UI and security improvements
This commit is contained in:
parent
9a272ee959
commit
b8c4914a52
13 changed files with 136 additions and 80 deletions
|
|
@ -34,8 +34,8 @@ def _save_as_from_name(name):
|
|||
def _parse_fields():
|
||||
"""Parse and validate add/edit form fields. Returns (fields_dict, None) or (None, already_flashed)."""
|
||||
name = sanitize.name(request.form.get('name', ''))
|
||||
description = sanitize.text(request.form.get('description', ''))
|
||||
fmt = request.form.get('format', '').strip()
|
||||
description = sanitize.description(request.form.get('description', ''))
|
||||
fmt = sanitize.filtervalue(request.form.get('format', ''), validate.VALID_BLOCKLIST_FORMATS)
|
||||
url = sanitize.url(request.form.get('url', ''))
|
||||
|
||||
if not name:
|
||||
|
|
@ -44,8 +44,8 @@ def _parse_fields():
|
|||
if not url:
|
||||
flash('The configuration has not been saved because a URL is required.', 'error')
|
||||
return None, True
|
||||
if fmt not in validate.VALID_BLOCKLIST_FORMATS:
|
||||
flash(f'The configuration has not been saved because "{fmt}" is not a valid format. '
|
||||
if not fmt:
|
||||
flash(f'The configuration has not been saved because the format is invalid. '
|
||||
f'Accepted formats: {_VALID_FORMATS_STR}.', 'error')
|
||||
return None, True
|
||||
|
||||
|
|
@ -75,7 +75,6 @@ def add_blocklist():
|
|||
'format': fields['format'],
|
||||
'url': fields['url'],
|
||||
'save_as': _save_as_from_name(fields['name']),
|
||||
'enabled': True,
|
||||
})
|
||||
save_core(core)
|
||||
|
||||
|
|
@ -83,29 +82,6 @@ def add_blocklist():
|
|||
return redirect(VIEW)
|
||||
|
||||
|
||||
@bp.route('/action/toggle_blocklist', methods=['POST'])
|
||||
@require_level('administrator')
|
||||
def toggle_blocklist():
|
||||
idx = _row_index()
|
||||
if idx is None:
|
||||
flash('Invalid request.', 'error')
|
||||
return redirect(VIEW)
|
||||
|
||||
if not _hash_ok():
|
||||
return redirect(VIEW)
|
||||
|
||||
core = load_core()
|
||||
items = core.get('blocklists', [])
|
||||
if idx < 0 or idx >= len(items):
|
||||
flash('Entry not found.', 'error')
|
||||
return redirect(VIEW)
|
||||
|
||||
items[idx]['enabled'] = not items[idx].get('enabled', True)
|
||||
save_core(core)
|
||||
|
||||
flash(apply_msg(), 'success')
|
||||
return redirect(VIEW)
|
||||
|
||||
|
||||
@bp.route('/action/edit_blocklist', methods=['POST'])
|
||||
@require_level('administrator')
|
||||
|
|
@ -128,13 +104,11 @@ def edit_blocklist():
|
|||
flash('Entry not found.', 'error')
|
||||
return redirect(VIEW)
|
||||
|
||||
enabled = request.form.get('enabled') == 'on'
|
||||
items[idx].update({
|
||||
'name': fields['name'],
|
||||
'description': fields['description'],
|
||||
'format': fields['format'],
|
||||
'url': fields['url'],
|
||||
'enabled': enabled,
|
||||
})
|
||||
save_core(core)
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue