From c618290a4476fd01f46b079e8b95bbc16341cbca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marjo=20Murtom=C3=A4ki?= <mmurtoma@local>
Date: Mon, 27 Nov 2023 19:56:22 +0200
Subject: Adding csrf checking to every post handler.

---
 routes/tools.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'routes/tools.py')

diff --git a/routes/tools.py b/routes/tools.py
index 69e6fef..eea6a8f 100644
--- a/routes/tools.py
+++ b/routes/tools.py
@@ -2,13 +2,6 @@ from random import randint
 from flask import session
 import db_actions as D
 
-red = {
-    "nick": "<script>window.location.hash=\"nick\"</script>",
-    "new_answer": "<script>window.location.hash=\"new_answer\"</script>",
-    "quiz": "<script>window.location.hash=\"quiz\"</script>"
-}
-
-
 def rows2dicts( rows, names ):
     dlist=[]
     for i in range(len(rows)):
@@ -44,3 +37,10 @@ def generate_link():
         str+=konso[randint(0,len(konso)-1)]
         str+=vocal[randint(0,len(vocal)-1)]
     return str
+
+def csrf_check( redir )
+    if "csrf" not in session 
+            or "csrf" not in request.form
+            of session["csrf"]!=request.form["csrf"]:
+        session["alert"]="Istuntosi katkesi tai pyyntö toiselta sivulta!"
+        return redirect( redir )
-- 
cgit v1.2.3