SMTL

Die Stadtmeistersteilerliste und das Anmeldeformular - SK Langen e.V.
git clone git://git.oshgnacknak.de/SMTL.git
Log | Files | Refs | README

commit a238c98f678223b34a78fbe242b62e784176709d
parent 7585954706dc653488c15192fc015ed91207025e
Author: Oshgnacknak <osh@oshgnacknak.de>
Date:   Wed, 26 Jun 2019 12:41:22 +0100

Using CSRF token

Diffstat:
MREADME.md | 1-
Mrequirements.txt | 4++--
Msmtl/app.py | 3+++
Msmtl/templates/home.html | 31++++++++++++++++++-------------
4 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md @@ -27,4 +27,3 @@ pyhton run.py ## TODO - Create any form of database for the players. -- Use a CSRF token. diff --git a/requirements.txt b/requirements.txt @@ -1,2 +1,3 @@ flask -wtforms- \ No newline at end of file +wtforms +flask_wtf diff --git a/smtl/app.py b/smtl/app.py @@ -1,4 +1,5 @@ from flask import Flask, request, render_template, flash, redirect +from flask_wtf.csrf import CSRFProtect from smtl.signup_form import SignupForm from smtl.meta import meta from config import config @@ -10,7 +11,9 @@ def add_to_db(data): # App config. +csrf = CSRFProtect() app = Flask(__name__) +csrf.init_app(app) app.config.from_object(__name__) app.config['SECRET_KEY'] = config['SECRET_KEY'] diff --git a/smtl/templates/home.html b/smtl/templates/home.html @@ -1,13 +1,14 @@ <!doctype html> <html lang="en"> + <head> <meta charset="utf-8"> <title>{{ title }}</title> {% for name, content in meta.items() %} - <meta name="{{ name }}" content="{{ content }}"> + <meta name="{{ name }}" content="{{ content }}"> {% endfor %} <link rel="stylesheet" href="{{ url_for('static', filename='css/style.css') }}"> @@ -17,25 +18,28 @@ <h2 id="title">{{ title }}</h2> {% with messages = get_flashed_messages(with_categories=true) %} - {% if messages %} - <ul id="flashes"> - {% for category, message in messages %} - <li class="{{ category }}">{{ message }}</li> - {% endfor %} - </ul> - {% endif %} + {% if messages %} + <ul id="flashes"> + {% for category, message in messages %} + <li class="{{ category }}">{{ message }}</li> + {% endfor %} + </ul> + {% endif %} {% endwith %} <form action="/signup" id="signup_form" method="POST"> <table> {% for field in [form.firstname, form.lastname, form.club, form.dwz, form.email] %} - <tr> - <td>{{ field.label }}</td> - <td>{{ field }}</td> - </tr> + <tr> + <td>{{ field.label }}</td> + <td>{{ field }}</td> + </tr> {% endfor %} <tr> - <td><input type="submit" value="Teilnehmen"></td> + <td> + <input type="submit" value="Teilnehmen"> + <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" /> + </td> <td><input type="reset" value="Löschen"></td> </tr> </table> @@ -43,4 +47,5 @@ <script type="module" src="{{ url_for('static', filename='js/main.js') }}"></script> </body> + </html>