summaryrefslogtreecommitdiff
path: root/routes
diff options
context:
space:
mode:
authorMarjo Murtomäki <mmurtoma@local>2023-11-27 20:06:59 +0200
committerMarjo Murtomäki <mmurtoma@local>2023-11-27 20:06:59 +0200
commitd6c73dbde8a35905a8f29caf9b6d088043a5e78f (patch)
tree3c01dbdc1da03d25bb999c10496c93a9f1ef4fbe /routes
parentc618290a4476fd01f46b079e8b95bbc16341cbca (diff)
Fixing so that the code will run again after adding csrf checks.
Diffstat (limited to 'routes')
-rw-r--r--routes/analyse.py2
-rw-r--r--routes/answer.py2
-rw-r--r--routes/base.py3
-rw-r--r--routes/create.py2
-rw-r--r--routes/question.py2
-rw-r--r--routes/tools.py8
6 files changed, 10 insertions, 9 deletions
diff --git a/routes/analyse.py b/routes/analyse.py
index e256201..70d852b 100644
--- a/routes/analyse.py
+++ b/routes/analyse.py
@@ -2,7 +2,7 @@ from itertools import combinations
from app import app
from flask import render_template,session,request,redirect
import db_actions as D
-from routes.tools import rows2dicts, get_alert, get_nick, red
+from routes.tools import rows2dicts, get_alert, get_nick, csrf_check
def find_best_and_worst(aid, uid):
answers=D.get_all_answers_for_quiz(aid)
diff --git a/routes/answer.py b/routes/answer.py
index 6d767be..a554d25 100644
--- a/routes/answer.py
+++ b/routes/answer.py
@@ -1,7 +1,7 @@
from app import app
from flask import render_template, session, request, redirect
import db_actions as D
-from routes.tools import rows2dicts, get_alert, get_nick, red
+from routes.tools import rows2dicts, get_alert, get_nick, csrf_check
@app.route("/kys/<link>")
diff --git a/routes/base.py b/routes/base.py
index 6d6dcd8..42d8cdf 100644
--- a/routes/base.py
+++ b/routes/base.py
@@ -1,10 +1,11 @@
from app import app
from flask import render_template,session,request,redirect
import db_actions as D
-from routes.tools import rows2dicts, get_alert, get_nick
+from routes.tools import rows2dicts, get_alert, get_nick, csrf_check
@app.route("/")
def index():
+ session["csrf"] = token_urlsafe()
return app.send_static_file("index.html")
@app.route("/pages/info.html")
diff --git a/routes/create.py b/routes/create.py
index c218d1f..083cc0e 100644
--- a/routes/create.py
+++ b/routes/create.py
@@ -1,7 +1,7 @@
from app import app
from flask import render_template,session,request,redirect
import db_actions as D
-from routes.tools import rows2dicts, get_alert, get_nick, generate_link, red
+from routes.tools import rows2dicts, get_alert, get_nick, generate_link, csrf_check
@app.route("/pages/create.html")
diff --git a/routes/question.py b/routes/question.py
index 981e15d..de8dc28 100644
--- a/routes/question.py
+++ b/routes/question.py
@@ -1,7 +1,7 @@
from app import app
from flask import render_template,session,request,redirect
import db_actions as D
-from routes.tools import rows2dicts, get_alert, get_nick
+from routes.tools import rows2dicts, get_alert, get_nick, csrf_check
@app.route("/pages/question.html")
def question():
diff --git a/routes/tools.py b/routes/tools.py
index eea6a8f..3f831a9 100644
--- a/routes/tools.py
+++ b/routes/tools.py
@@ -38,9 +38,9 @@ def generate_link():
str+=vocal[randint(0,len(vocal)-1)]
return str
-def csrf_check( redir )
- if "csrf" not in session
- or "csrf" not in request.form
- of session["csrf"]!=request.form["csrf"]:
+def csrf_check( redir ):
+ if "csrf" not in session \
+ or "csrf" not in request.form \
+ or session["csrf"]!=request.form["csrf"]:
session["alert"]="Istuntosi katkesi tai pyyntö toiselta sivulta!"
return redirect( redir )