Merge pull request #729 from k2s/fix-tokens

fix(security): filtered_engines were not correctly evaluating validate_token()
This commit is contained in:
Markus Heiser 2022-01-10 11:51:45 +01:00 committed by GitHub
commit 6420322cd1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -932,7 +932,7 @@ def preferences():
allowed_plugins = request.preferences.plugins.get_enabled() allowed_plugins = request.preferences.plugins.get_enabled()
# stats for preferences page # stats for preferences page
filtered_engines = dict(filter(lambda kv: (kv[0], request.preferences.validate_token(kv[1])), engines.items())) filtered_engines = dict(filter(lambda kv: request.preferences.validate_token(kv[1]), engines.items()))
engines_by_category = {} engines_by_category = {}
@ -1163,7 +1163,7 @@ def stats():
sort_order = request.args.get('sort', default='name', type=str) sort_order = request.args.get('sort', default='name', type=str)
selected_engine_name = request.args.get('engine', default=None, type=str) selected_engine_name = request.args.get('engine', default=None, type=str)
filtered_engines = dict(filter(lambda kv: (kv[0], request.preferences.validate_token(kv[1])), engines.items())) filtered_engines = dict(filter(lambda kv: request.preferences.validate_token(kv[1]), engines.items()))
if selected_engine_name: if selected_engine_name:
if selected_engine_name not in filtered_engines: if selected_engine_name not in filtered_engines:
selected_engine_name = None selected_engine_name = None
@ -1210,7 +1210,7 @@ def stats():
@app.route('/stats/errors', methods=['GET']) @app.route('/stats/errors', methods=['GET'])
def stats_errors(): def stats_errors():
filtered_engines = dict(filter(lambda kv: (kv[0], request.preferences.validate_token(kv[1])), engines.items())) filtered_engines = dict(filter(lambda kv: request.preferences.validate_token(kv[1]), engines.items()))
result = get_engine_errors(filtered_engines) result = get_engine_errors(filtered_engines)
return jsonify(result) return jsonify(result)