Browse Source

Add security vulnerabilities

marches
Josh Gordon 3 years ago
parent
commit
548c41913b
  1. 7
      Items/item_of_web_app_testing.txt
  2. 17
      app/routes.py
  3. 20
      app/templates/add.html

7
Items/item_of_web_app_testing.txt

@ -0,0 +1,7 @@
Item of Web App Testing
-----------------------
Rarity: Common
Aura: Minor HTML
This item is a string that can be used to test your flask app that manages D&D items. That's it.

17
app/routes.py

@ -24,6 +24,23 @@ def index():
return render_template('index.html',featureType=featureType,featureText=item)
@app.route('/add')
def addPage():
return render_template('add.html')
@app.route('/addContent', methods=['POST'])
def addContent():
bucket = request.form['bucket']
text = request.form['entry']
title = text.split('\n')[0].lower().replace(".","").replace("/","").replace(" ","_").strip()
if bucket in ["Items","Places","Characters","Spells"]:
f = open("../" + bucket + "/" + title + ".txt",'x')
f.write(text)
f.close()
return render_template('add.html')
else:
return "<h1>bruh</h1>"
@app.route('/search', methods=['POST'])
def search():
typ = request.form['type']

20
app/templates/add.html

@ -0,0 +1,20 @@
<html>
<head>
<meta charset='utf-8'>
<link rel="stylesheet" type="text/css" href="style.css">
<link href="https://fonts.googleapis.com/css?family=IBM+Plex+Mono|IBM+Plex+Sans|IBM+Plex+Sans+Condensed" rel="stylesheet">
<title>COSI D&D Archive : Add</title>
</head>
<form action="/addContent" id="addForm" method="post">
Entry Type:
<select name="bucket">
<option value="Items">Item</option>
<option value="Places">Place</option>
<option value="Characters">Character</option>
<option value="Spells">Spell</option>
</select>
<textarea name="entry" form="addForm" rows="18" cols="50">
</textarea>
<input type="submit" value="Add">
</form>
</html>
Loading…
Cancel
Save