diff options
| author | Marjo Murtomäki <mmurtoma@local> | 2023-11-27 20:06:59 +0200 |
|---|---|---|
| committer | Marjo Murtomäki <mmurtoma@local> | 2023-11-27 20:06:59 +0200 |
| commit | d6c73dbde8a35905a8f29caf9b6d088043a5e78f (patch) | |
| tree | 3c01dbdc1da03d25bb999c10496c93a9f1ef4fbe | |
| parent | c618290a4476fd01f46b079e8b95bbc16341cbca (diff) | |
Fixing so that the code will run again after adding csrf checks.
| -rw-r--r-- | routes/analyse.py | 2 | ||||
| -rw-r--r-- | routes/answer.py | 2 | ||||
| -rw-r--r-- | routes/base.py | 3 | ||||
| -rw-r--r-- | routes/create.py | 2 | ||||
| -rw-r--r-- | routes/question.py | 2 | ||||
| -rw-r--r-- | routes/tools.py | 8 |
6 files changed, 10 insertions, 9 deletions
diff --git a/routes/analyse.py b/routes/analyse.py index e256201..70d852b 100644 --- a/routes/analyse.py +++ b/routes/analyse.py @@ -2,7 +2,7 @@ from itertools import combinations from app import app from flask import render_template,session,request,redirect import db_actions as D -from routes.tools import rows2dicts, get_alert, get_nick, red +from routes.tools import rows2dicts, get_alert, get_nick, csrf_check def find_best_and_worst(aid, uid): answers=D.get_all_answers_for_quiz(aid) diff --git a/routes/answer.py b/routes/answer.py index 6d767be..a554d25 100644 --- a/routes/answer.py +++ b/routes/answer.py @@ -1,7 +1,7 @@ from app import app from flask import render_template, session, request, redirect import db_actions as D -from routes.tools import rows2dicts, get_alert, get_nick, red +from routes.tools import rows2dicts, get_alert, get_nick, csrf_check @app.route("/kys/<link>") diff --git a/routes/base.py b/routes/base.py index 6d6dcd8..42d8cdf 100644 --- a/routes/base.py +++ b/routes/base.py @@ -1,10 +1,11 @@ from app import app from flask import render_template,session,request,redirect import db_actions as D -from routes.tools import rows2dicts, get_alert, get_nick +from routes.tools import rows2dicts, get_alert, get_nick, csrf_check @app.route("/") def index(): + session["csrf"] = token_urlsafe() return app.send_static_file("index.html") @app.route("/pages/info.html") diff --git a/routes/create.py b/routes/create.py index c218d1f..083cc0e 100644 --- a/routes/create.py +++ b/routes/create.py @@ -1,7 +1,7 @@ from app import app from flask import render_template,session,request,redirect import db_actions as D -from routes.tools import rows2dicts, get_alert, get_nick, generate_link, red +from routes.tools import rows2dicts, get_alert, get_nick, generate_link, csrf_check @app.route("/pages/create.html") diff --git a/routes/question.py b/routes/question.py index 981e15d..de8dc28 100644 --- a/routes/question.py +++ b/routes/question.py @@ -1,7 +1,7 @@ from app import app from flask import render_template,session,request,redirect import db_actions as D -from routes.tools import rows2dicts, get_alert, get_nick +from routes.tools import rows2dicts, get_alert, get_nick, csrf_check @app.route("/pages/question.html") def question(): diff --git a/routes/tools.py b/routes/tools.py index eea6a8f..3f831a9 100644 --- a/routes/tools.py +++ b/routes/tools.py @@ -38,9 +38,9 @@ def generate_link(): str+=vocal[randint(0,len(vocal)-1)] return str -def csrf_check( redir ) - if "csrf" not in session - or "csrf" not in request.form - of session["csrf"]!=request.form["csrf"]: +def csrf_check( redir ): + if "csrf" not in session \ + or "csrf" not in request.form \ + or session["csrf"]!=request.form["csrf"]: session["alert"]="Istuntosi katkesi tai pyyntö toiselta sivulta!" return redirect( redir ) |