add user input sanitation
This commit is contained in:
parent
ed38156e77
commit
e615f774ad
@ -4,8 +4,7 @@ from taskmanager.functions import *
|
||||
from taskmanager.models import *
|
||||
import configparser
|
||||
|
||||
#CONFIG_PATH = "/var/taskmanager/taskmanager/config.ini"
|
||||
CONFIG_PATH = "/home/anon/src/taskmanager/taskmanager/config.ini"
|
||||
CONFIG_PATH = "/var/taskmanager/taskmanager/config.ini"
|
||||
|
||||
config = configparser.ConfigParser()
|
||||
config.read(CONFIG_PATH)
|
||||
@ -25,6 +24,17 @@ def addtask():
|
||||
taskname = request.form['taskname']
|
||||
taskdesc = request.form['taskdesc']
|
||||
username = request.form['username']
|
||||
# Input sanitation
|
||||
if not taskname.isalnum():
|
||||
return "Task name has to be made only of letters or numbers."
|
||||
if not username.isalnum():
|
||||
return "Username has to be made only of letters or numbers."
|
||||
if not taskdesc.isprintable():
|
||||
return "Task description has to be made of printable characters."
|
||||
if len(taskname) < 1 or len(taskname) > 40:
|
||||
return "Task name lenght invalid, only smaller then 40 charachters allowed"
|
||||
if len(taskdesc) > 2000:
|
||||
return "Task description lenght invalid, only smaller then 2000 charachters allowed"
|
||||
if username == "":
|
||||
creatorid = None
|
||||
else:
|
||||
@ -50,6 +60,18 @@ def register():
|
||||
username = request.form['username']
|
||||
contact = request.form['contact']
|
||||
password = request.form['password']
|
||||
if not username.isalnum():
|
||||
return "Username has to be made only of letters or numbers."
|
||||
if not contact.isprintable():
|
||||
return "Contact information has to be made of printable characters."
|
||||
if not password.isprintable():
|
||||
return "Password has to be made of printable characters."
|
||||
if len(username) < 1 or len(username) > 40:
|
||||
return "Username lenght invalid, only smaller then 40 charachters allowed"
|
||||
if len(contact) > 100:
|
||||
return "Contact lenght invalid, only smaller then 100 charachters allowed"
|
||||
if len(password) > 500:
|
||||
return "Password lenght invalid, only smaller then 500 charachters allowed"
|
||||
sqladduser = User(username = username, contact = contact, password = password)
|
||||
try:
|
||||
db.session.add(sqladduser)
|
||||
@ -75,6 +97,8 @@ def project(task_id:int):
|
||||
return render_template("project.html", task = task, users = users)
|
||||
elif request.method == 'POST':
|
||||
username = request.form['username']
|
||||
if len(username) < 1 or len(username) > 40:
|
||||
return "Username lenght invalid, only smaller then 40 charachters allowed"
|
||||
if username in users:
|
||||
return 'User already added to task'
|
||||
try:
|
||||
@ -112,6 +136,8 @@ def deltask(task_id:int):
|
||||
return render_template('deltask.html', task = task)
|
||||
if request.method == 'POST':
|
||||
password = request.form['password']
|
||||
if len(password) < 1 or len(password) > 500:
|
||||
return "Password lenght invalid, only smaller then 500 charachters allowed"
|
||||
# Check password
|
||||
if password != ADMINPASS and password != User.query.get(creatorid).password:
|
||||
return 'Wrong password'
|
||||
|
Loading…
Reference in New Issue
Block a user