Add session checking on POST, prevents replay attacks and some other session weirdness

2024-11-05 02:46:22 +00:00 · 2017-10-05 00:36:01 +01:00 · 2017-10-05 00:36:01 +01:00 · 517e8a5cfa
commit 517e8a5cfa
parent 75f96f74a7
1 changed files with 5 additions and 0 deletions
--- a/main.py
+++ b/main.py
@ -81,6 +81,11 @@ def login():
@app.route("/addquote", methods=['GET','POST'])
 def addquote():
    if request.method == "POST":
+        try:
+            session['username']
+        except KeyError:
+            flash("INFO: Please login first.","info")
+            return redirect(url_for("login"))

        quotein = pymysql.escape_string(request.form['quote'])
        contextin = pymysql.escape_string(request.form['context'])