JohnHammond
/
CTFd
mirror of https://github.com/JohnHammond/CTFd.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allowing pages to have slashes in them but removing leading slashes (#457) 

* Allowing pages to have slashes in them but removing leading slashes
* Add tests for pages
selenium-screenshot-testing
Kevin Chung 2017-11-14 22:31:59 -05:00 committed by GitHub
parent f4aab70b32
commit 6fbef4f32e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 110 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CTFd/admin/pages.py
View File

@ -19,24 +19,27 @@ def admin_css():
return '0' return '0'
@admin_pages.route('/admin/pages', defaults={'route': None}, methods=['GET', 'POST']) @admin_pages.route('/admin/pages', methods=['GET', 'POST'])
@admin_pages.route('/admin/pages/<route>', methods=['GET', 'POST'])
@admins_only @admins_only
def admin_pages_view(route): def admin_pages_view():
route = request.args.get('route')
if request.method == 'GET' and request.args.get('mode') == 'create': if request.method == 'GET' and request.args.get('mode') == 'create':
return render_template('admin/editor.html') return render_template('admin/editor.html')
if route and request.method == 'GET': if route and request.method == 'GET':
page = Pages.query.filter_by(route=route).first() page = Pages.query.filter_by(route=route).first()
return render_template('admin/editor.html', page=page) return render_template('admin/editor.html', page=page)
if route and request.method == 'POST':
if request.method == 'POST':
html = request.form['html']
route = request.form['route'].lstrip('/')
page = Pages.query.filter_by(route=route).first() page = Pages.query.filter_by(route=route).first()
errors = [] errors = []
html = request.form['html']
route = request.form['route']
if not route: if not route:
errors.append('Missing URL route') errors.append('Missing URL route')
if errors: if errors:
page = Pages(html, '') page = Pages(html, route)
return render_template('/admin/editor.html', page=page) return render_template('/admin/editor.html', page=page)
if page: if page:
page.route = route page.route = route
@ -53,10 +56,24 @@ def admin_pages_view(route):
with app.app_context(): with app.app_context():
cache.clear() cache.clear()
return redirect(url_for('admin_pages.admin_pages_view')) return redirect(url_for('admin_pages.admin_pages_view'))
pages = Pages.query.all() pages = Pages.query.all()
return render_template('admin/pages.html', routes=pages, css=utils.get_config('css')) return render_template('admin/pages.html', routes=pages, css=utils.get_config('css'))
@admin_pages.route('/admin/pages/delete', methods=['POST'])
@admins_only
def delete_page():
route = request.form['route']
page = Pages.query.filter_by(route=route).first_or_404()
db.session.delete(page)
db.session.commit()
db.session.close()
with app.app_context():
cache.clear()
return '1'
@admin_pages.route('/admin/media', methods=['GET', 'POST', 'DELETE']) @admin_pages.route('/admin/media', methods=['GET', 'POST', 'DELETE'])
@admins_only @admins_only
def admin_pages_media(): def admin_pages_media():
@ -77,15 +94,3 @@ def admin_pages_media():
else: else:
files = [{'id': f.id, 'location': f.location} for f in Files.query.filter_by(chal=None).all()] files = [{'id': f.id, 'location': f.location} for f in Files.query.filter_by(chal=None).all()]
return jsonify({'results': files}) return jsonify({'results': files})
@admin_pages.route('/admin/page/<pageroute>/delete', methods=['POST'])
@admins_only
def delete_page(pageroute):
page = Pages.query.filter_by(route=pageroute).first_or_404()
db.session.delete(page)
db.session.commit()
db.session.close()
with app.app_context():
cache.clear()
return '1'

2
CTFd/themes/admin/templates/editor.html
View File

@ -272,7 +272,7 @@
}); });
$('#page-edit').submit(function (e){ $('#page-edit').submit(function (e){
$(this).attr('action', '{{ request.script_root }}/admin/pages/'+$('#route').val()); $(this).attr('action', '{{ request.script_root }}/admin/pages');
}); });
// Markdown Preview // Markdown Preview

4
CTFd/themes/admin/templates/pages.html
View File

@ -51,7 +51,7 @@
{% for route in routes %} {% for route in routes %}
<tr name="{{ route.route }}"> <tr name="{{ route.route }}">
<td class="route-name"><a <td class="route-name"><a
href="{{ request.script_root }}/admin/pages/{{ route.route }}">{{ route.route }}</a></td> href="{{ request.script_root }}/admin/pages?route={{ route.route }}">{{ route.route }}</a></td>
<td class="text-center"><i class="fa fa-times"></i></td> <td class="text-center"><i class="fa fa-times"></i></td>
</tr> </tr>
{% endfor %} {% endfor %}
@ -103,7 +103,7 @@ function load_confirm_modal(route){
var modal = $('#confirm') var modal = $('#confirm')
modal.find('input[name=route]').val(route) modal.find('input[name=route]').val(route)
modal.find('#confirm-route-name').text(route) modal.find('#confirm-route-name').text(route)
$('#confirm form').attr('action', '{{ request.script_root }}/admin/page/'+route+'/delete'); $('#confirm form').attr('action', '{{ request.script_root }}/admin/pages/delete');
$('#confirm').modal(); $('#confirm').modal();
} }

2
CTFd/views.py
View File

@ -106,7 +106,7 @@ def custom_css():
# Static HTML files # Static HTML files
@views.route("/", defaults={'template': 'index'}) @views.route("/", defaults={'template': 'index'})
@views.route("/<template>") @views.route("/<path:template>")
def static_html(template): def static_html(template):
try: try:
return render_template('%s.html' % template) return render_template('%s.html' % template)

82
tests/admin/test_pages.py Normal file
View File

@ -0,0 +1,82 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from tests.helpers import *
from CTFd.models import Pages
from CTFd.utils import get_config, set_config, override_template, sendmail, verify_email, ctf_started, ctf_ended
from CTFd.plugins.challenges import get_chal_class
from freezegun import freeze_time
from mock import patch
def test_admin_page_create():
"""Can an admin create a page?"""
app = create_ctfd()
with app.app_context():
client = login_as_user(app, name="admin", password="password")
r = client.get('/admin/pages?mode=create')
assert r.status_code == 200
with client.session_transaction() as sess:
data = {
"route": "this-is-a-route",
"html": "This is some HTML",
"nonce": sess.get('nonce')
}
r = client.post('/admin/pages', data=data)
r = client.get('/admin/pages?route=this-is-a-route')
assert r.status_code == 200
r = client.get('/this-is-a-route')
assert r.status_code == 200
output = r.get_data(as_text=True)
assert "This is some HTML" in output
destroy_ctfd(app)
def test_admin_page_update():
"""Can an admin update a page?"""
app = create_ctfd()
with app.app_context():
client = login_as_user(app, name="admin", password="password")
r = client.get('/admin/pages?route=index')
assert r.status_code == 200
with client.session_transaction() as sess:
data = {
"route": "index",
"html": "New Index Page",
"nonce": sess.get('nonce')
}
r = client.post('/admin/pages', data=data)
r = client.get('/admin/pages?route=index')
assert r.status_code == 200
output = r.get_data(as_text=True)
assert "New Index Page" in output
r = client.get('/')
assert r.status_code == 200
output = r.get_data(as_text=True)
assert "New Index Page" in output
destroy_ctfd(app)
def test_admin_page_delete():
"""Can an admin delete a page?"""
app = create_ctfd()
with app.app_context():
client = login_as_user(app, name="admin", password="password")
with client.session_transaction() as sess:
data = {
"route": "index",
"nonce": sess.get('nonce')
}
r = client.post('/admin/pages/delete', data=data)
assert r.status_code == 200
r = client.get('/')
assert r.status_code == 404
count = Pages.query.count()
assert count == 0
destroy_ctfd(app)