forked from bton/matekasse
fixed splite injektion
This commit is contained in:
parent
5c3ebcfa29
commit
05a5519a59
1 changed files with 11 additions and 8 deletions
9
main.py
9
main.py
|
@ -36,7 +36,7 @@ def exit_handler():
|
||||||
#website
|
#website
|
||||||
@app.route("/")
|
@app.route("/")
|
||||||
def index():
|
def index():
|
||||||
return '<a href="/list">user anfrom markupsafe import escaped tag list</a> <p>The creator of this website accepts no liability for any linguistic or technical errors!</p><br style="line-height: 500%;"></br><a href="/documentation">Doumentation</a>'
|
return '<a href="/list">user and tag list</a> <p>The creator of this website accepts no liability for any linguistic or technical errors!</p><br style="line-height: 500%;"></br><a href="/documentation">Doumentation</a>'
|
||||||
|
|
||||||
@app.route("/list")
|
@app.route("/list")
|
||||||
def list():
|
def list():
|
||||||
|
@ -107,13 +107,16 @@ def confirm_remove_user():
|
||||||
def remove_user():
|
def remove_user():
|
||||||
user_id = request.args.get("id")
|
user_id = request.args.get("id")
|
||||||
c.execute(f"SELECT * FROM users WHERE id={user_id}")
|
c.execute(f"SELECT * FROM users WHERE id={user_id}")
|
||||||
user_name = c.fetchall()[0][1]
|
users = c.fetchall()
|
||||||
|
if users != []:
|
||||||
|
user_name = users[0][1]
|
||||||
c.execute(f"DELETE FROM tags WHERE userid={user_id}")
|
c.execute(f"DELETE FROM tags WHERE userid={user_id}")
|
||||||
c.execute(f"DELETE FROM users WHERE id={user_id}")
|
c.execute(f"DELETE FROM users WHERE id={user_id}")
|
||||||
conn.commit()
|
conn.commit()
|
||||||
socketio.emit("update", "update")
|
socketio.emit("update", "update")
|
||||||
return f'<p>Deleted user {user_name}</p><a href="/list">return to the tags and user list</a>'
|
return f'<p>Deleted user {user_name}</p><a href="/list">return to the tags and user list</a>'
|
||||||
|
else:
|
||||||
|
return "Error: 043"
|
||||||
@app.route("/adduser/user", methods=['GET'])
|
@app.route("/adduser/user", methods=['GET'])
|
||||||
def adduser():
|
def adduser():
|
||||||
user = request.args.get("username")
|
user = request.args.get("username")
|
||||||
|
|
Loading…
Reference in a new issue