1
0
Fork 0
forked from bton/matekasse

fixed splite injektion

This commit is contained in:
2000-Trek 2023-06-21 22:33:47 +02:00
parent 5c3ebcfa29
commit 05a5519a59

19
main.py
View file

@ -36,7 +36,7 @@ def exit_handler():
#website
@app.route("/")
def index():
return '<a href="/list">user anfrom markupsafe import escaped tag list</a> <p>The creator of this website accepts no liability for any linguistic or technical errors!</p><br style="line-height: 500%;"></br><a href="/documentation">Doumentation</a>'
return '<a href="/list">user and tag list</a> <p>The creator of this website accepts no liability for any linguistic or technical errors!</p><br style="line-height: 500%;"></br><a href="/documentation">Doumentation</a>'
@app.route("/list")
def list():
@ -107,13 +107,16 @@ def confirm_remove_user():
def remove_user():
user_id = request.args.get("id")
c.execute(f"SELECT * FROM users WHERE id={user_id}")
user_name = c.fetchall()[0][1]
c.execute(f"DELETE FROM tags WHERE userid={user_id}")
c.execute(f"DELETE FROM users WHERE id={user_id}")
conn.commit()
socketio.emit("update", "update")
return f'<p>Deleted user {user_name}</p><a href="/list">return to the tags and user list</a>'
users = c.fetchall()
if users != []:
user_name = users[0][1]
c.execute(f"DELETE FROM tags WHERE userid={user_id}")
c.execute(f"DELETE FROM users WHERE id={user_id}")
conn.commit()
socketio.emit("update", "update")
return f'<p>Deleted user {user_name}</p><a href="/list">return to the tags and user list</a>'
else:
return "Error: 043"
@app.route("/adduser/user", methods=['GET'])
def adduser():
user = request.args.get("username")