Lipasto

Diff between cb2e24883472d1102d665aa7348490b2d947b4b5 and 7124eb9362818d79082666262d6d12d3550d2549

Changed Files

File	Additions	Deletions	Status
app.lua	+19	-1	modified
koivuhaka.sqlite	+0	-0	modified
static/images/n02112018_4583.jpg	+0	-0	added
views/hallintapaneeli.etlua	+24	-9	modified
views/index.etlua	+0	-2	modified
views/layout.etlua	+3	-1	modified
Full Patch

diff --git a/app.lua b/app.lua
index 446cd10..862c663 100644
--- a/app.lua
+++ b/app.lua
@@ -75,9 +75,26 @@ app:match("hallintapaneeli", "/hallintapaneeli", respond_to({
   -- luo asunto entry ja muokkaa sivua
   POST = function(self)
     local address = strip(self.params.address)
-    local picture = strip(self.params.picture)
+    local picture_file = self.params.file
     local price = strip(self.params.price)
 
+    local picture = ""
+    -- write img binary to file, risky and not validation :D. all params are TRUSTED
+    -- path traversal attacks possible
+    -- https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Disposition#Directives
+    local out = io.open("./static/images/" .. picture_file.filename, "wb")
+    if out == nil then
+	return { redirect_to = "/" }
+    end
+    -- nginx limits the img size to 1mb by defaykt
+
+    local data = picture_file.content
+    data = string.gsub(data, "\r\n", "\n") -- for unix
+    out:write(data)
+    out:close()
+
+    picture = "http://localhost:8080/static/images/" .. picture_file.filename --öaldsfkölsadkfölakdsfölkasöldfkö
+
     if address == "" or picture == "" or price == "" then
 	return { redirect_to = "/hallintapaneeli"}
     end
@@ -92,3 +109,4 @@ app:match("hallintapaneeli", "/hallintapaneeli", respond_to({
 }))
 
 return app
+
diff --git a/koivuhaka.sqlite b/koivuhaka.sqlite
index 9fe4509..e596de1 100644
Binary files a/koivuhaka.sqlite and b/koivuhaka.sqlite differ
diff --git a/static/images/n02112018_4583.jpg b/static/images/n02112018_4583.jpg
new file mode 100644
index 0000000..1b36792
Binary files /dev/null and b/static/images/n02112018_4583.jpg differ
diff --git a/views/hallintapaneeli.etlua b/views/hallintapaneeli.etlua
index 6c29b5f..4f0e570 100644
--- a/views/hallintapaneeli.etlua
+++ b/views/hallintapaneeli.etlua
@@ -1,10 +1,25 @@
-<form action="" method="post">
-    <label for="name">Osoite:</label><br>
-    <input type="text" id="address" name="address" required/><br>
-    <label for="picture">Kuva:</label><br>
-    <input type="text" id="picture" name="picture" required/><br>
-    <label for="price">Hinta:</label><br>
-    <input type="number" id="price" name="price" required min="1" max="10000000"/><br>
-    <button type="submit">Luo</button>
-</form> 
+<div class="container-sm mt-5 px-5">
+    <h1 class="mb-3">Luo uusi asunto</h1>
+    <form action="" method="post" enctype="multipart/form-data">
+		<label for="name" class="col-sm-2 col-form-label">Osoite:</label><br>
+	    <div class="col-sm-8">
+			<input type="text" id="address" name="address" class="form-control" required/><br>
+	    </div>
+		<label for="price" class="col-sm-2 col-form-label">Hinta:</label><br>
+		<div class="col-sm-8">
+			<input type="number" id="price" name="price" class="form-control" min="1" max="10000000" required/><br>
+		</div>
+	    <label for="picture" class="col-sm-2 col-form-label">Picture:</label><br>
+	    <div class="col-sm-8">
+			<input type="file" name="file" id="file" class="form-control mb-3">
+	    </div>
+	<button type="submit" class="btn btn-secondary">Luo</button>
+    </form> 
+
+</div>
+
+
+
+
+
 
diff --git a/views/index.etlua b/views/index.etlua
index 267eafd..2247dcc 100644
--- a/views/index.etlua
+++ b/views/index.etlua
@@ -4,7 +4,6 @@
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <title>Koivuhaan asunto</title>
-    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.8/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-sRIl4kxILFvY47J16cr9ZwB07vP4J8+LH7qKQnuqkuIAvNWLzeN8tE5YBujZqJLB" crossorigin="anonymous">
   </head>
   <body>
     <nav class="navbar navbar-expand-sm bg-dark navbar-dark fixed-top">
@@ -69,6 +68,5 @@
 	    <% end %>
 	</div>
     </div>
-    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.8/dist/js/bootstrap.bundle.min.js" integrity="sha384-FKyoEForCGlyvwx9Hj09JcYn3nv7wiPVlz7YYwJrWVcXK/BmnVDxM+D2scQbITxI" crossorigin="anonymous"></script>
   </body>
 </html>
diff --git a/views/layout.etlua b/views/layout.etlua
index 96156f6..eb5ae64 100644
--- a/views/layout.etlua
+++ b/views/layout.etlua
@@ -1,10 +1,12 @@
 <!DOCTYPE HTML>
-<html lang="en">
+<html lang="fi">
 <head>
   <meta charset="UTF-8">
   <title><%= page_title or "Koivuhaan asunnot" %></title>
+  <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.8/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-sRIl4kxILFvY47J16cr9ZwB07vP4J8+LH7qKQnuqkuIAvNWLzeN8tE5YBujZqJLB" crossorigin="anonymous">
 </head>
 <body>
   <% content_for("inner") %>
+  <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.8/dist/js/bootstrap.bundle.min.js" integrity="sha384-FKyoEForCGlyvwx9Hj09JcYn3nv7wiPVlz7YYwJrWVcXK/BmnVDxM+D2scQbITxI" crossorigin="anonymous"></script>
 </body>
 </html>