yannic/stacosys
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

anti-spam

Browse source
This commit is contained in:
Yax 2019-09-01 15:50:05 +02:00
parent c2f2e9ab89
commit 5fab9cae2f
1 changed files with 18 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
app/interface/form.py
View file

@ -17,15 +17,13 @@ def new_form_comment():
try: try:
data = request.form data = request.form
logger.info("form data " + str(data))
# add client IP if provided by HTTP proxy # add client IP if provided by HTTP proxy
ip = "" ip = ""
if "X-Forwarded-For" in request.headers: if "X-Forwarded-For" in request.headers:
ip = request.headers["X-Forwarded-For"] ip = request.headers["X-Forwarded-For"]
# log
logger.info("form data " + str(data))
# validate token: retrieve site entity # validate token: retrieve site entity
token = data.get("token", "") token = data.get("token", "")
site = Site.select().where(Site.token == token).get() site = Site.select().where(Site.token == token).get()
@ -47,9 +45,14 @@ def new_form_comment():
author_site = "http://" + author_site author_site = "http://" + author_site
message = data.get("message", "") message = data.get("message", "")
created = datetime.now().strftime("%Y-%m-%d %H:%M:%S") # anti-spam again
if not url or not author_name or not message:
logger.warn("empty field: data %s" % data)
abort(400)
check_form_data(data)
# add a row to Comment table # add a row to Comment table
created = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
comment = Comment( comment = Comment(
site=site, site=site,
url=url, url=url,
@ -69,3 +72,13 @@ def new_form_comment():
abort(400) abort(400)
return redirect("/redirect/", code=302) return redirect("/redirect/", code=302)
def check_form_data(data):
fields = ['url', 'message', 'site', 'remarque', 'author', 'token', 'email']
d = data.to_dict()
for field in fields:
if field in d:
del d[field]
if d:
logger.warn("additional field: data %s" % data)
abort(400)