Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
diesys
pomelo
Commits
50786858
Commit
50786858
authored
Jun 07, 2019
by
diesys
🎈
Browse files
everything is safe parsed now and working
parent
af8c46ed
Changes
2
Hide whitespace changes
Inline
Side-by-side
pomelo.py
View file @
50786858
...
...
@@ -434,12 +434,12 @@ if(len(sys.argv) > 1): # getting parameters if exist
for
arg
in
sys
.
argv
[
1
:]:
parsed
=
parse
(
arg
)
# get them string values
if
(
parsed
[
1
]
==
'argument'
):
args
[
'arguments'
].
append
(
parsed
[
0
])
elif
(
parsed
[
1
]
==
'option'
):
args
[
'option'
].
append
(
parsed
[
0
])
## lista dei tornei
if
(
args
[
'option'
]
==
'-l'
or
args
[
'option'
]
==
'--list'
):
listTornei
(
'stout'
)
...
...
@@ -457,9 +457,10 @@ if(len(sys.argv) > 1): # getting parameters if exist
option_arg
=
args
[
'option'
][
0
]
if
(
option_arg
==
'-n'
or
option_arg
==
'--new'
):
nuovoTorneo
=
nuovoTorneo
(
torneo_arg
)
tornei
=
{
torneo_arg
:
nuovoTorneo
}
nuovoTorneo
=
nuovoTorneo
(
torneo_arg
)
tornei
=
{
torneo_arg
:
nuovoTorneo
}
if
(
nuovoTorneo
):
print
(
"Torneo creato, segui l'help per popolarlo"
)
elif
(
option_arg
==
'--gen-index'
):
...
...
submit.php
View file @
50786858
...
...
@@ -8,8 +8,10 @@
}
$vars
=
"?action="
.
$_POST
[
'action'
];
//
header("Location: ".$url.$vars);
header
(
"Location: "
.
$url
.
$vars
);
$safeParse
=
"/[^0-9a-zA-Z ]/"
;
if
(
isset
(
$_POST
[
'action'
]))
{
// $action = escapeshellarg($_POST['action']);
...
...
@@ -40,17 +42,11 @@
}
elseif
(
$action
==
'create'
)
{
// if(isset($_POST["torneo"])) {
// $torneo = $_POST["torneo"];
// check ALPHANUMERIC (with space)
if
(
ctype_alnum
(
$torneo
)
and
$torneo
!=
""
)
{
//
if (preg_match(
"/[^0-9a-zA-Z] /"
, $torneo) and $torneo != "") {
//
if (ctype_alnum($torneo) and $torneo != "") {
if
(
preg_match
(
$safeParse
,
$torneo
)
and
$torneo
!=
""
)
{
$command
=
"./pomelo.py
$torneo
-n 2>&1"
;
$alert_msg
=
"Creato un nuovo torneo:
$torneo
"
;
// creates and downloads the qr-code from ext api
// $apiQR = 'https://api.qrserver.com/v1/create-qr-code/?size=100x100&data=';
}
else
{
$command
=
''
;
$alert_msg
=
"Errore creando il nuovo torneo
$torneo
"
;
...
...
@@ -77,8 +73,8 @@
$giocatore
=
escapeshellarg
(
$_POST
[
"nuovoGiocatore"
]);
// check ALPHANUMERIC (with space)
if
(
ctype_alnum
(
$giocatore
)
and
$giocatore
!=
""
)
{
//
if (preg_match(
"/[^0-9a-zA-Z] /"
, $giocatore) and $giocatore != "") {
//
if (ctype_alnum($giocatore) and $giocatore != "") {
if
(
preg_match
(
$safeParse
,
$giocatore
)
and
$giocatore
!=
""
)
{
$command
=
"./pomelo.py
$torneo
-a
$giocatore
2>&1"
;
$alert_msg
=
"
$giocatore
. ora fa parte del torneo
\"
$torneo
\"
"
;
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment