From 255b10fbe4b0c688828d510868017565af50b57f Mon Sep 17 00:00:00 2001 From: Christian Heller <c.heller@plomlompom.de> Date: Sun, 29 Oct 2023 04:05:36 +0100 Subject: [PATCH] Improve ledger.py. --- ledger.py | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/ledger.py b/ledger.py index 2a9a89c..27675da 100755 --- a/ledger.py +++ b/ledger.py @@ -336,7 +336,6 @@ class Database: f.close() total_lines = self.real_lines[:start] + lines + self.real_lines[end:] text = '\n'.join(total_lines) - # text = '\n'.join(self.real_lines[:start]) + '\n'.join(lines) + '\n'.join(self.real_lines[end:]) with open(self.db_file, 'w') as f: f.write(text); os.remove(self.lock_file) @@ -413,7 +412,6 @@ input[type=number] { text-align: right; font-family: monospace; } lines += add_taxes(lines) elif '/add_free' == parsed_url.path: lines = postvars['booking'][0].splitlines() - lines += [''] # to ensure Booking-ending last line start = int(postvars['start'][0]) end = int(postvars['end'][0]) try: @@ -490,9 +488,9 @@ input[type=number] { text-align: right; font-family: monospace; } return f"<pre>{content}</pre>" def ledger_as_html(self, db): - single_c_tmpl = jinja2.Template('<span class="comment">{{c}}</span><br />') + single_c_tmpl = jinja2.Template('<span class="comment">{{c|e}}</span><br />') booking_tmpl = jinja2.Template(""" -<p>{{date}} {{desc}} <span class="comment">{{head_comment}}</span> +<p>{{date}} {{desc}} <span class="comment">{{head_comment|e}}</span> [edit: <a href="/add_structured?start={{start}}&end={{end}}">structured</a> / <a href="/add_free?start={{start}}&end={{end}}">free</a> | copy:<a href="/copy_structured?start={{start}}&end={{end}}">structured</a> @@ -500,9 +498,9 @@ input[type=number] { text-align: right; font-family: monospace; } <table> {% for l in booking_lines %} {% if l.acc %} -<tr><td>{{l.acc}}</td><td class="money">{{l.money}}</td><td class="comment">{{l.comment}}</td></tr> +<tr><td>{{l.acc|e}}</td><td class="money">{{l.money|e}}</td><td class="comment">{{l.comment|e}}</td></tr> {% else %} -<tr><td><div class="comment full_line_comment">{{l.comment}}</div></td></tr> +<tr><td><div class="comment full_line_comment">{{l.comment|e}}</div></td></tr> {% endif %} {% endfor %} </table></p> @@ -553,21 +551,21 @@ input[type=number] { text-align: right; font-family: monospace; } def add_structured(self, db, start=0, end=0, copy=False, temp_lines=[], add_empty_line=None): tmpl = jinja2.Template(""" -<form method="POST" action="{{action}}"> +<form method="POST" action="{{action|e}}"> <input type="submit" name="check" value="check" /> <input type="submit" name="revert" value="revert" /> <input type="submit" name="add_taxes" value="add taxes" /> <br /> -<input name="date" value="{{date}}" size=9 /> -<input name="description" value="{{desc}}" list="descriptions" /> -<textarea name="line_0_comment" rows=1 cols=20>{{head_comment}}</textarea> +<input name="date" value="{{date|e}}" size=9 /> +<input name="description" value="{{desc|e}}" list="descriptions" /> +<textarea name="line_0_comment" rows=1 cols=20>{{head_comment|e}}</textarea> <input type="submit" name="line_0_add" value="[+]" /> <br /> {% for line in booking_lines %} -<input name="line_{{line.i}}_account" value="{{line.acc}}" size=40 list="accounts" /> +<input name="line_{{line.i}}_account" value="{{line.acc|e}}" size=40 list="accounts" /> <input type="number" name="line_{{line.i}}_amount" value="{{line.amt}}" size=10 /> -<input name="line_{{line.i}}_currency" value="{{line.curr}}" size=3 list="currencies" /> -<textarea name="line_{{line.i}}_comment" rows=1 cols={% if line.comm_cols %}{{line.comm_cols}}{% else %}20{% endif %}>{{line.comment}}</textarea> +<input name="line_{{line.i}}_currency" value="{{line.curr|e}}" size=3 list="currencies" /> +<textarea name="line_{{line.i}}_comment" rows=1 cols={% if line.comm_cols %}{{line.comm_cols}}{% else %}20{% endif %}>{{line.comment|e}}</textarea> <input type="submit" name="line_{{line.i}}_delete" value="[x]" /> <input type="submit" name="line_{{line.i}}_add" value="[+]" /> <br /> @@ -575,7 +573,7 @@ input[type=number] { text-align: right; font-family: monospace; } {% for name, items in datalist_sets.items() %} <datalist id="{{name}}"> {% for item in items %} - <option value="{{item}}">{{item}}</option> + <option value="{{item|e}}">{{item|e}}</option> {% endfor %} </datalist> {% endfor %} -- 2.30.2