From 517e8a5cfadd5c0889ba02c922950b9dae1ba305 Mon Sep 17 00:00:00 2001
From: Adam Dodman <adam.dodman@gmx.com>
Date: Thu, 5 Oct 2017 00:36:01 +0100
Subject: [PATCH] Add session checking on POST, prevents replay attacks and
 some other session weirdness

---
 main.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/main.py b/main.py
index 6b22f0f..e619528 100644
--- a/main.py
+++ b/main.py
@@ -81,6 +81,11 @@ def login():
 @app.route("/addquote", methods=['GET','POST'])
 def addquote():
     if request.method == "POST":
+        try:
+            session['username']
+        except KeyError:
+            flash("INFO: Please login first.","info")
+            return redirect(url_for("login"))
 
         quotein = pymysql.escape_string(request.form['quote'])
         contextin = pymysql.escape_string(request.form['context'])