1
0
mirror of https://github.com/Adam-Ant/QuotesDB synced 2024-12-20 11:34:35 +00:00

Add session checking on POST, prevents replay attacks and some other session weirdness

This commit is contained in:
Adam Dodman 2017-10-05 00:36:01 +01:00
parent 75f96f74a7
commit 517e8a5cfa

View File

@ -81,6 +81,11 @@ def login():
@app.route("/addquote", methods=['GET','POST'])
def addquote():
if request.method == "POST":
try:
session['username']
except KeyError:
flash("INFO: Please login first.","info")
return redirect(url_for("login"))
quotein = pymysql.escape_string(request.form['quote'])
contextin = pymysql.escape_string(request.form['context'])