list, visited_articles): def get_today_article(user_word_list, visited_articles):
rq = RecordQuery(path_prefix + 'static/wordfreqapp.db') rq = RecordQuery(path_prefix + 'wordfreqapp.db')
if visited_articles is None: if visited_articles is None:
visited_articles = { visited_articles = {
"index" : 0, # 为 article_ids 的索引 "index" : 0, # 为 article_ids 的索引

View File

@ -56,6 +56,7 @@ def article():
_articles = get_page_articles(_cur_page, _page_size) _articles = get_page_articles(_cur_page, _page_size)
for article in _articles: # 获取每篇文章的title for article in _articles: # 获取每篇文章的title
article = escape(article)
article.title = article.text.split("\n")[0] article.title = article.text.split("\n")[0]
article.content = '<br/>'.join(article.text.split("\n")[1:]) article.content = '<br/>'.join(article.text.split("\n")[1:])

View File

@ -5,15 +5,17 @@
# Copyright 2019 (C) Hui Lan <hui.lan@cantab.net> # Copyright 2019 (C) Hui Lan <hui.lan@cantab.net>
# Written permission must be obtained from the author for commercial uses. # Written permission must be obtained from the author for commercial uses.
########################################################################### ###########################################################################
from flask import escape from flask import escape, abort
from Login import * from Login import *
from Article import * from Article import *
import Yaml import Yaml
from user_service import userService from user_service import userService
from account_service import accountService from account_service import accountService
from admin_service import adminService, ADMIN_NAME from admin_service import adminService, ADMIN_NAME
import os
app = Flask(__name__) app = Flask(__name__)
app.secret_key = 'lunch.time!' app.secret_key = os.urandom(32)
# 将蓝图注册到Lab app # 将蓝图注册到Lab app
app.register_blueprint(userService) app.register_blueprint(userService)
@ -54,7 +56,6 @@ def appears_in_test(word, d):
else: else:
return ','.join(d[word]) return ','.join(d[word])
@app.route("/mark", methods=['GET', 'POST']) @app.route("/mark", methods=['GET', 'POST'])
def mark_word(): def mark_word():
''' '''

View File

@ -1,7 +1,7 @@
from pony.orm import * from pony.orm import *
db = Database() db = Database()
db.bind("sqlite", "../static/wordfreqapp.db", create_db=True) # bind sqlite file db.bind("sqlite", "../wordfreqapp.db", create_db=True) # bind sqlite file
class User(db.Entity): class User(db.Entity):