Commits

danjac  committed 1a248a6

security fixes

  • Participants
  • Parent commits e5201b2

Comments (0)

Files changed (1)

File newsmeme/models.py

 
         criteria = []
 
-        authors = User.__table__.alias()
-
         for keyword in keywords.split():
 
             keyword = '%' + keyword + '%'
                                    Post.description.ilike(keyword),
                                    Post.link.ilike(keyword),
                                    Post.tags.ilike(keyword),
-                                   authors.c.username.ilike(keyword)))
+                                   User.username.ilike(keyword)))
 
 
         q = reduce(db.and_, criteria)
-        q = self.filter(q).join(authors)
-        q = q.filter(authors.c.id==Post.author_id).distinct()
-
-        return q
+        
+        return self.filter(q).join(User).distinct()
 
 
 class Post(db.Model):