nmeum/matekasse
1
0
Fork 0
forked from anton/matekasse
Code Pull requests Activity

fixed sql injektion

Browse source
This commit is contained in:
2000-Trek 2023-07-05 22:04:12 +02:00
parent ebb942a9a2
commit d015a68c8c
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
main.py
View file

@ -84,7 +84,7 @@ def list():
@app.route("/list/user", methods=['GET']) @app.route("/list/user", methods=['GET'])
def user_info(): def user_info():
id = request.args.get("id") id = request.args.get("id")
c.execute(f"SELECT * FROM users WHERE (id) VALUES (?)", [id]) c.execute(f"SELECT * FROM users WHERE id=?", [id])
user_list = c.fetchall() user_list = c.fetchall()
if user_list != []: if user_list != []:
user = user_list[0] user = user_list[0]
@ -296,7 +296,7 @@ def get_id():
db_log.info(message) db_log.info(message)
finished = queue_item finished = queue_item
conn.commit() conn.commit()
return make_response(json.dumps({"mode":"2","username":username,"message":"1"})) return make_response(json.dumps({"mode":"message","username":username,"message":"A tag was added"}))
elif state == "remove": elif state == "remove":
c.execute(f"SELECT * FROM tags WHERE (tagid = {tag_id} AND userid = {user})") c.execute(f"SELECT * FROM tags WHERE (tagid = {tag_id} AND userid = {user})")
tags = c.fetchall() tags = c.fetchall()
@ -306,7 +306,7 @@ def get_id():
db_log.info(message) db_log.info(message)
finished = queue_item finished = queue_item
conn.commit() conn.commit()
return make_response(json.dumps({"mode":"2","username":username,"message":"2"})) return make_response(json.dumps({"mode":"message","username":username,"message":"A tag was removed"}))
else: else:
message = "054" message = "054"
finished = queue_item finished = queue_item