s464900/gonito
1
0
Fork 0
forked from filipg/gonito
Code Issues Pull Requests Projects Releases Wiki Activity

Submitting a solution does not require CSRF token

Browse Source 
(For an end-point)
This commit is contained in:
Filip Gralinski 2021-02-24 07:03:36 +01:00
parent c115e31f34
commit 680e4a42c9
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Handler/ShowChallenge.hs
View File

@ -6,8 +6,6 @@ module Handler.ShowChallenge where
import Import hiding (Proxy, fromList)
import Yesod.Form.Bootstrap3 (BootstrapFormLayout (..), renderBootstrap3, bfs)
import GHC.Generics
import qualified Data.Text.Lazy as TL
import Text.Markdown
@ -398,10 +396,11 @@ challengeHowTo challenge settings repo shownId isIDSet isSSHUploaded mAltRepoSch
postHealR :: ChallengeId -> Handler TypedContent
postHealR challengeId = runViewProgress $ doHeal challengeId
doHeal :: Key Challenge -> Channel -> HandlerFor App ()
doHeal challengeId chan = do
challenge <- runDB $ get404 challengeId
getRepoDirOrClone (challengePrivateRepo challenge) chan
getRepoDirOrClone (challengePublicRepo challenge) chan
_ <- getRepoDirOrClone (challengePrivateRepo challenge) chan
_ <- getRepoDirOrClone (challengePublicRepo challenge) chan
return ()
postArchiveR :: ChallengeId -> Handler Html
@ -519,7 +518,7 @@ postChallengeSubmissionJsonR challengeName = do
Entity userId _ <- requireAuthPossiblyByToken
challengeEnt@(Entity challengeId _) <- runDB $ getBy404 $ UniqueName challengeName
((result, _), _) <- runFormPost $ submissionForm Nothing Nothing Nothing
((result, _), _) <- runFormPostNoToken $ submissionForm Nothing Nothing Nothing
let submissionData' = case result of
FormSuccess res -> Just res
_ -> Nothing