GitHub/app
1
0
Fork 0
mirror of https://github.com/simple-login/app.git synced 2026-04-07 19:27:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add csrf checks to support page

Browse Source
This commit is contained in:
Adrià Casajús
2024-05-16 10:47:14 +02:00
parent 07fa66cd51
commit 57bc3834d8
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/dashboard/views/support.py
+11 -1
View File
@@ -11,6 +11,7 @@ from app.config import ZENDESK_HOST, ZENDESK_API_TOKEN
from app.dashboard.base import dashboard_bp
from app.extensions import limiter
from app.log import LOG
from app.utils import CSRFValidationForm
VALID_MIME_TYPES = ["text/plain", "message/rfc822"]
@@ -90,7 +91,12 @@ def support_route():
flash("Support isn't enabled", "error")
return redirect(url_for("dashboard.index"))
csrf_form = CSRFValidationForm()
if request.method == "POST":
if not csrf_form.validate():
flash("Invalid request", "warning")
return redirect(url_for("dashboard.setting"))
content = request.form.get("ticket_content")
email = request.form.get("ticket_email")
@@ -121,4 +127,8 @@ def support_route():
)
return redirect(url_for("dashboard.index"))
return render_template("dashboard/support.html", ticket_email=current_user.email)
return render_template(
"dashboard/support.html",
ticket_email=current_user.email,
csrf_form=csrf_form,
)