aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-18 14:34:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix authentication for certain admin actions

Browse Source
This commit is contained in:
ajvpot
2015-09-14 21:35:12 -05:00
parent 310d6b8071
commit 9578355143
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CTFd/admin.py
View File

@@ -547,6 +547,7 @@ def admin_fails(teamid='all'):
@admin.route('/admin/chal/new', methods=['POST']) @admin.route('/admin/chal/new', methods=['POST'])
@admins_only
def admin_create_chal(): def admin_create_chal():
files = request.files.getlist('files[]') files = request.files.getlist('files[]')
@@ -581,6 +582,7 @@ def admin_create_chal():
@admin.route('/admin/chal/delete', methods=['POST']) @admin.route('/admin/chal/delete', methods=['POST'])
@admins_only
def admin_delete_chal(): def admin_delete_chal():
challenge = Challenges.query.filter_by(id=request.form['id']).first() challenge = Challenges.query.filter_by(id=request.form['id']).first()
if challenge: if challenge:
@@ -600,6 +602,7 @@ def admin_delete_chal():
@admin.route('/admin/chal/update', methods=['POST']) @admin.route('/admin/chal/update', methods=['POST'])
@admins_only
def admin_update_chal(): def admin_update_chal():
challenge = Challenges.query.filter_by(id=request.form['id']).first() challenge = Challenges.query.filter_by(id=request.form['id']).first()
challenge.name = request.form['name'] challenge.name = request.form['name']