From 1dd4e5eff39a2e9b34bef60144fff73d2af2f16f Mon Sep 17 00:00:00 2001
From: marcsello <punkosdmarcell@rocketmail.com>
Date: Sun, 29 Nov 2020 02:27:36 +0100
Subject: [PATCH] Implemented search

---
 src/templates/index.html |  5 +++++
 src/views/indexview.py   | 17 +++++++++++++----
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/src/templates/index.html b/src/templates/index.html
index bc3d2fa..b16a1ed 100644
--- a/src/templates/index.html
+++ b/src/templates/index.html
@@ -1,5 +1,10 @@
 {% extends 'base.html' %}
 {% block content %}
+    {% if search_query %}
+        <div class="row mx-2">
+            <h3>Results for {{ search_query }}</h3>
+        </div>
+    {% endif %}
     {% if items %}
         <div class="row mx-2">
             {% for item in items %}
diff --git a/src/views/indexview.py b/src/views/indexview.py
index 5160a9f..1cb57b9 100644
--- a/src/views/indexview.py
+++ b/src/views/indexview.py
@@ -1,9 +1,11 @@
 #!/usr/bin/env python3
-from flask import render_template
+from flask import render_template, request
 from flask_classful import FlaskView
 
 from models import Item
 
+import bleach
+
 """
 Index VIEW
 """
@@ -15,9 +17,16 @@ __version__text__ = "1"
 
 
 class IndexView(FlaskView):
-
     route_base = '/'
 
     def index(self):
-        items = Item.query.all()
-        return render_template("index.html", items=items)
+        search_query = request.args.get('search')
+
+        if search_query:
+            search_query = bleach.clean(search_query, tags=[])
+            # https://stackoverflow.com/questions/31949733/is-a-sqlalchemy-query-vulnerable-to-injection-attacks/31949750#31949750
+            items = Item.query.filter(Item.name.ilike(f"%{search_query}%")).all()
+        else:
+            items = Item.query.all()
+
+        return render_template("index.html", items=items, search_query=search_query)