Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
jacotsu
uus
Commits
d2ab8626
Commit
d2ab8626
authored
Feb 15, 2019
by
Jacotsu
Committed by
JackV
Feb 25, 2019
Browse files
Now the click counter is not incremented when the referer header is
an injection
parent
a3b187bd
Changes
2
Hide whitespace changes
Inline
Side-by-side
uus/__init__.py
View file @
d2ab8626
...
...
@@ -34,7 +34,6 @@ def handle_redirect(path):
if
pure_string
.
match
(
path
):
final_url
=
redis_store
.
get
(
'url.'
+
path
)
if
final_url
:
redis_store
.
incr
(
'count.'
+
path
)
referrer
=
flask
.
request
.
headers
.
get
(
'referer'
)
if
referrer
:
safe_referrer
=
flask
.
escape
(
referrer
)
...
...
@@ -52,6 +51,8 @@ def handle_redirect(path):
redis_store
.
incr
(
redis_key_for_referrer_count
(
path
,
safe_referrer
))
app
.
logger
.
debug
(
'Increased counter for {}'
.
format
(
safe_referrer
))
redis_store
.
incr
(
'count.'
+
path
)
return
flask
.
redirect
(
final_url
)
else
:
return
flask
.
abort
(
404
)
...
...
uus_mng
View file @
d2ab8626
...
...
@@ -21,7 +21,7 @@ def cli(redisurl):
def
adduser
(
username
,
passwd
):
"""Add UUS admin user"""
cryptpwd
=
crypt
.
crypt
(
passwd
)
redis_store
.
set
(
'us
e
r.'
+
username
,
cryptpwd
)
redis_store
.
set
(
'usr.'
+
username
,
cryptpwd
)
@
cli
.
command
()
...
...
@@ -36,7 +36,7 @@ def passwd(username, passwd):
@
click
.
argument
(
"username"
)
def
deluser
(
username
):
"""Delete UUS admin user"""
redis_store
.
delete
(
'us
e
r.'
+
username
)
redis_store
.
delete
(
'usr.'
+
username
)
if
__name__
==
'__main__'
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment