From ebb0e041ca771fac2dc46ac93bafa77faa120a36 Mon Sep 17 00:00:00 2001 From: nathansmith117 Date: Mon, 20 May 2024 22:58:14 -0600 Subject: Added easter egg for hackers --- cgi-bin/blahaj_list.cgi | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) (limited to 'cgi-bin') diff --git a/cgi-bin/blahaj_list.cgi b/cgi-bin/blahaj_list.cgi index e28b626..d585034 100755 --- a/cgi-bin/blahaj_list.cgi +++ b/cgi-bin/blahaj_list.cgi @@ -3,11 +3,27 @@ import cgi import json +from bs4 import BeautifulSoup + # Worse code here. Prepare your eyes for this monster. # Its almost as bad as programming anything in php or even worse javascript. print('Content-Type: text/html') +# Mode for letting peope inject stuff. +form = cgi.FieldStorage() +unsafe_mode = form.getvalue("unsafe_mode") == "on" + +# Hehehe +def check_for_injection(value): + if bool(BeautifulSoup(value, "html.parser").find()) and not unsafe_mode: + return """ + This silly silly tried to hack this website lmao. + Click to see the website with the hack + """ + + return value + def create_blahaj_tables(): try: tables_html = """ @@ -45,9 +61,9 @@ def create_blahaj_tables(): """ - current_table = current_table.replace("put_name_here", blahaj["name"]) - current_table = current_table.replace("put_info_here", blahaj["info"]) - current_table = current_table.replace("put_date_here", blahaj["date"]) + current_table = current_table.replace("put_name_here", check_for_injection(blahaj["name"])) + current_table = current_table.replace("put_info_here", check_for_injection(blahaj["info"])) + current_table = current_table.replace("put_date_here", check_for_injection(blahaj["date"])) tables_html += current_table -- cgit v1.2.3