Commit cbf76943 authored by Raphael Remorosa's avatar Raphael Remorosa

Search bar can't accept an empty search entry, url still vulnerable against...

Search bar can't accept an empty search entry, url still vulnerable against manuallly changing search term into " "
parent 588026ad
from django.shortcuts import render, redirect, get_object_or_404 from django.shortcuts import render, redirect, get_object_or_404
from django.http import HttpResponse
from core.models import * from core.models import *
from core import exthook from core import exthook
def search(request): def search(request):
type = request.GET.get('searchtype', '') type = request.GET.get('searchtype', '')
term = request.GET.get('search', '') term = request.GET.get('search', '')
artistAlbums = Album.objects.filter(artist__name__contains = term)
# doesn't work against spaces
if not term:
return HttpResponse(status=500)
artistAlbums = Album.objects.filter(artist__name__contains = term)
if type == 'song': if type == 'song':
results = Song.objects.filter(song_name__contains = term) results = Song.objects.filter(song_name__contains = term)
elif type == 'album': elif type == 'album':
results = Album.objects.filter(album_name__contains = term) results = Album.objects.filter(album_name__contains = term)
elif type == 'artist': elif type == 'artist':
results = Artist.objects.filter(name__contains = term) results = Artist.objects.filter(name__contains = term)
context = { context = {
'type': type, 'type': type,
'term': term, 'term': term,
......
...@@ -27,7 +27,7 @@ ...@@ -27,7 +27,7 @@
<form action="{% url 'search' %}" method="get"> <form action="{% url 'search' %}" method="get">
<div class="wrap"> <div class="wrap">
<div class="search"> <div class="search">
<input type="text" class="w3-bar-item w3-input w3-black" name="search" placeholder="Search.."> <input id="searchbarinput" type="text" class="w3-bar-item w3-input w3-black" name="search" placeholder="Search.." required>
<input id="searchbytype" type="hidden" name="searchtype" value="album"> <input id="searchbytype" type="hidden" name="searchtype" value="album">
<button class="w3-bar-item w3-button w3-green"> <i class="fa fa-search" aria-hidden="true"></i></button> <button class="w3-bar-item w3-button w3-green"> <i class="fa fa-search" aria-hidden="true"></i></button>
</div> </div>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment