f.close()
total_lines = self.real_lines[:start] + lines + self.real_lines[end:]
text = '\n'.join(total_lines)
- # text = '\n'.join(self.real_lines[:start]) + '\n'.join(lines) + '\n'.join(self.real_lines[end:])
with open(self.db_file, 'w') as f:
f.write(text);
os.remove(self.lock_file)
lines += add_taxes(lines)
elif '/add_free' == parsed_url.path:
lines = postvars['booking'][0].splitlines()
- lines += [''] # to ensure Booking-ending last line
start = int(postvars['start'][0])
end = int(postvars['end'][0])
try:
return f"<pre>{content}</pre>"
def ledger_as_html(self, db):
- single_c_tmpl = jinja2.Template('<span class="comment">{{c}}</span><br />')
+ single_c_tmpl = jinja2.Template('<span class="comment">{{c|e}}</span><br />')
booking_tmpl = jinja2.Template("""
-<p>{{date}} {{desc}} <span class="comment">{{head_comment}}</span>
+<p>{{date}} {{desc}} <span class="comment">{{head_comment|e}}</span>
[edit: <a href="/add_structured?start={{start}}&end={{end}}">structured</a>
/ <a href="/add_free?start={{start}}&end={{end}}">free</a>
| copy:<a href="/copy_structured?start={{start}}&end={{end}}">structured</a>
<table>
{% for l in booking_lines %}
{% if l.acc %}
-<tr><td>{{l.acc}}</td><td class="money">{{l.money}}</td><td class="comment">{{l.comment}}</td></tr>
+<tr><td>{{l.acc|e}}</td><td class="money">{{l.money|e}}</td><td class="comment">{{l.comment|e}}</td></tr>
{% else %}
-<tr><td><div class="comment full_line_comment">{{l.comment}}</div></td></tr>
+<tr><td><div class="comment full_line_comment">{{l.comment|e}}</div></td></tr>
{% endif %}
{% endfor %}
</table></p>
def add_structured(self, db, start=0, end=0, copy=False, temp_lines=[], add_empty_line=None):
tmpl = jinja2.Template("""
-<form method="POST" action="{{action}}">
+<form method="POST" action="{{action|e}}">
<input type="submit" name="check" value="check" />
<input type="submit" name="revert" value="revert" />
<input type="submit" name="add_taxes" value="add taxes" />
<br />
-<input name="date" value="{{date}}" size=9 />
-<input name="description" value="{{desc}}" list="descriptions" />
-<textarea name="line_0_comment" rows=1 cols=20>{{head_comment}}</textarea>
+<input name="date" value="{{date|e}}" size=9 />
+<input name="description" value="{{desc|e}}" list="descriptions" />
+<textarea name="line_0_comment" rows=1 cols=20>{{head_comment|e}}</textarea>
<input type="submit" name="line_0_add" value="[+]" />
<br />
{% for line in booking_lines %}
-<input name="line_{{line.i}}_account" value="{{line.acc}}" size=40 list="accounts" />
+<input name="line_{{line.i}}_account" value="{{line.acc|e}}" size=40 list="accounts" />
<input type="number" name="line_{{line.i}}_amount" value="{{line.amt}}" size=10 />
-<input name="line_{{line.i}}_currency" value="{{line.curr}}" size=3 list="currencies" />
-<textarea name="line_{{line.i}}_comment" rows=1 cols={% if line.comm_cols %}{{line.comm_cols}}{% else %}20{% endif %}>{{line.comment}}</textarea>
+<input name="line_{{line.i}}_currency" value="{{line.curr|e}}" size=3 list="currencies" />
+<textarea name="line_{{line.i}}_comment" rows=1 cols={% if line.comm_cols %}{{line.comm_cols}}{% else %}20{% endif %}>{{line.comment|e}}</textarea>
<input type="submit" name="line_{{line.i}}_delete" value="[x]" />
<input type="submit" name="line_{{line.i}}_add" value="[+]" />
<br />
{% for name, items in datalist_sets.items() %}
<datalist id="{{name}}">
{% for item in items %}
- <option value="{{item}}">{{item}}</option>
+ <option value="{{item|e}}">{{item|e}}</option>
{% endfor %}
</datalist>
{% endfor %}
projects / misc / commitdiff