Now the click counter is not incremented when the referer header is

an injection

Now the click counter is not incremented when the referer header is
an injection
d2ab8626 · Jacotsu · JackV · a3b187bd · d2ab8626 · d2ab8626
Commit d2ab8626 authored Feb 15, 2019 by Jacotsu Committed by JackV Feb 25, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 3 deletions

uus/__init__.py uus/__init__.py +2 -1

uus_mng uus_mng +2 -2

No files found.
--- a/uus/__init__.py
+++ b/uus/__init__.py
@@ -34,7 +34,6 @@ def handle_redirect(path):
    if pure_string.match(path):
        final_url = redis_store.get('url.' + path)
        if final_url:
-            redis_store.incr('count.' + path)
            referrer = flask.request.headers.get('referer')
            if referrer:
                safe_referrer = flask.escape(referrer)
@@ -52,6 +51,8 @@ def handle_redirect(path):
                redis_store.incr(redis_key_for_referrer_count(path,
                                                              safe_referrer))
                app.logger.debug('Increased counter for {}'.format(safe_referrer))
+
+            redis_store.incr('count.' + path)
            return flask.redirect(final_url)
        else:
            return flask.abort(404)

--- a/uus_mng
+++ b/uus_mng
@@ -21,7 +21,7 @@ def cli(redisurl):
 def adduser(username, passwd):
    """Add UUS admin user"""
    cryptpwd = crypt.crypt(passwd)
-    redis_store.set('user.' + username, cryptpwd)
+    redis_store.set('usr.' + username, cryptpwd)


 @cli.command()
@@ -36,7 +36,7 @@ def passwd(username, passwd):
 @click.argument("username")
 def deluser(username):
    """Delete UUS admin user"""
-    redis_store.delete('user.' + username)
+    redis_store.delete('usr.' + username)


 if __name__ == '__main__':