submissions werken nu.

bonus feature: sql injection mogelijk
This commit is contained in:
lverherb 2024-02-21 16:52:20 +01:00
parent 5e1d42b7d4
commit c7dda63391
3 changed files with 17 additions and 12 deletions

View file

@ -12,23 +12,27 @@ def get_db():
@app.route("/", methods = ['GET', 'POST']) @app.route("/", methods = ['GET', 'POST'])
def root(): def root():
request db = get_db()
user_cookie = request.cookies.get("userid") user_cookie = request.cookies.get("userid")
if user_cookie is None:
user_cookie = str(random.randint(100000, 999999))
print(f"Userid was None, nieuw UID: {user_cookie}")
if request.method == "POST": if request.method == "POST":
print(str(request.form)) new_submission = request.form.get("text")
if request.method == "GET": print(f"insert into posts values ({user_cookie},'{new_submission}');")
posts = get_db().cursor().execute(f"select * from posts").fetchall() db.cursor().execute(f"insert into posts values ({user_cookie},'{new_submission}');")
db.commit()
resp = make_response(render_template('./index.html', posts=posts))
if user_cookie is None:
resp.set_cookie("userid", str(random.randint(100000, 999999)))
return resp
return "YES" posts = db.cursor().execute(f"select * from posts where userid = {user_cookie};").fetchall()
resp = make_response(render_template('./index.html', posts=posts))
resp.set_cookie("userid",str(user_cookie))
return resp
@app.teardown_appcontext @app.teardown_appcontext
def close_connection(exception): def close_connection(exception):
db = getattr(g, '_database', None) db = getattr(g, '_database', None)
if db is not None: if db is not None:
db.close() db.close()

View file

@ -9,7 +9,8 @@
</head> </head>
<body> <body>
<form method="POST"> <form method="POST">
<input type="text"/> <label for="text">Enter new submission:</label>
<input type="text" name="text" />
<input type="submit"/> <input type="submit"/>
</form> </form>
@ -18,4 +19,4 @@
{% endfor %} {% endfor %}
</body> </body>
</html> </html>
{% endautoescape %} {% endautoescape %}

Binary file not shown.