diff options
| author | nathansmith117 <nathansmith117@sdf.org> | 2024-05-20 22:58:14 -0600 |
|---|---|---|
| committer | nathansmith117 <nathansmith117@sdf.org> | 2024-05-20 22:58:14 -0600 |
| commit | ebb0e041ca771fac2dc46ac93bafa77faa120a36 (patch) | |
| tree | c47bf4bf75efda20a0056b4ef45e401237c09d1c /cgi-bin | |
| parent | 066b933ebb6d9e5c125bf56ac0d887ca1449588b (diff) | |
Added easter egg for hackers
Diffstat (limited to 'cgi-bin')
| -rwxr-xr-x | cgi-bin/blahaj_list.cgi | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/cgi-bin/blahaj_list.cgi b/cgi-bin/blahaj_list.cgi index e28b626..d585034 100755 --- a/cgi-bin/blahaj_list.cgi +++ b/cgi-bin/blahaj_list.cgi @@ -3,11 +3,27 @@ import cgi import json +from bs4 import BeautifulSoup + # Worse code here. Prepare your eyes for this monster. # Its almost as bad as programming anything in php or even worse javascript. print('Content-Type: text/html') +# Mode for letting peope inject stuff. +form = cgi.FieldStorage() +unsafe_mode = form.getvalue("unsafe_mode") == "on" + +# Hehehe +def check_for_injection(value): + if bool(BeautifulSoup(value, "html.parser").find()) and not unsafe_mode: + return """ + This silly silly tried to hack this website lmao. + <a href=\"?unsafe_mode=on\">Click to see the website with the hack</a> + """ + + return value + def create_blahaj_tables(): try: tables_html = """ @@ -45,9 +61,9 @@ def create_blahaj_tables(): </table> """ - current_table = current_table.replace("put_name_here", blahaj["name"]) - current_table = current_table.replace("put_info_here", blahaj["info"]) - current_table = current_table.replace("put_date_here", blahaj["date"]) + current_table = current_table.replace("put_name_here", check_for_injection(blahaj["name"])) + current_table = current_table.replace("put_info_here", check_for_injection(blahaj["info"])) + current_table = current_table.replace("put_date_here", check_for_injection(blahaj["date"])) tables_html += current_table |