fd

drama/classes/user.py

@@ -388,8 +388,7 @@ class User(Base, Stndrd, Age_times):
 	@property
 	def formkey(self):
 
-		if "session_id" not in session:
+		if "session_id" not in session: session["session_id"] = token_hex(16)
-			session["session_id"] = token_hex(16)
 
 		msg = f"{session['session_id']}+{self.id}+{self.login_nonce}"
 

drama/helpers/wrappers.py

@@ -375,14 +375,11 @@ def validate_formkey(f):
 
 		if not request.path.startswith("/api/v1"):
 
-			submitted_key = request.values.get("formkey", "none")
+			submitted_key = request.values.get("formkey", None)
 
-			if not submitted_key:
+			if not submitted_key: abort(401)
 
-				abort(401)
+			elif not v.validate_formkey(submitted_key): abort(401)
-
-			elif not v.validate_formkey(submitted_key):
-				abort(401)
 
 		return f(*args, v=v, **kwargs)
 

drama/routes/admin.py

@@ -275,28 +275,24 @@ def admin_vote_info_get(v):
 		ups = g.db.query(Vote
 						 ).options(joinedload(Vote.user)
 								   ).filter_by(submission_id=thing.id, vote_type=1
-											   ).order_by(Vote.creation_ip.asc()
+											   ).all()
-														  ).all()
 
 		downs = g.db.query(Vote
 						   ).options(joinedload(Vote.user)
 									 ).filter_by(submission_id=thing.id, vote_type=-1
-												 ).order_by(Vote.creation_ip.asc()
+												 ).all()
-															).all()
 
 	elif isinstance(thing, Comment):
 
 		ups = g.db.query(CommentVote
 						 ).options(joinedload(CommentVote.user)
 								   ).filter_by(comment_id=thing.id, vote_type=1
-											   ).order_by(CommentVote.creation_ip.asc()
+											   ).all()
-														  ).all()
 
 		downs = g.db.query(CommentVote
 						   ).options(joinedload(CommentVote.user)
 									 ).filter_by(comment_id=thing.id, vote_type=-1
-												 ).order_by(CommentVote.creation_ip.asc()
+												 ).all()
-															).all()
 
 	else:
 		abort(400)