def board_list(board, page):
if (board not in boards or security.check_hack(board)
or not security.is_valid(r'[a-zA-Z0-9_-]+', board)
or page > maxint):
return abort(400, '')
return render_template(board + '.html', board=board, page=page)
def board_read(board, no):
if (board not in boards or security.check_hack(board)
or not security.is_valid(r'[a-zA-Z0-9_-]+', board) or no > maxint):
return abort(400, '')
article = get_article(board, no)
if not article:
return abort(404)
# Check permission on qna board
if board == 'qna':
if not article.get('pinned'):
user_id = get_user_info(['id'], {
'uid': article.get('uid')
}).get('id')
is_writer = (session.get('user_id') == user_id)
if not session.get('is_logged'):
return abort(403, 'You are not logged in!')
if (not session.get('is_admin')
and request.remote_addr != '127.0.0.1' and not is_writer):
return abort(403, 'You are not admin!')
# Admin cannot see forum board articles
if board == 'forum' and session.get('is_admin'):
article['content'] = 'CANNOT LOAD CONTENT BY SECURITY ISSUE'
return render_template('board_read.html', article=article, board=board)
def send():
if not session.get('is_logged'):
return abort(403, 'Login please')
to = request.args.get('to')
if not to:
to = ''
elif (len(to) > 128 or not security.is_valid(r'^@?[a-zA-Z0-9_-]+$', to)):
return abort(400, '')
return render_template('message_send.html', to=to)
def join_check():
user_id = request.form['user_id'].strip()[:0x80]
user_name = request.form['user_name'].strip()[:0x20]
user_pw = request.form['user_pw'].strip()[:0x80]
if security.check_hack(user_id, user_name, user_pw):
return abort(400, '')
ref = request.referrer if request.referrer else '/'
if not all(
security.is_valid(r'^[a-zA-Z0-9_-]+$', item)
for item in [user_id, user_name, user_pw]):
return render_template('redirect.html',
script="""
<script>
alert('ID, NAME, PW should be alpha-numeric: [a-zA-Z0-9_-]');
location.href = '%s';
</script>
""" % (escape(ref))), 400
user_pw = security.crypt(user_pw)
ip = request.remote_addr
try:
insert_user(user_id, user_name, user_pw, ip)
except:
return render_template('redirect.html',
script="""
<script>
alert('ID Already exists!');
location.href = '%s';
</script>
""" % (escape(ref))), 403
return render_template('redirect.html',
script="""
<script>alert('Welcome %s!');location.href='/login';</script>
""" % (escape(user_name)))
def send_check():
if not session.get('is_logged'):
return abort(403, 'Login please')
title = request.form['title'] if request.form.get('title') else 'Untitled'
content = request.form['content']
if session.get('user_id') != 'admin':
content = content.replace('<', '<').replace('>', '>')
if security.check_hack(title, content):
return abort(400, '')
target = request.form['to']
target_type = ''
if target[:1] == '@': # If target identifier is name
target = target[1:]
target_type = 'name'
else:
target_type = 'id'
cond = {target_type: target}
target_info = get_user_info(['uid', 'id', 'name'], cond)
target_uid = target_info.get('uid')
if not target_uid:
return abort(403, 'User not found!')
sender_result = get_user_info(['uid'], {'id': session.get('user_id')})
sender_uid = sender_result.get('uid')
ip = request.remote_addr
if sender_uid == target_uid:
return abort(400, 'You cannot send a message to yourself!')
send_message(sender_uid, target_uid, title, content, ip)
return render_template('redirect.html',
script="""
<script>
alert('Send success!');
location.href = '/message';
</script>
""")
def login_check():
user_id = request.form['user_id'].strip()
user_pw = request.form['user_pw'].strip()
if security.check_hack(user_id, user_pw):
return abort(400, '')
if validate_login(user_id, user_pw):
session['is_logged'] = True
session['user_id'] = user_id
name = get_user_info(['name'], {'id': user_id}).get('name')
session['user_name'] = name
if user_id == 'admin' and request.remote_addr == '127.0.0.1':
session['is_admin'] = True
return redirect('/', code=302)
else:
return render_template('redirect.html',
script="""
<script>alert('ID, PW not match!');history.back();</script>
"""), 403
def message():
if not session.get('is_logged'):
return abort(403, 'Login please')
return render_template('message.html')
def about():
return render_template('about.html')
def service_unavailable(error):
return render_template('503.html', error=error), 503
def not_found(error):
return render_template('404.html', error=error), 404
def not_allowed(error):
return render_template('403.html', error=error), 403
def bad_request(error):
return render_template('400.html', error=error), 400
def main():
return render_template('home.html', chrome_version=get_chrome_version())
def pricing():
return render_template('pricing.html')
def join():
return render_template('join.html')
def login():
return render_template('login.html')
def board_write_check(board):
if board not in boards:
return abort(400, '')
if not session.get('is_logged'):
return render_template('redirect.html',
script="""
<script>
alert('You are not logged in!');
location = '/login';
</script>
"""), 403
# Notice board admin only
if (board == 'notice' and
(session.get('user_id') != 'admin' or not session.get('is_admin')
or request.remote_addr != '127.0.0.1')):
return abort(403, 'Not that easy LOL')
title = request.form['title'].replace('<', '').replace('>', '')
content = request.form['content']
uid = get_user_info(['uid'], {'id': session.get('user_id')}).get('uid')
# Limit qna board content length
if board == 'qna' and len(content) > 180:
return abort(400, 'Contents length limited to 180 characters!')
# Abort if input contains malicious payloads
if security.check_hack(title, content):
return abort(400, '')
content = security.purify(content)
if not uid:
return abort(400, 'What the hell??')
ip = request.remote_addr
write_article(board, title, content, uid, ip)
# Make bot check article
if board == 'qna':
from app import run_bot
result = run_bot.delay()
#result.wait()
# Send flag if hacked
if (board == 'notice' and title[:10].lower() == 'hacked by '):
sender_uid = get_user_info(['uid'], {'id': 'admin'}).get('uid')
target_id = title.lower().split()[-1]
target_uid = get_user_info(['uid'], {'id': target_id}).get('uid')
if sender_uid and target_uid:
flag = giveme_flag()
html = '''
<img src="https://i.imgur.com/GYso5uF.jpg" class="img-fluid">
<br>
<p>%s</p>
''' % (flag)
send_message(sender_uid, target_uid, 'HERE IS YOUR FLAG!', html,
ip)
return redirect('/' + board, code=302)
def board_write(board):
if board not in boards:
return abort(400, '')
return render_template('board_write.html', board=board)