bton/matekasse
2
1
Fork 2
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity

fixed splite injektion

Browse source
This commit is contained in:
2000-Trek 2023-06-21 22:21:45 +02:00
parent 6ec799b632
commit e8cdf4acb2
2 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
main.py
View file

@ -8,6 +8,7 @@ import atexit
import sys import sys
import uuid import uuid
import json import json
import urllib.parse
db_path = 'mate.db' db_path = 'mate.db'
conn = sqlite3.connect(db_path, check_same_thread=False) conn = sqlite3.connect(db_path, check_same_thread=False)
@ -42,7 +43,8 @@ def list():
users = c.fetchall() users = c.fetchall()
text = "" text = ""
for i in users: for i in users:
text = text + f'<p><a href="list/user?user={i[1]}">{i[1]}</a>: {i[2]} <form action="/change" method="get"><input name="id" type="hidden" value="{i[0]}"> Change balance: <input name="change"><input type="submit"></form></p> <br style="line-height: 50%;"></br>' username = urllib.parse.quote_plus(i[1])
text = text + f'<p><a href="list/user?user={username}">{i[1]}</a>: {i[2]} <form action="/change" method="get"><input name="id" type="hidden" value="{i[0]}"> Change balance: <input name="change"><input type="submit"></form></p> <br style="line-height: 50%;"></br>'
return '''<!DOCTYPE html> return '''<!DOCTYPE html>
<html lang="en"> <html lang="en">
<script src="https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.0.1/socket.io.js" integrity="sha512-q/dWJ3kcmjBLU4Qc47E4A9kTB4m3wuTY7vkFJDTZKjTs8jhyGQnaUrxa0Ytd0ssMZhbNua9hE+E7Qv1j+DyZwA==" crossorigin="anonymous"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.0.1/socket.io.js" integrity="sha512-q/dWJ3kcmjBLU4Qc47E4A9kTB4m3wuTY7vkFJDTZKjTs8jhyGQnaUrxa0Ytd0ssMZhbNua9hE+E7Qv1j+DyZwA==" crossorigin="anonymous"></script>
@ -59,7 +61,7 @@ def list():
@app.route("/list/user", methods=['GET']) @app.route("/list/user", methods=['GET'])
def user_info(): def user_info():
username = request.args.get("user") username = urllib.parse.unquote_plus(request.args.get("user"))
c.execute("SELECT * FROM users WHERE username = ?", [username]) c.execute("SELECT * FROM users WHERE username = ?", [username])
user_list = c.fetchall() user_list = c.fetchall()
if user_list != []: if user_list != []:
@ -119,7 +121,7 @@ def adduser():
c.execute("INSERT or IGNORE INTO users (username, balance) VALUES (?, 0)", [user]) c.execute("INSERT or IGNORE INTO users (username, balance) VALUES (?, 0)", [user])
conn.commit() conn.commit()
socketio.emit("update", "update") socketio.emit("update", "update")
return 'Added user <a href="/list">user and tag list</a> <p>The creator of this website accepts no liability for any linguistic or technical errors!</p>' return 'Added user <a href="/list">user and tag list</a>'
else: else:
return '<p>Error: 170</p> <a href="/list">user and tag list</a>' return '<p>Error: 170</p> <a href="/list">user and tag list</a>'

1
templates/documentation.html
View file

@ -14,6 +14,7 @@
<p>&nbsp;</p> <p>&nbsp;</p>
<div id="text"> <div id="text">
<h2>API:</h2> <h2>API:</h2>
<p>Nobody wants to know how the API works</p>
<h2>Error Codes:</h2> <h2>Error Codes:</h2>
<p>170: Tag already exists</p> <p>170: Tag already exists</p>
<p>054: Tag does not exists</p> <p>054: Tag does not exists</p>