diff options
Diffstat (limited to 'cgi-bin/blahaj_list.cgi')
| -rwxr-xr-x | cgi-bin/blahaj_list.cgi | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/cgi-bin/blahaj_list.cgi b/cgi-bin/blahaj_list.cgi index e28b626..d585034 100755 --- a/cgi-bin/blahaj_list.cgi +++ b/cgi-bin/blahaj_list.cgi @@ -3,11 +3,27 @@ import cgi import json +from bs4 import BeautifulSoup + # Worse code here. Prepare your eyes for this monster. # Its almost as bad as programming anything in php or even worse javascript. print('Content-Type: text/html') +# Mode for letting peope inject stuff. +form = cgi.FieldStorage() +unsafe_mode = form.getvalue("unsafe_mode") == "on" + +# Hehehe +def check_for_injection(value): + if bool(BeautifulSoup(value, "html.parser").find()) and not unsafe_mode: + return """ + This silly silly tried to hack this website lmao. + <a href=\"?unsafe_mode=on\">Click to see the website with the hack</a> + """ + + return value + def create_blahaj_tables(): try: tables_html = """ @@ -45,9 +61,9 @@ def create_blahaj_tables(): </table> """ - current_table = current_table.replace("put_name_here", blahaj["name"]) - current_table = current_table.replace("put_info_here", blahaj["info"]) - current_table = current_table.replace("put_date_here", blahaj["date"]) + current_table = current_table.replace("put_name_here", check_for_injection(blahaj["name"])) + current_table = current_table.replace("put_info_here", check_for_injection(blahaj["info"])) + current_table = current_table.replace("put_date_here", check_for_injection(blahaj["date"])) tables_html += current_table |