Home Explore Help
Sign In
compsci-industry
/
TechEmpower.FrameworkBenchmarks
mirror of https://github.com/TechEmpower/FrameworkBenchmarks.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

wheezyweb: Fix modifing fortune database

* Use cgi.escape instead of bleach.clean
* Instead of modifing model object, escape while rendering
* Close SQLAlchemy session for each request
INADA Naoki 10 years ago
parent
91650bf396
commit
eb2ae29f04
3 changed files with 18 additions and 10 deletions
Unified View Show Diff Stats
  1. 17 7
      frameworks/Python/wheezyweb/app.py
  2. 0 2
      frameworks/Python/wheezyweb/requirements.txt
  3. 1 1
      frameworks/Python/wheezyweb/views/fortune.html

+ 17 - 7
frameworks/Python/wheezyweb/app.py
View File 

@@ -1,11 +1,10 @@
 
+import cgi
 
 import os
 
 import os
 
 import sys
 
 import sys
 
 from functools import partial
 
 from functools import partial
 
 from operator import attrgetter
 
 from operator import attrgetter
 
 from random import randint
 
 from random import randint
 
 
 
-import bleach
 
-
 
 from wheezy.http import HTTPResponse
 
 from wheezy.http import HTTPResponse
 
 from wheezy.http import WSGIApplication
 
 from wheezy.http import WSGIApplication
 
 from wheezy.routing import url
 
 from wheezy.routing import url
 
@@ -109,15 +108,16 @@ class UpdatesHandler(BaseHandler):
 
         db_session.commit()
 
         db_session.commit()
 
         return self.json_response(worlds)
 
         return self.json_response(worlds)
 
 
 
+
 
+template_engine = Engine(loader=FileLoader(["views"]), extensions=[CoreExtension()])
 
+template_engine.global_vars['escape'] = cgi.escape
 
+
 
 class FortuneHandler(BaseHandler):
 
 class FortuneHandler(BaseHandler):
 
     def get(self):
 
     def get(self):
 
         fortunes = db_session.query(Fortune).all()
 
         fortunes = db_session.query(Fortune).all()
 
         fortunes.append(Fortune(id=0, message="Additional fortune added at request time."))
 
         fortunes.append(Fortune(id=0, message="Additional fortune added at request time."))
 
         fortunes.sort(key=attrgetter("message"))
 
         fortunes.sort(key=attrgetter("message"))
 
-        engine = Engine(loader=FileLoader(["views"]), extensions=[CoreExtension()])
 
-        template = engine.get_template("fortune.html")
 
-        for f in fortunes:
 
-            f.message = bleach.clean(f.message)
 
+        template = template_engine.get_template("fortune.html")
 
         template_html = template.render({"fortunes": fortunes})		
         template_html = template.render({"fortunes": fortunes})		
 
 
         response = HTTPResponse()
 
         response = HTTPResponse()
 
@@ -130,6 +130,15 @@ def plaintext(request):
 
     response.write("Hello, world!")
 
     response.write("Hello, world!")
 
     return response
 
     return response
 
 
 
+
 
+def sqlalchemy_close_middleware(request, following):
 
+    """Close db_session for each request"""
 
+    try:
 
+        return following(request)
 
+    finally:
 
+        db_session.remove()
 
+
 
+
 
 all_urls = [
 
 all_urls = [
 
     url("plaintext", plaintext, name="plaintext"),
 
     url("plaintext", plaintext, name="plaintext"),
 
     url("json", JsonHandler, name="json"),
 
     url("json", JsonHandler, name="json"),
 
@@ -144,7 +153,8 @@ options = {}
 
 app = WSGIApplication(
 
 app = WSGIApplication(
 
     middleware = [
 
     middleware = [
 
         bootstrap_defaults(url_mapping=all_urls),
 
         bootstrap_defaults(url_mapping=all_urls),
 
-        path_routing_middleware_factory
 
+        path_routing_middleware_factory,
 
+        lambda _: sqlalchemy_close_middleware,
 
     ],
 
     ],
 
     options = options
 
     options = options
 
 )
 
 )

+ 0 - 2
frameworks/Python/wheezyweb/requirements.txt
View File 

@@ -1,8 +1,6 @@
 
 wheezy.web==0.1.485
 
 wheezy.web==0.1.485
 
 wheezy.template==0.1.167
 
 wheezy.template==0.1.167
 
 
 
-bleach==1.4.1
 
-
 
 SQLAlchemy==1.0.4
 
 SQLAlchemy==1.0.4
 
 mysqlclient==1.3.6
 
 mysqlclient==1.3.6

+ 1 - 1
frameworks/Python/wheezyweb/views/fortune.html
View File 

@@ -13,7 +13,7 @@
 
 @for fortune in fortunes:
 
 @for fortune in fortunes:
 
 <tr>
 
 <tr>
 
 <td>@str(fortune.id)</td>
 
 <td>@str(fortune.id)</td>
 
-<td>@fortune.message</td>
 
+<td>@{fortune.message !! escape}</td>
 
 </tr>
 
 </tr>
 
 @end
 
 @end
 
 </table>
 
 </table>