def callback(): """ 修改记录 """ # 检查用户权限 _common_logic.check_user_power() front_cover_img = web_helper.get_form('front_cover_img', '图片') content = web_helper.get_form('content', '内容', is_check_special_char=False) # 防sql注入攻击处理 content = string_helper.filter_str(content, "'") # 防xss攻击处理 content = string_helper.clear_xss(content) fields = { 'front_cover_img': string(front_cover_img), 'content': string(content), } # 更新记录 _infomation_logic = infomation_logic.InfomationLogic() result = _infomation_logic.edit_model(1, fields) if result: return web_helper.return_msg(0, '成功') else: return web_helper.return_msg(-1, "提交失败")
def callback(id): """ 修改记录 """ name = web_helper.get_form('name', '产品名称') code = web_helper.get_form('code', '产品编码') product_class_id = convert_helper.to_int0(web_helper.get_form('product_class_id', '产品分类')) standard = web_helper.get_form('standard', '产品规格') quality_guarantee_period = web_helper.get_form('quality_guarantee_period', '保质期') place_of_origin = web_helper.get_form('place_of_origin', '产地') front_cover_img = web_helper.get_form('front_cover_img', '封面图片') content = web_helper.get_form('content', '产品描述', is_check_special_char=False) # 防sql注入攻击处理 content = string_helper.filter_str(content, "'") # 防xss攻击处理 content = string_helper.clear_xss(content) is_enable = convert_helper.to_int0(web_helper.get_form('is_enable', '是否启用')) # 编辑记录 sql = """ update product set name=%s, code=%s, product_class_id=%s, standard=%s, quality_guarantee_period=%s, place_of_origin=%s, front_cover_img=%s, content=%s, is_enable=%s where id=%s returning id""" vars = (name, code, product_class_id, standard, quality_guarantee_period, place_of_origin, front_cover_img, content, is_enable, id) # 写入数据库 result = db_helper.write(sql, vars) # 判断是否提交成功 if result and result[0].get('id'): return web_helper.return_msg(0, '成功') else: return web_helper.return_msg(-1, "提交失败")
def callback(): """ 新增记录 """ name = web_helper.get_form('name', '产品名称') code = web_helper.get_form('code', '产品编码') product_class_id = convert_helper.to_int0(web_helper.get_form('product_class_id', '产品分类')) standard = web_helper.get_form('standard', '产品规格') quality_guarantee_period = web_helper.get_form('quality_guarantee_period', '保质期') place_of_origin = web_helper.get_form('place_of_origin', '产地') front_cover_img = web_helper.get_form('front_cover_img', '封面图片') content = web_helper.get_form('content', '产品描述', is_check_special_char=False) # 防sql注入攻击处理 content = string_helper.filter_str(content, "'") # 防xss攻击处理 content = string_helper.clear_xss(content) is_enable = convert_helper.to_int0(web_helper.get_form('is_enable', '是否启用')) # 添加记录(使用returning这个函数能返回指定的字段值,这里要求返回新添加记录的自增id值) sql = """insert into product (name, code, product_class_id, standard, quality_guarantee_period, place_of_origin, front_cover_img, content, is_enable) values (%s, %s, %s, %s, %s, %s, %s, %s, %s) returning id""" vars = (name, code, product_class_id, standard, quality_guarantee_period, place_of_origin, front_cover_img, content, is_enable) # 写入数据库 result = db_helper.write(sql, vars) # 判断是否提交成功 if result and result[0].get('id'): return web_helper.return_msg(0, '成功') else: return web_helper.return_msg(-1, "提交失败")
def callback(): """ 新增记录 """ # 检查用户权限 _common_logic.check_user_power() name = web_helper.get_form('name', '产品名称') code = web_helper.get_form('code', '产品编码') product_class_id = convert_helper.to_int0( web_helper.get_form('product_class_id', '产品分类')) standard = web_helper.get_form('standard', '产品规格') quality_guarantee_period = web_helper.get_form('quality_guarantee_period', '保质期') place_of_origin = web_helper.get_form('place_of_origin', '产地') front_cover_img = web_helper.get_form('front_cover_img', '封面图片') content = web_helper.get_form('content', '产品描述', is_check_special_char=False) # 防sql注入攻击处理 content = string_helper.filter_str(content, "'") # 防xss攻击处理 content = string_helper.clear_xss(content) is_enable = convert_helper.to_int0(web_helper.get_form( 'is_enable', '是否启用')) # 设置新增参数 fields = { 'name': string(name), 'code': string(code), 'product_class_id': product_class_id, 'standard': string(standard), 'quality_guarantee_period': string(quality_guarantee_period), 'place_of_origin': string(place_of_origin), 'front_cover_img': string(front_cover_img), 'content': string(content), 'is_enable': is_enable, } # 实例化product表操作类ProductLogic _product_logic = product_logic.ProductLogic() # 新增记录 result = _product_logic.add_model(fields) # 判断是否提交成功 if result: return web_helper.return_msg(0, '成功') else: return web_helper.return_msg(-1, "提交失败")
def callback(): """ 修改记录 """ content = web_helper.get_form('content', '内容', is_check_special_char=False) # 防sql注入攻击处理 content = string_helper.filter_str(content, "'") # 防xss攻击处理 content = string_helper.clear_xss(content) # 更新记录 sql = """update infomation set content=%s where id=2 returning id""" vars = (content, ) # 写入数据库 result = db_helper.write(sql, vars) if result and result[0].get('id'): return web_helper.return_msg(0, '成功') else: return web_helper.return_msg(-1, "提交失败")
def callback(): """ 修改记录 """ front_cover_img = web_helper.get_form('front_cover_img', '图片') content = web_helper.get_form('content', '内容', is_check_special_char=False) # 防sql注入攻击处理 content = string_helper.filter_str(content, "'") # 防xss攻击处理 content = string_helper.clear_xss(content) # 更新记录 sql = """update infomation set front_cover_img=%s, content=%s where id=1""" vars = ( front_cover_img, content, ) # 写入数据库 db_helper.write(sql, vars) # 直接输出json return web_helper.return_msg(0, '成功')
def callback1(): """ 修改记录 """ front_cover_img = web_helper.get_form('front_cover_img', '图片') content = web_helper.get_form('content', '内容', is_check_special_char=False) # 防sql注入攻击处理 content = string_helper.filter_str(content, "'") # 防xss攻击处理 content = string_helper.clear_xss(content) # 更新记录 sql = """update infomation set front_cover_img=%s, content=%s where id=1""" vars = ( front_cover_img, content, ) # 写入数据库 with db_helper.PgHelper(db_config.DB, db_config.IS_OUTPUT_SQL) as db: db.execute(sql, vars) db.commit() # 直接输出json return web_helper.return_msg(0, '成功')
def test_clear_xss(self): print('-----test_clear_xss------') print( string_helper.clear_xss( '<script src="javascript:alert(1);">abc</script>')) print( string_helper.clear_xss( '<iframe src="javascript:alert(1);">abc</iframe>')) print( string_helper.clear_xss( '<div style="width:0;height:0;background:url(javascript:document.body.onload = function(){alert(/XSS/);};">div</div>' )) print( string_helper.clear_xss( '<img src = "#"/**/onerror = alert(/XSS/)>')) print( string_helper.clear_xss('<img src = j ava script:al er t(/XSS/)>')) print( string_helper.clear_xss("""<img src = j ava script :a ler t(/xss/)>""")) print( string_helper.clear_xss( '<img src="javacript:alert(\'abc\')"></img>')) print( string_helper.clear_xss( '<img src="https://www.baidu.com/img/baidu_jgylogo3.gif"></img>' )) print(string_helper.clear_xss('<p src="javascript:alert(1);">abc</p>')) print( string_helper.clear_xss( """<input type="text" value="琅琊榜" onclick="javascript:alert('handsome boy')">""" )) print( string_helper.clear_xss( '<p onclick="javascript:alert("handsome boy")>abc</p>')) print( string_helper.clear_xss('<a href="javascript:alert(1);">abc</a>')) print(string_helper.clear_xss('<a href="/api/">abc</a>')) print( string_helper.clear_xss('<a href="http://www.baidu.com">abc</a>')) print( string_helper.clear_xss( '<marquee onstart="alert(/XSS/)">文字</marquee>')) print( string_helper.clear_xss( '<div style="" onmouseenter="alert(/XSS/)">文字</div>')) print( string_helper.clear_xss( '<li style = "TEST:e-xpression(alert(/XSS/))"></li>')) print( string_helper.clear_xss( '<input id = 1 type = "text" value="" <script>alert(/XSS/)</script>"/>' )) print( string_helper.clear_xss( '<base href="http://www.labsecurity.org"/>')) print( string_helper.clear_xss( '<div id="x">alert%28document.cookie%29%3B</div>')) print( string_helper.clear_xss( '<limited_xss_point>eval(unescape(x.innerHTML));</limited_xss_point>' ))