mirror of
https://github.com/Adam-Ant/QuotesDB
synced 2024-12-20 11:34:35 +00:00
Add session checking on POST, prevents replay attacks and some other session weirdness
This commit is contained in:
parent
75f96f74a7
commit
517e8a5cfa
5
main.py
5
main.py
@ -81,6 +81,11 @@ def login():
|
|||||||
@app.route("/addquote", methods=['GET','POST'])
|
@app.route("/addquote", methods=['GET','POST'])
|
||||||
def addquote():
|
def addquote():
|
||||||
if request.method == "POST":
|
if request.method == "POST":
|
||||||
|
try:
|
||||||
|
session['username']
|
||||||
|
except KeyError:
|
||||||
|
flash("INFO: Please login first.","info")
|
||||||
|
return redirect(url_for("login"))
|
||||||
|
|
||||||
quotein = pymysql.escape_string(request.form['quote'])
|
quotein = pymysql.escape_string(request.form['quote'])
|
||||||
contextin = pymysql.escape_string(request.form['context'])
|
contextin = pymysql.escape_string(request.form['context'])
|
||||||
|
Loading…
Reference in New Issue
Block a user