EDUCATIC
/
digitaldemocratic
mirror of https://gitlab.com/digitaldemocratic/digitaldemocratic
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(admin): applied sql sanitizer

darta 2022-06-01 22:50:27 +02:00
parent 9fb3c8a079
commit 0019637a65
2 changed files with 42 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
admin/src/admin/lib/nextcloud.py
View File

@ -10,6 +10,7 @@ import traceback
import urllib import urllib
import requests import requests
from psycopg2 import sql
# from ..lib.log import * # from ..lib.log import *
from admin import app from admin import app
@ -520,16 +521,12 @@ class Nextcloud:
# 103 - failed to add the group # 103 - failed to add the group
def set_user_mail(self, data): def set_user_mail(self, data):
if not len( query = """SELECT * FROM "oc_mail_accounts" WHERE "email" = '%s'"""
self.nextcloud_pg.select( sql_query = sql.SQL(query.format(data["email"]))
"""SELECT * FROM "oc_mail_accounts" WHERE "email" = '%s'""" if not len(self.nextcloud_pg.select(sql_query)):
% (data["email"]) query = """INSERT INTO "oc_mail_accounts" ("user_id","name","email","inbound_host","inbound_port","inbound_ssl_mode","inbound_user","inbound_password","outbound_host","outbound_port","outbound_ssl_mode","outbound_user","outbound_password") VALUES
)
):
self.nextcloud_pg.update(
"""INSERT INTO "oc_mail_accounts" ("user_id","name","email","inbound_host","inbound_port","inbound_ssl_mode","inbound_user","inbound_password","outbound_host","outbound_port","outbound_ssl_mode","outbound_user","outbound_password") VALUES
('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s');""" ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s');"""
% ( account = [
data["user_id"], data["user_id"],
data["name"], data["name"],
data["email"], data["email"],
@ -543,13 +540,12 @@ class Nextcloud:
data["outbound_ssl_mode"], data["outbound_ssl_mode"],
data["outbound_user"], data["outbound_user"],
data["outbound_password"], data["outbound_password"],
) ]
)
else: else:
self.nextcloud_pg.update( query = """UPDATE "oc_mail_accounts" SET ("user_id","name","email","inbound_host","inbound_port","inbound_ssl_mode","inbound_user","inbound_password","outbound_host","outbound_port","outbound_ssl_mode","outbound_user","outbound_password") =
"""UPDATE "oc_mail_accounts" SET ("user_id","name","email","inbound_host","inbound_port","inbound_ssl_mode","inbound_user","inbound_password","outbound_host","outbound_port","outbound_ssl_mode","outbound_user","outbound_password") =
('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') WHERE email = '%s';""" ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') WHERE email = '%s';"""
% (
account = [
data["user_id"], data["user_id"],
data["name"], data["name"],
data["email"], data["email"],
@ -564,5 +560,6 @@ class Nextcloud:
data["outbound_user"], data["outbound_user"],
data["outbound_password"], data["outbound_password"],
data["email"], data["email"],
) ]
) sql_query = sql.SQL(query.format(",".join([str(acc) for acc in account])))
self.nextcloud_pg.update(sql_query)

5
admin/src/start.py
View File

@ -6,12 +6,10 @@ monkey_patch()
import json import json
from flask_login import login_required
from admin import app
from admin.auth.tokens import get_token_payload from admin.auth.tokens import get_token_payload
from admin.lib.api_exceptions import Error from admin.lib.api_exceptions import Error
from flask import request from flask import request
from flask_login import current_user from flask_login import current_user, login_required
from flask_socketio import ( from flask_socketio import (
SocketIO, SocketIO,
close_room, close_room,
@ -23,6 +21,7 @@ from flask_socketio import (
send, send,
) )
from admin import app
app.socketio = SocketIO(app) app.socketio = SocketIO(app)