def post():
date = int(time.time())
nick = _un(form.getvalue("nick"))
# Stip away all HTML one might have inserted into the message. Should
# prevent one from doing nasty things.
message = re.sub('<[^<]+?>', '', _un(form.getvalue("message")))
message = bbcode.render_html(message) # Render the BBcode to html
# Get the highest ID currently owned by one of the messages in our database
# and increase it by one, this will be the ID of our new message.
_id = c.execute("SELECT MAX(id) FROM comments;").fetchone()[0] + 1
c.execute(insert, (_id, nick, date, message))
# Flush the changes to disk
connection.commit()
print "Content-type: text/html; charset=utf-8"
print
print """
<!DOCTYPE html>
<html lang="fi">
<head>
<META HTTP-EQUIV="refresh"
content="0; URL=%(url)s/comments.html">
</head>
""" % {'url': baseurl}
message = re.sub('<[^<]+?>', '', _un(form.getvalue("message")))
message = bbcode.render_html(message) # Render the BBcode to html
# Get the highest ID currently owned by one of the messages in our database
# and increase it by one, this will be the ID of our new message.
_id = c.execute("SELECT MAX(id) FROM comments;").fetchone()[0] + 1
c.execute(insert, (_id, nick, date, message))
# Flush the changes to disk
connection.commit()
print "Content-type: text/html; charset=utf-8"
print
print """
<!DOCTYPE html>
<html lang="fi">
<head>
<META HTTP-EQUIV="refresh"
content="0; URL=%(url)s/comments.html">
</head>
""" % {'url': baseurl}
function = _un(form.getvalue("function"))
if (function == "list"):
list_comments()
if (function == "post"):
post()
connection.close()
