Python is_safe_url Beispiele

Beispiel #1

Datei: views.py Projekt: jreiher2003/Wiki

def signup():
    error = None
    form = SignUpForm()
    if form.validate_on_submit():
        user = User(
            name=form.username.data,
            email=form.email.data,
            password=form.password.data,
            ip=get_ip())
        try:
            db.session.add(user)
            db.session.commit()
            login_user(user)
            flash("You just added user <strong>%s</strong>" % user.name, "success")
            next = request.args.get("next")
            if not is_safe_url(next):
                return flask.abort(400)
            return redirect(next or url_for("index"))
        except:
            flash("That username already exists", "danger")
            return redirect(url_for("signup"))
    return render_template(
        "signup.html", 
        error=error, 
        form=form
        )

Beispiel #2

def login():
    if request.method == 'GET':
        return render_template("login.html")
    if request.method == 'POST':
        login_account = request.form.get("login_account")
        login_passwd = request.form.get("login_passwd")

        user = User.query.filter(
            or_(User.user_name == login_account,
                User.mobile == login_account)).first()
        if not user:
            return render_template("login.html", **{"message": "账户不存在"})

        password = user.password
        if hashlib.md5(login_passwd.encode("utf-8")).hexdigest() != password:
            return render_template("login.html", **{"message": "密码错误"})

        login_flag = login_user(user, remember=request.form.get("remembr_me"))
        if login_flag:
            session_user = dict(
                id=user.id,
                user_name=user.user_name,
                nickname=user.nickname,
                mobile=user.mobile,
                email=user.email,
                avatar=user.avatar,
            )
            session[KEY_SESSION_USER] = session_user
            next = flask.request.args.get('next')
            if not is_safe_url(next):
                return flask.abort(400)
            return flask.redirect(next or "/index")
        return render_template("login.html", **{"message": "登陆失败"})

Beispiel #3

def login():
    reason = 'Unknown error.'
    redir = request.args.get('next')

    if redir is None:
        redir = ''
    else:
        redir = '?next={}'.format(redir)

    if not event_start(EVENT_DATA):
        if ENV_DEV:
            pass
        else:
            return redirect('/')

    if request.method == "POST":
        try:
            uname = request.form.get('uname').strip()
            pword = request.form.get('pword').strip()

            if validate_user(get_db().cursor(), uname, pword):
                auth_user = User(uname)
                login_user(auth_user)

                if request.args.get('next') is None:
                    if current_user.is_authenticated:
                        return redirect(
                            routing(
                                EVENT_DATA,
                                get_user_level(get_db().cursor(),
                                               current_user.id), 'path'))

                if is_safe_url(request, request.args.get('next')):
                    return redirect(request.args.get('next'))
                else:
                    abort(400)
            else:
                reason = 'Incorrect username or password.'
                raise GameException
        except GameException:
            return render_template(
                'login.html',
                event="NETWORK TREASURE HUNT",
                social="https://www.instagram.com/acespvg/?hl=en",
                host="ACESPVG",
                error=True,
                reason=reason,
                year=YEAR,
                next=redir)
    else:
        return render_template(
            'login.html',
            event="NETWORK TREASURE HUNT",
            social="https://www.instagram.com/acespvg/?hl=en",
            host="ACESPVG",
            error=False,
            reason='',
            next=redir,
            year=YEAR)

Beispiel #4

def login():
    form = LoginForm()
    if request.method == 'POST':
        if form.validate():
            flask_login.login_user(form.user)
            next = request.args.get('next')
            # is_safe_url should check if the url is safe for redirects.
            # See http://flask.pocoo.org/snippets/62/ for an example.
            if not utils.is_safe_url(next):
                return flask.abort(400)

            return redirect(next or url_for('hello'))

    return render_template('login.html', form=form)

Beispiel #5

async def confirm_18plus(request):
    target = request.query.get('next')
    if target is None:
        return web.HTTPTemporaryRedirect('/')
    if not is_safe_url(request, target):
        return web.HTTPBadRequest()
    if '18+' in request.cookies:
        return web.HTTPTemporaryRedirect(target)
    is_18plus = request.query.get('confirm')
    if is_18plus is None:
        return await render_template('confirm-18+.html', target=target)
    elif is_18plus == 'false':
        response = web.HTTPTemporaryRedirect('/')
        return response
    response = web.HTTPTemporaryRedirect(target)
    response.set_cookie('18+', '', max_age=ONE_YEAR)
    return response

Beispiel #6

def admin_login():
    if request.method == "POST":
        user = User.get(request.form["username"])
        if user is not None:
            pass_hash = hash_pass(request.form["password"])
            if user.password == pass_hash:
                login_user(user)

                flash("Logged in successfully.")
                nexturl = request.args.get("next")
                if not utils.is_safe_url(nexturl):
                    return abort(400)
                return redirect(nexturl or url_for("admin_index"))
        return render_template(
            "admin/login.html",
            message="Error: Incorrect username and/or password.",
            message_style="error")
    return render_template("admin/login.html")

Beispiel #7

Datei: views.py Projekt: jreiher2003/Wiki

def login():
    error = None
    form = LoginForm()
    if form.validate_on_submit():
        user = User.query.filter_by(name=form.username.data).first()
        if user is not None and bcrypt.check_password_hash(
            user.password, form.password.data): 
            login_user(user)
            flash("You have signed in as <strong>%s</strong>!" % user.name, "success")
            next = request.args.get("next")
            if not is_safe_url(next):
                return flask.abort(400)
            return redirect(next or url_for("index"))
        else:
            flash("<strong>Invalid password.</strong> Please try again.", "danger")
            return redirect(url_for("login"))
    return render_template(
        "login.html", 
        form=form, 
        error=error
        )

Beispiel #8

Datei: forms.py Projekt: hoest/flask-diary

 def redirect(self, endpoint="diary_index", **values):
   if is_safe_url(self.next.data):
     return redirect(self.next.data)
   target = get_redirect_target()
   return redirect(target or url_for(endpoint, **values))

Beispiel #9

Datei: game.py Projekt: venkatvghub/riddlr

def login():
    reason = 'Unknown error.'
    redir = request.args.get('next')

    if redir is None:
        redir = ''
    else:
        redir = '?next={}'.format(redir)

    if not event_start(EVENT_DATA):
        if ENV_DEV:
            pass
        else:
            return redirect('/')

    if request.method == "POST":
        try:
            uname = request.form.get('uname').strip()
            pword = request.form.get('pword').strip()

            if validate_user(get_db().cursor(), uname, pword):
                auth_user = User(uname)
                login_user(auth_user)

                if request.args.get('next') is None:
                    if current_user.is_authenticated:
                        return redirect(
                            routing(
                                EVENT_DATA,
                                get_user_level(get_db().cursor(),
                                               current_user.id), 'path'))

                if is_safe_url(request, request.args.get('next')):
                    return redirect(request.args.get('next'))
                else:
                    abort(400)
            else:
                reason = 'Incorrect username or password.'
                raise GameException
        except GameException:
            return render_template('login.html',
                                   event=EVENT_DATA['name'],
                                   host=EVENT_DATA['host'],
                                   faq=EVENT_DATA['faq'],
                                   discuss=EVENT_DATA['discuss'],
                                   social=EVENT_DATA['social'],
                                   error=True,
                                   reason=reason,
                                   year=YEAR,
                                   next=redir)
    else:
        return render_template('login.html',
                               event=EVENT_DATA['name'],
                               host=EVENT_DATA['host'],
                               faq=EVENT_DATA['faq'],
                               social=EVENT_DATA['social'],
                               discuss=EVENT_DATA['discuss'],
                               error=False,
                               reason='',
                               next=redir,
                               year=YEAR)

Beispiel #10

Datei: forms.py Projekt: MahathirAhamed/flask

 def redirect(self, endpoint="diary_index", **values):
   if is_safe_url(self.next.data):
     return redirect(self.next.data)
   target = get_redirect_target()
   return redirect(target or url_for(endpoint, **values))

Beispiel #11

Datei: user.py Projekt: YXMforfun/bbs_and_blog

def safe_redirect_ajax(form, json):
    next = form.get('next', '')
    if is_safe_url(next):
        json['next'] = next
    else:
        json['next'] = url_for('bbs_content.content_show', _external=True)