Add security vulnerabilities

Items/item_of_web_app_testing.txt

@@ -0,0 +1,7 @@
+Item of Web App Testing
+-----------------------
+
+Rarity: Common
+Aura: Minor HTML
+
+This item is a string that can be used to test your flask app that manages D&D items. That's it.

app/routes.py

@@ -24,6 +24,23 @@ def index():
 
     return render_template('index.html',featureType=featureType,featureText=item)
 
+@app.route('/add')
+def addPage():
+    return render_template('add.html')
+
+@app.route('/addContent', methods=['POST'])
+def addContent():
+    bucket = request.form['bucket']
+    text = request.form['entry']
+    title = text.split('\n')[0].lower().replace(".","").replace("/","").replace(" ","_").strip()
+    if bucket in ["Items","Places","Characters","Spells"]:
+        f = open("../" + bucket + "/" + title + ".txt",'x')
+        f.write(text)
+        f.close()
+        return render_template('add.html')
+    else:
+        return "<h1>bruh</h1>"
+
 @app.route('/search', methods=['POST'])
 def search():
     typ = request.form['type']

app/templates/add.html

@@ -0,0 +1,20 @@
+<html>
+    <head>
+        <meta charset='utf-8'>
+        <link rel="stylesheet" type="text/css" href="style.css">
+        <link href="https://fonts.googleapis.com/css?family=IBM+Plex+Mono|IBM+Plex+Sans|IBM+Plex+Sans+Condensed" rel="stylesheet">
+        <title>COSI D&D Archive : Add</title>
+    </head>
+    <form action="/addContent" id="addForm" method="post">
+        Entry Type:
+        <select name="bucket">
+            <option value="Items">Item</option>
+            <option value="Places">Place</option>
+            <option value="Characters">Character</option>
+            <option value="Spells">Spell</option>
+        </select>
+        <textarea name="entry" form="addForm" rows="18" cols="50">
+        </textarea>
+        <input type="submit" value="Add">
+    </form>
+</html>