github/plexpy
1
0
Fork 0
mirror of https://github.com/Tautulli/Tautulli.git synced 2025-07-11 15:56:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Better sanitization on templates and datatables output.

Browse source
This commit is contained in:
Tim 2015-12-06 14:09:38 +02:00
parent 1157fda96c
commit b0fa0d534e
7 changed files with 206 additions and 196 deletions
Download patch file Download diff file Expand all files Collapse all files

41
plexpy/users.py
View file

@ -271,17 +271,17 @@ class Users(object):
if user_id:
monitor_db = database.MonitorDatabase()
query = 'select username, ' \
'(CASE WHEN friendly_name IS NULL THEN username ELSE friendly_name END),' \
'(CASE WHEN friendly_name IS NULL THEN username ELSE friendly_name END) as friendly_name,' \
'do_notify, keep_history, custom_avatar_url as thumb ' \
'FROM users WHERE user_id = ?'
result = monitor_db.select(query, args=[user_id])
if result:
user_detail = {'user_id': user_id,
'user': result[0][0],
'friendly_name': result[0][1],
'thumb': result[0][4],
'do_notify': helpers.checked(result[0][2]),
'keep_history': helpers.checked(result[0][3])
'user': result[0]['username'],
'friendly_name': result[0]['friendly_name'],
'thumb': result[0]['thumb'],
'do_notify': helpers.checked(result[0]['do_notify']),
'keep_history': helpers.checked(result[0]['keep_history'])
}
return user_detail
else:
@ -295,17 +295,17 @@ class Users(object):
elif user:
monitor_db = database.MonitorDatabase()
query = 'select user_id, ' \
'(CASE WHEN friendly_name IS NULL THEN username ELSE friendly_name END),' \
'(CASE WHEN friendly_name IS NULL THEN username ELSE friendly_name END) as friendly_name,' \
'do_notify, keep_history, custom_avatar_url as thumb ' \
'FROM users WHERE username = ?'
result = monitor_db.select(query, args=[user])
if result:
user_detail = {'user_id': result[0][0],
user_detail = {'user_id': result[0]['user_id'],
'user': user,
'friendly_name': result[0][1],
'thumb': result[0][4],
'do_notify': helpers.checked(result[0][2]),
'keep_history': helpers.checked(result[0][3])}
'friendly_name': result[0]['friendly_name'],
'thumb': result[0]['thumb'],
'do_notify': helpers.checked(result[0]['do_notify']),
'keep_history': helpers.checked(result[0]['keep_history'])}
return user_detail
else:
user_detail = {'user_id': None,
@ -492,9 +492,9 @@ class Users(object):
result = monitor_db.select(query, args=[user])
for item in result:
if item[0]:
total_time = item[0]
total_plays = item[1]
if item['total_time']:
total_time = item['total_time']
total_plays = item['total_plays']
else:
total_time = 0
total_plays = 0
@ -535,17 +535,14 @@ class Users(object):
for item in result:
# Rename Mystery platform names
platform_type = common.PLATFORM_NAME_OVERRIDES.get(item[2], item[2])
platform_type = common.PLATFORM_NAME_OVERRIDES.get(item['platform'], item['platform'])
# Sanitize player name
player = helpers.sanitize(item[0])
row = {'player_name': player,
row = {'player_name': item['player'],
'platform_type': platform_type,
'total_plays': item[1],
'total_plays': item['player_count'],
'result_id': result_id
}
player_stats.append(row)
result_id += 1
return player_stats
return player_stats