rDrama
/
rDrama
9
10
Fork 7
Code Issues Pull Requests Packages Releases Wiki Activity

fds

remotes/1693045480750635534/spooky-22
Aevann1 2022-04-16 17:04:34 +02:00
parent c6230e5f50
commit e547ad90cc
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
files/helpers/wrappers.py
View File

@ -18,17 +18,18 @@ def get_logged_in_user():
else:
lo_user = session.get("lo_user")
if lo_user:
nonce = session.get("login_nonce", 0)
id = int(lo_user)
v = g.db.query(User).filter_by(id=id).one_or_none()
if v and nonce >= v.login_nonce:
if v.id != id: abort(400)
v.client = None
if v:
nonce = session.get("login_nonce", 0)
if nonce < v.login_nonce or v.id != id: abort(401)
if request.method != "GET":
submitted_key = request.values.get("formkey")
if not submitted_key: abort(401)
elif not v.validate_formkey(submitted_key): abort(401)
if not v.validate_formkey(submitted_key): abort(401)
v.client = None
if request.method.lower() != "get" and app.config['SETTINGS']['Read-only mode'] and not (v and v.admin_level):