external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'html-escape-agenda' into pu

Browse source
This commit is contained in:
Kevin Morris 2022-01-18 09:17:09 -08:00
commit 621f030977
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
1 changed files with 8 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
aurweb/routers/trusted_user.py
View file

@ -1,5 +1,4 @@
import html import html
import re
import typing import typing
from http import HTTPStatus from http import HTTPStatus
@ -291,21 +290,18 @@ async def trusted_user_addvote_post(request: Request,
duration, quorum = ADDVOTE_SPECIFICS.get(type) duration, quorum = ADDVOTE_SPECIFICS.get(type)
timestamp = time.utcnow() timestamp = time.utcnow()
# TODO: Review this. Is this even necessary? # Active TU types we filter for.
# Remove <script> and <style> tags.
agenda = re.sub(r'<[/]?script.*>', '', agenda)
agenda = re.sub(r'<[/]?style.*>', '', agenda)
types = {TRUSTED_USER_ID, TRUSTED_USER_AND_DEV_ID} types = {TRUSTED_USER_ID, TRUSTED_USER_AND_DEV_ID}
# Create a new TUVoteInfo (proposal)!
with db.begin():
active_tus = db.query(User).filter( active_tus = db.query(User).filter(
and_(User.Suspended == 0, and_(User.Suspended == 0,
User.InactivityTS.isnot(None), User.InactivityTS.isnot(None),
User.AccountTypeID.in_(types)) User.AccountTypeID.in_(types))
).count() ).count()
voteinfo = db.create(models.TUVoteInfo, User=user,
# Create a new TUVoteInfo (proposal)! Agenda=html.escape(agenda),
with db.begin():
voteinfo = db.create(models.TUVoteInfo, User=user, Agenda=agenda,
Submitted=timestamp, End=(timestamp + duration), Submitted=timestamp, End=(timestamp + duration),
Quorum=quorum, ActiveTUs=active_tus, Quorum=quorum, ActiveTUs=active_tus,
Submitter=request.user) Submitter=request.user)