carpathianflorist
/
MarseyWorld
forked from MarseyWorld/MarseyWorld
1
0
Fork 0
Code Pull Requests Activity

sfd

master
Aevann1 2022-03-27 15:41:19 +02:00
parent 989a6c1ac3
commit b1341f9e47
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
files/routes/login.py
View File

@ -85,7 +85,9 @@ def login_post():
template = ''
username = request.values.get("username")
username = username.replace('\\', '').replace('_', '\_').replace('%', '').strip()
if not username: abort(400)
username = username.lstrip('@').replace('\\', '').replace('_', '\_').replace('%', '').strip()
if not username: abort(400)
if username.startswith('@'): username = username[1:]
@ -372,14 +374,16 @@ def get_forgot():
@limiter.limit("1/second;30/minute;200/hour;1000/day")
def post_forgot():
username = request.values.get("username").lstrip('@')
username = request.values.get("username")
if not username: abort(400)
email = request.values.get("email",'').strip().lower()
if not email_regex.fullmatch(email):
return render_template("forgot_password.html", error="Invalid email.")
username = username.replace('\\', '').replace('_', '\_').replace('%', '').strip()
username = username.lstrip('@').replace('\\', '').replace('_', '\_').replace('%', '').strip()
email = email.replace('\\', '').replace('_', '\_').replace('%', '').strip()
user = g.db.query(User).filter(