def details(product_id=None, msg=None):
product_id = product_id or request.args.get('id')
if not product_id:
return redirect(url_for('catalogue'))
product = DB.get_product(product_id)
rows = DB.get_comments(product_id)
comments = list()
for row in rows:
comment = dict()
comment['name'] = ' '.join(row[:2])
comment['text'] = row[2]
comment['date'], comment['time'] = row[3].split()
comment['time'] = comment['time'].split('.')[0]
comments.append(comment)
r = make_response(
render_template('details.html',
message=msg,
product=product,
comments=comments)
)
r.headers.set('X-XSS-Protection', '0')
return r
