diff options
| author | Marjo Murtomäki <mmurtoma@local> | 2023-11-27 19:56:22 +0200 |
|---|---|---|
| committer | Marjo Murtomäki <mmurtoma@local> | 2023-11-27 19:56:22 +0200 |
| commit | c618290a4476fd01f46b079e8b95bbc16341cbca (patch) | |
| tree | 9b74d598584d25b7b032d53da919d3338d0eb191 /routes/tools.py | |
| parent | f965d5d1f799037cd49accae9256ed42b8c17ccb (diff) | |
Adding csrf checking to every post handler.
Diffstat (limited to 'routes/tools.py')
| -rw-r--r-- | routes/tools.py | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/routes/tools.py b/routes/tools.py index 69e6fef..eea6a8f 100644 --- a/routes/tools.py +++ b/routes/tools.py @@ -2,13 +2,6 @@ from random import randint from flask import session import db_actions as D -red = { - "nick": "<script>window.location.hash=\"nick\"</script>", - "new_answer": "<script>window.location.hash=\"new_answer\"</script>", - "quiz": "<script>window.location.hash=\"quiz\"</script>" -} - - def rows2dicts( rows, names ): dlist=[] for i in range(len(rows)): @@ -44,3 +37,10 @@ def generate_link(): str+=konso[randint(0,len(konso)-1)] str+=vocal[randint(0,len(vocal)-1)] return str + +def csrf_check( redir ) + if "csrf" not in session + or "csrf" not in request.form + of session["csrf"]!=request.form["csrf"]: + session["alert"]="Istuntosi katkesi tai pyyntö toiselta sivulta!" + return redirect( redir ) |