From bfa4daec181cb377add04b26846cf0e5137aca0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Do=C4=9Fukan=20=C3=9Crker?= Date: Sun, 30 Jul 2023 12:40:09 +0300 Subject: [PATCH] =?UTF-8?q?=E2=9A=A0=EF=B8=8F=20CSRF=20Protection=20added?= =?UTF-8?q?=20to=20whole=20flaskBlog.=20=E2=9A=A0=EF=B8=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app.py | 2 ++ templates/accountSettings.html | 1 + templates/adminPanelComments.html | 1 + templates/adminPanelUsers.html | 1 + templates/changePassword.html | 1 + templates/changeUserName.html | 1 + templates/createPost.html | 2 ++ templates/dashboard.html | 1 + templates/editPost.html | 1 + templates/login.html | 1 + templates/passwordReset.html | 1 + templates/post.html | 3 +++ templates/signup.html | 1 + 13 files changed, 17 insertions(+) diff --git a/app.py b/app.py index 45058bf2..8670cecc 100644 --- a/app.py +++ b/app.py @@ -29,6 +29,7 @@ from routes.accountSettings import accountSettingsBlueprint from routes.adminPanelComments import adminPanelCommentsBlueprint from dbChecker import dbFolder, usersTable, postsTable, commentsTable +from flask_wtf.csrf import CSRFProtect dbFolder() usersTable() @@ -38,6 +39,7 @@ app = Flask(__name__) app.secret_key = secrets.token_urlsafe(32) app.config["SESSION_PERMANENT"] = True +csrf = CSRFProtect(app) @app.context_processor diff --git a/templates/accountSettings.html b/templates/accountSettings.html index e09267d4..19ae6ac8 100644 --- a/templates/accountSettings.html +++ b/templates/accountSettings.html @@ -18,6 +18,7 @@

+ diff --git a/templates/adminPanelComments.html b/templates/adminPanelComments.html index 87244fef..5dfc1ff7 100644 --- a/templates/adminPanelComments.html +++ b/templates/adminPanelComments.html @@ -19,6 +19,7 @@

{{comment[2]}}
+

+ diff --git a/templates/changeUserName.html b/templates/changeUserName.html index 10bd9643..14d19ea6 100644 --- a/templates/changeUserName.html +++ b/templates/changeUserName.html @@ -7,6 +7,7 @@ {% endblock head %} {%block body%}
+ {{form.newUserName(class_="input")}} diff --git a/templates/createPost.html b/templates/createPost.html index 7b908163..027defc9 100644 --- a/templates/createPost.html +++ b/templates/createPost.html @@ -3,6 +3,8 @@ {% endblock head %} {%block body%}
+ + {{form.postTitle(class_="input centeredHorizontally" , autocomplete="off")}} {{form.postTags(class_="input centeredHorizontally" , autocomplete="off")}} (separete with comma) diff --git a/templates/dashboard.html b/templates/dashboard.html index 2d23a649..40af3f9b 100644 --- a/templates/dashboard.html +++ b/templates/dashboard.html @@ -21,6 +21,7 @@

Posts

edit + + {% if mailSent %} {{form.code(autocomplete="off",class_="input")}} {{form.password(autocomplete="off",class_="input")}} {{form.passwordConfirm(autocomplete="off",class_="input")}} diff --git a/templates/post.html b/templates/post.html index d6a987bf..aa60df7a 100644 --- a/templates/post.html +++ b/templates/post.html @@ -31,6 +31,7 @@
{{date}}
{% if author == session["userName"] %}
+

{{comment[2]}}

{% if session["userName"] == comment[3] %} + {% endif %} {% endfor %}
+ {% if session["userName"] %} {{form.comment(class_="comment")}} {% else %} diff --git a/templates/signup.html b/templates/signup.html index e09207ad..e7b26f57 100644 --- a/templates/signup.html +++ b/templates/signup.html @@ -7,6 +7,7 @@ {% endblock head %} {%block body%}
+ {{form.userName(class_="input" , autocomplete="off")}} {{form.email(class_="input",autocomplete="off")}} {{form.password(class_="input")}} {{form.passwordConfirm(class_="input")}}