From 0bc3f542098b63392fbc8e05e87c6a8c65cc1e24 Mon Sep 17 00:00:00 2001
From: 2000-Trek <anton@postmitdermaus.de>
Date: Fri, 23 Jun 2023 21:22:10 +0200
Subject: [PATCH] url quote

---
 main.py | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/main.py b/main.py
index 0761e5d..ab02517 100644
--- a/main.py
+++ b/main.py
@@ -51,8 +51,7 @@ def list():
     users = c.fetchall()
     text = ""
     for i in users:
-        username = urllib.parse.quote_plus(i[1], safe='_.-~')
-        text = text + f'<p><a href="list/user?user={username}">{escape(i[1])}</a>: {i[2]} <form action="/change" method="get"><input name="id" type="hidden" value="{i[0]}"> Change balance: <input name="change"><input type="submit"></form></p> <br style="line-height: 50%;"></br>'
+        text = text + f'<p><a href="list/user?id={i[0]}">{escape(i[1])}</a>: {i[2]} <form action="/change" method="get"><input name="id" type="hidden" value="{i[0]}"> Change balance: <input name="change"><input type="submit"></form></p> <br style="line-height: 50%;"></br>'
     return '''<!DOCTYPE html>
         <html lang="en">
         <script src="https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.0.1/socket.io.js" integrity="sha512-q/dWJ3kcmjBLU4Qc47E4A9kTB4m3wuTY7vkFJDTZKjTs8jhyGQnaUrxa0Ytd0ssMZhbNua9hE+E7Qv1j+DyZwA==" crossorigin="anonymous"></script>
@@ -69,9 +68,8 @@ def list():
 
 @app.route("/list/user", methods=['GET'])
 def user_info():
-    username = urllib.parse.unquote_plus(request.args.get("user")) 
-    db_log.info(str(username))
-    c.execute("SELECT * FROM users WHERE username = ?", [username])
+    id = urllib.parse.unquote_plus(request.args.get("id"))
+    c.execute(f"SELECT * FROM users WHERE id = {id}")
     user_list = c.fetchall()
     if user_list != []:
         user = user_list[0]
@@ -85,7 +83,7 @@ def user_info():
             <script src="https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.0.1/socket.io.js" integrity="sha512-q/dWJ3kcmjBLU4Qc47E4A9kTB4m3wuTY7vkFJDTZKjTs8jhyGQnaUrxa0Ytd0ssMZhbNua9hE+E7Qv1j+DyZwA==" crossorigin="anonymous"></script>
             <script type="text/javascript" charset="utf-8">
             var socket = io();
-        """ + 'socket.on("update", function(){ window.location="http://matekasse.server.c3h/list/user?user=' + username + '"});' + f"""
+        """ + 'socket.on("update", function(){ window.location="http://matekasse.server.c3h/list/user?id=' + id + '"});' + f"""
             </script>
             <p> {escape(user[1])} : {user[2]} <p>
             <form action="/addtag" method="get"><input name="id" type="hidden" value="{user[0]}"><button type="submit">Add Tag</button></form>