Sanitize /casino/<game> parameter input.

2022-10-03 16:40:33 -04:00 · 2022-10-03 16:40:33 -04:00 · 247318d67b
parent 591fe9721f
commit 247318d67b
2 changed files with 5 additions and 0 deletions
--- a/files/classes/casino_game.py
+++ b/files/classes/casino_game.py
@ -2,6 +2,7 @@ from sqlalchemy import *
 from files.__main__ import Base
 import time

+CASINO_GAME_KINDS = ['blackjack', 'slots', 'roulette']

 class Casino_Game(Base):
 	__tablename__ = "casino_games"
--- a/files/routes/casino.py
+++ b/files/routes/casino.py
@ -27,6 +27,8 @@ def casino(v):
 def casino_game_page(v, game):
    if v.rehab:
        return render_template("casino/rehab.html", v=v)
+    if game not in CASINO_GAME_KINDS:
+        abort(404)

    feed = json.dumps(get_game_feed(game))
    leaderboard = json.dumps(get_game_leaderboard(game))
@ -52,6 +54,8 @@ def casino_game_page(v, game):
 def casino_game_feed(v, game):
    if v.rehab:
        return {"error": "You are under Rehab award effect!"}, 400
+    if game not in CASINO_GAME_KINDS:
+        abort(404)

    feed = get_game_feed(game)
    return {"feed": feed}