forked from rDrama/rDrama
Sanitize /casino/<game> parameter input.
parent
591fe9721f
commit
247318d67b
|
@ -2,6 +2,7 @@ from sqlalchemy import *
|
||||||
from files.__main__ import Base
|
from files.__main__ import Base
|
||||||
import time
|
import time
|
||||||
|
|
||||||
|
CASINO_GAME_KINDS = ['blackjack', 'slots', 'roulette']
|
||||||
|
|
||||||
class Casino_Game(Base):
|
class Casino_Game(Base):
|
||||||
__tablename__ = "casino_games"
|
__tablename__ = "casino_games"
|
||||||
|
|
|
@ -27,6 +27,8 @@ def casino(v):
|
||||||
def casino_game_page(v, game):
|
def casino_game_page(v, game):
|
||||||
if v.rehab:
|
if v.rehab:
|
||||||
return render_template("casino/rehab.html", v=v)
|
return render_template("casino/rehab.html", v=v)
|
||||||
|
if game not in CASINO_GAME_KINDS:
|
||||||
|
abort(404)
|
||||||
|
|
||||||
feed = json.dumps(get_game_feed(game))
|
feed = json.dumps(get_game_feed(game))
|
||||||
leaderboard = json.dumps(get_game_leaderboard(game))
|
leaderboard = json.dumps(get_game_leaderboard(game))
|
||||||
|
@ -52,6 +54,8 @@ def casino_game_page(v, game):
|
||||||
def casino_game_feed(v, game):
|
def casino_game_feed(v, game):
|
||||||
if v.rehab:
|
if v.rehab:
|
||||||
return {"error": "You are under Rehab award effect!"}, 400
|
return {"error": "You are under Rehab award effect!"}, 400
|
||||||
|
if game not in CASINO_GAME_KINDS:
|
||||||
|
abort(404)
|
||||||
|
|
||||||
feed = get_game_feed(game)
|
feed = get_game_feed(game)
|
||||||
return {"feed": feed}
|
return {"feed": feed}
|
||||||
|
|
Loading…
Reference in New Issue