|
|
@@ -6,6 +6,7 @@ import difflib
|
|
|
import hashlib
|
|
|
import json
|
|
|
import sqlite3
|
|
|
+import html
|
|
|
|
|
|
try:
|
|
|
json_data = open('set.json').read()
|
|
|
@@ -344,8 +345,7 @@ def recentchanges(name = None, num = 1):
|
|
|
if(not re.search("^(?: *)$", data[4])):
|
|
|
send = data[4]
|
|
|
|
|
|
- title = re.sub('<', '<', data[1])
|
|
|
- title = re.sub('>', '>', title)
|
|
|
+ title = html.escape(data[1])
|
|
|
|
|
|
if(re.search("\+", data[5])):
|
|
|
leng = '<span style="color:green;">' + data[5] + '</span>'
|
|
|
@@ -552,11 +552,8 @@ def recentdiscuss():
|
|
|
curs.execute("select title, sub, date from rd order by date desc limit 50")
|
|
|
rows = curs.fetchall()
|
|
|
for data in rows:
|
|
|
- title = re.sub('<', '<', data[0])
|
|
|
- title = re.sub('>', '>', title)
|
|
|
-
|
|
|
- sub = re.sub('<', '<', data[1])
|
|
|
- sub = re.sub('>', '>', sub)
|
|
|
+ title = html.escape(data[0])
|
|
|
+ sub = html.escape(data[1])
|
|
|
|
|
|
div += '<tr> \
|
|
|
<td> \
|
|
|
@@ -601,8 +598,7 @@ def blocklog(num = 1):
|
|
|
curs.execute("select why, block, blocker, end, today from rb order by today desc limit ?, ?", [str(i), str(v)])
|
|
|
rows = curs.fetchall()
|
|
|
for data in rows:
|
|
|
- why = re.sub('<', '<', data[0])
|
|
|
- why = re.sub('>', '>', why)
|
|
|
+ why = html.escape(data[0])
|
|
|
|
|
|
b = re.search("^([0-9]{1,3}\.[0-9]{1,3})$", data[1])
|
|
|
if(b):
|
|
|
@@ -848,8 +844,7 @@ def raw_view(name = None, num = None):
|
|
|
|
|
|
rows = curs.fetchall()
|
|
|
if(rows):
|
|
|
- enddata = re.sub('<', '<', rows[0][0])
|
|
|
- enddata = re.sub('>', '>', enddata)
|
|
|
+ enddata = html.escape(rows[0][0])
|
|
|
|
|
|
enddata = '<textarea style="height: 80%;">' + enddata + '</textarea>'
|
|
|
|
|
|
@@ -2359,11 +2354,8 @@ def diff_data(name = None, a = None, b = None):
|
|
|
curs.execute("select data from history where id = ? and title = ?", [str(b), name])
|
|
|
b_raw_data = curs.fetchall()
|
|
|
if(b_raw_data):
|
|
|
- a_data = re.sub('<', '<', a_raw_data[0][0])
|
|
|
- a_data = re.sub('>', '>', a_data)
|
|
|
-
|
|
|
- b_data = re.sub('<', '<', b_raw_data[0][0])
|
|
|
- b_data = re.sub('>', '>', b_data)
|
|
|
+ a_data = html.escape(a_raw_data[0][0])
|
|
|
+ b_data = html.escape(b_raw_data[0][0])
|
|
|
|
|
|
diff_data = difflib.SequenceMatcher(None, a_data, b_data)
|
|
|
result = diff(diff_data)
|
|
|
@@ -2545,11 +2537,8 @@ def user_topic_list(name = None, num = 1):
|
|
|
rows = curs.fetchall()
|
|
|
if(rows):
|
|
|
for data in rows:
|
|
|
- title = re.sub('<', '<', data[0])
|
|
|
- title = re.sub('>', '>', title)
|
|
|
-
|
|
|
- sub = re.sub('<', '<', data[2])
|
|
|
- sub = re.sub('>', '>', sub)
|
|
|
+ title = html.escape(data[0])
|
|
|
+ sub = html.escape(data[2])
|
|
|
|
|
|
if(ydmin == 1):
|
|
|
curs.execute("select * from ban where block = ?", [data[3]])
|
2DU