def journal(journal_id, section_number, entry_number): # journal_id is id in database, section_number counts from 1 upwards, entry_number counts from 0 upwards # to overcome the vulnerability, check if the journal belongs to them user_id = session['user_id'] if Journal.query.filter_by(id=journal_id, user_id=user_id).scalar() is None: return redirect(url_for('journal_land')) # Could have called this data easily into lists using database, but this tree is better cause it allows the names # of all sections to be loaded at once to display, reducing delay # Creating the user tree user_id = session['user_id'] tree = user_tree(user_id) # Finding the journal location in the tree journal_location = 1 while int(journal_id) != tree[journal_location][0][0]: journal_location += 1 # Finds content of specific journal, so more efficient and doesn't have to sort through everything journal_content = tree[journal_location] # so that we can make changes to the database journal = Journal.query.filter_by(id=journal_id).scalar() section = Section.query.filter_by( id=(journal_content[int(section_number)][0][0])).scalar() entry = Entry.query.filter_by( id=(journal_content[int(section_number)][int(entry_number) + 1][0])).scalar() # Form inputs for new section and new entry form_new_section = NewSection() form_new_entry = NewEntry() # The entry variables we are sending entry_text = entry.content print("entry content", entry_text) entry_title = entry.name entry_last_mod = str(entry.last_mod)[0:16] if form_new_section.validate_on_submit(): section = Section(name=form_new_section.section_input.data, journal_id=journal_id) db.session.add(section) db.session.commit() entry = Entry(name="my page", section_id=section.id, content="") db.session.add(entry) db.session.commit() form_new_section.section_input.data = '' # updating last mod of journal journal.last_mod = datetime.utcnow() db.session.commit() return redirect( url_for('journal', journal_id=journal_id, section_number=1, entry_number=0)) if form_new_entry.validate_on_submit(): section_id = journal_content[int(section_number)][0][0] entry = Entry(name=form_new_entry.entry_input.data, section_id=section_id, content="") db.session.add(entry) db.session.commit() form_new_entry.entry_input.data = '' # updating last mod of journal and section journal.last_mod = datetime.utcnow() section.last_mod = datetime.utcnow() db.session.commit() return redirect( url_for('journal', journal_id=journal_id, section_number=section_number, entry_number=0)) # Entry details form entry_details = EntryInput() if entry_details.validate_on_submit(): entry.content = entry_details.entry_content.data entry.name = entry_details.entry_name.data db.session.commit() # updating last mod of journal, section and entry journal.last_mod = datetime.utcnow() section.last_mod = datetime.utcnow() entry.last_mod = datetime.utcnow() db.session.commit() # to display the data entry_details.entry_content.data = entry.content return render_template('journal.html', journal_content=journal_content, journal_id=int(journal_id), section_number=int(section_number), entry_number=int(entry_number), entry_title=entry_title, entry_text=entry_text, form_new_section=form_new_section, form_new_entry=form_new_entry, entry_details=entry_details, entry_last_mod=entry_last_mod)