Giving config page more access (#279)

* Giving a plugin's config page more control * Adding utils to base This potentially opens some risk to malicious plugins but really a plugin would already have this capability given that it can run arbitrary Python code.
2025-12-18 06:24:23 +01:00 · 2017-06-14 13:57:46 -04:00
parent 7bdfbfdd7f
commit ae45493e6e
2 changed files with 2 additions and 1 deletions
--- a/CTFd/admin/init.py
+++ b/CTFd/admin/init.py
@@ -42,7 +42,7 @@ def admin_plugin_config(plugin):
    if request.method == 'GET':
        if plugin in utils.get_configurable_plugins():
            config = open(os.path.join(app.root_path, 'plugins', plugin, 'config.html')).read()
-            return render_template('admin/page.html', content=config)
+            return render_template_string(config)
        abort(404)
    elif request.method == 'POST':
        for k, v in request.form.items():
--- a/CTFd/templates/admin/base.html
+++ b/CTFd/templates/admin/base.html
@@ -78,6 +78,7 @@
 		<script src="{{ request.script_root }}/static/admin/js/vendor/marked.min.js"></script>
 		<script src="{{ request.script_root }}/static/admin/js/vendor/bootstrap.min.js"></script>
 		<script src="{{ request.script_root }}/static/admin/js/main.js"></script>
+		<script src="{{ request.script_root }}/static/admin/js/utils.js"></script>
 		{% block scripts %} {% endblock %}
 </body>