unstablevortex/webshop
3
0
Fork 0
Code Pull Requests Releases Activity

Implemented search

Browse Source
This commit is contained in:
Pünkösd Marcell 2020-11-29 02:27:36 +01:00
parent 69555d4444
commit 1dd4e5eff3
2 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/templates/index.html
View File

@ -1,5 +1,10 @@
{% extends 'base.html' %} {% extends 'base.html' %}
{% block content %} {% block content %}
{% if search_query %}
<div class="row mx-2">
<h3>Results for {{ search_query }}</h3>
</div>
{% endif %}
{% if items %} {% if items %}
<div class="row mx-2"> <div class="row mx-2">
{% for item in items %} {% for item in items %}

15
src/views/indexview.py
View File

@ -1,9 +1,11 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
from flask import render_template from flask import render_template, request
from flask_classful import FlaskView from flask_classful import FlaskView
from models import Item from models import Item
import bleach
""" """
Index VIEW Index VIEW
""" """
@ -15,9 +17,16 @@ __version__text__ = "1"
class IndexView(FlaskView): class IndexView(FlaskView):
route_base = '/' route_base = '/'
def index(self): def index(self):
search_query = request.args.get('search')
if search_query:
search_query = bleach.clean(search_query, tags=[])
# https://stackoverflow.com/questions/31949733/is-a-sqlalchemy-query-vulnerable-to-injection-attacks/31949750#31949750
items = Item.query.filter(Item.name.ilike(f"%{search_query}%")).all()
else:
items = Item.query.all() items = Item.query.all()
return render_template("index.html", items=items)
return render_template("index.html", items=items, search_query=search_query)