def post(): date = int(time.time()) nick = _un(form.getvalue("nick")) # Stip away all HTML one might have inserted into the message. Should # prevent one from doing nasty things. message = re.sub('<[^<]+?>', '', _un(form.getvalue("message"))) message = bbcode.render_html(message) # Render the BBcode to html # Get the highest ID currently owned by one of the messages in our database # and increase it by one, this will be the ID of our new message. _id = c.execute("SELECT MAX(id) FROM comments;").fetchone()[0] + 1 c.execute(insert, (_id, nick, date, message)) # Flush the changes to disk connection.commit() print "Content-type: text/html; charset=utf-8" print print """ <!DOCTYPE html> <html lang="fi"> <head> <META HTTP-EQUIV="refresh" content="0; URL=%(url)s/comments.html"> </head> """ % {'url': baseurl}
message = re.sub('<[^<]+?>', '', _un(form.getvalue("message"))) message = bbcode.render_html(message) # Render the BBcode to html # Get the highest ID currently owned by one of the messages in our database # and increase it by one, this will be the ID of our new message. _id = c.execute("SELECT MAX(id) FROM comments;").fetchone()[0] + 1 c.execute(insert, (_id, nick, date, message)) # Flush the changes to disk connection.commit() print "Content-type: text/html; charset=utf-8" print print """ <!DOCTYPE html> <html lang="fi"> <head> <META HTTP-EQUIV="refresh" content="0; URL=%(url)s/comments.html"> </head> """ % {'url': baseurl} function = _un(form.getvalue("function")) if (function == "list"): list_comments() if (function == "post"): post() connection.close()