s464900/gonito
1
0
Fork 0
forked from filipg/gonito
Code Issues Pull Requests Projects Releases Wiki Activity

Submitting a solution does not require CSRF token

Browse Source 
(For an end-point)
This commit is contained in:
Filip Gralinski 2021-02-24 07:03:36 +01:00
parent c115e31f34
commit 680e4a42c9
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Handler/ShowChallenge.hs
View File

@ -6,8 +6,6 @@ module Handler.ShowChallenge where
import Import hiding (Proxy, fromList) import Import hiding (Proxy, fromList)
import Yesod.Form.Bootstrap3 (BootstrapFormLayout (..), renderBootstrap3, bfs) import Yesod.Form.Bootstrap3 (BootstrapFormLayout (..), renderBootstrap3, bfs)
import GHC.Generics
import qualified Data.Text.Lazy as TL import qualified Data.Text.Lazy as TL
import Text.Markdown import Text.Markdown
@ -398,10 +396,11 @@ challengeHowTo challenge settings repo shownId isIDSet isSSHUploaded mAltRepoSch
postHealR :: ChallengeId -> Handler TypedContent postHealR :: ChallengeId -> Handler TypedContent
postHealR challengeId = runViewProgress $ doHeal challengeId postHealR challengeId = runViewProgress $ doHeal challengeId
doHeal :: Key Challenge -> Channel -> HandlerFor App ()
doHeal challengeId chan = do doHeal challengeId chan = do
challenge <- runDB $ get404 challengeId challenge <- runDB $ get404 challengeId
getRepoDirOrClone (challengePrivateRepo challenge) chan _ <- getRepoDirOrClone (challengePrivateRepo challenge) chan
getRepoDirOrClone (challengePublicRepo challenge) chan _ <- getRepoDirOrClone (challengePublicRepo challenge) chan
return () return ()
postArchiveR :: ChallengeId -> Handler Html postArchiveR :: ChallengeId -> Handler Html
@ -519,7 +518,7 @@ postChallengeSubmissionJsonR challengeName = do
Entity userId _ <- requireAuthPossiblyByToken Entity userId _ <- requireAuthPossiblyByToken
challengeEnt@(Entity challengeId _) <- runDB $ getBy404 $ UniqueName challengeName challengeEnt@(Entity challengeId _) <- runDB $ getBy404 $ UniqueName challengeName
((result, _), _) <- runFormPost $ submissionForm Nothing Nothing Nothing ((result, _), _) <- runFormPostNoToken $ submissionForm Nothing Nothing Nothing
let submissionData' = case result of let submissionData' = case result of
FormSuccess res -> Just res FormSuccess res -> Just res
_ -> Nothing _ -> Nothing