fermi/estus
fermi/estus
1
Fork 0
mirror of https://github.com/Steffo99/estus.git synced 2024-11-22 15:44:19 +00:00
Code Activity

Create manual query page

Browse source
This commit is contained in:
Steffo 2017-09-13 10:24:59 +02:00
parent 84e2d230ed
commit 888024b361
3 changed files with 76 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
server.py
View file

@ -671,6 +671,25 @@ def page_user_add():
return redirect(url_for('page_user_list')) return redirect(url_for('page_user_list'))
@app.route('/query', methods=['GET', 'POST'])
def page_query():
"""Pagina delle query manuali:
in GET visualizza la pagina per fare una query,
mentre in POST visualizza i risultati."""
if 'username' not in session:
return abort(403)
if request.method == 'GET':
return render_template("query.htm", user=session["username"], type="query")
else:
try:
result = db.engine.execute("SELECT" + request.form["query"] + ";")
except Exception as e:
return render_template("query.htm", query=request.form["query"], error=repr(e), user=session["username"],
type="query")
return render_template("query.htm", query=request.form["query"], result=result, user=session["username"],
type="query")
@app.route('/smecds', methods=['GET']) @app.route('/smecds', methods=['GET'])
def page_smecds(): def page_smecds():
"""Pagina che visualizza i credits del sito""" """Pagina che visualizza i credits del sito"""
@ -682,17 +701,17 @@ def page_smecds():
@app.errorhandler(403) @app.errorhandler(403)
def page_403(_): def page_403(_):
return render_template('403.htm') return render_template('403.htm', user=session["username"])
@app.errorhandler(404) @app.errorhandler(404)
def page_404(_): def page_404(_):
return render_template('404.htm') return render_template('404.htm', user=session["username"])
@app.errorhandler(500) @app.errorhandler(500)
def page_500(e): def page_500(e):
return render_template('500.htm', e=e) return render_template('500.htm', e=e, user=session["username"])
if __name__ == "__main__": if __name__ == "__main__":

3
templates/nav.htm
View file

@ -16,7 +16,8 @@
<li class="{% if type is equalto "net" %}active{% endif %}"><a href="/net_list">Reti</a></li> <li class="{% if type is equalto "net" %}active{% endif %}"><a href="/net_list">Reti</a></li>
</ul> </ul>
<ul class="nav navbar-nav navbar-right"> <ul class="nav navbar-nav navbar-right">
<li class="{% if type is equalto "user" %}active{% endif %}"><a href="/user_list">Amministrazione</a></li> <li class="{% if type is equalto "user" %}active{% endif %}"><a href="/user_list">Utenti</a></li>
<li class="{% if type is equalto "query" %}active{% endif %}"><a href="/query">Query</a></li>
<li class="navbar-text"> <li class="navbar-text">
Sei connesso come <b>{{user}}</b> Sei connesso come <b>{{user}}</b>
</li> </li>

52
templates/query.htm Normal file
View file

@ -0,0 +1,52 @@
{% extends 'base.htm' %}
{% block title %}Query • estus{% endblock %}
{% block content %}
<div class="alert alert-warning">
<b>Attenzione!</b> In questa pagina non è presente alcuna misura per prevenire SQL Injection. Eseguite le query a vostro rischio e pericolo!
</div>
<form action="/query" method="post">
<div class="input-group">
<span class="input-group-addon">SELECT</span>
<input type="text" class="form-control" placeholder="Scrivi qui la tua query!" name="query" {% if query %}value="{{ query }}{% endif %}">
<span class="input-group-addon">;</span>
</div>
</form>
{% if result %}
<div class="panel panel-success">
<div class="panel-heading">
Risultati della query
</div>
<div class="panel-body">
<table class="table table-hover">
<thead>
<tr>
{% for row in result.keys() %}
<th>
{{ row }}
</th>
{% endfor %}
</tr>
</thead>
<tbody>
{% for row in result %}
<tr>
{% for column in row %}
<td>{{ column }}</td>
{% endfor %}
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
{% elif error %}
<div class="panel panel-danger">
<div class="panel-heading">
Errore nell'esecuzione della query
</div>
<div class="panel-body">
{{ error }}
</div>
</div>
{% endif %}
{% endblock %}