From dc3a4d275bc3b60cf2a5a92364af76da9e1c4931 Mon Sep 17 00:00:00 2001 From: Kevin Chung Date: Fri, 24 Jul 2020 14:52:35 -0400 Subject: [PATCH] Fix issue with previewing certain pages (#1571) * Fix previewing pages when page attributes are set --- CTFd/admin/pages.py | 4 +++- tests/admin/test_pages.py | 26 ++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/CTFd/admin/pages.py b/CTFd/admin/pages.py index 8fbe2a7d..777e87ea 100644 --- a/CTFd/admin/pages.py +++ b/CTFd/admin/pages.py @@ -24,7 +24,9 @@ def pages_new(): @admin.route("/admin/pages/preview", methods=["POST"]) @admins_only def pages_preview(): - data = request.form.to_dict() + # We only care about content. + # Loading other attributes improperly will cause Marshmallow to incorrectly return a dict + data = {"content": request.form.get("content")} schema = PageSchema() page = schema.load(data) return render_template("page.html", content=build_html(page.data.content)) diff --git a/tests/admin/test_pages.py b/tests/admin/test_pages.py index e69de29b..d7e3a8cf 100644 --- a/tests/admin/test_pages.py +++ b/tests/admin/test_pages.py @@ -0,0 +1,26 @@ +from tests.helpers import create_ctfd, destroy_ctfd, login_as_user + + +def test_previewing_pages_works(): + """Test that pages can be previewed properly""" + app = create_ctfd() + with app.app_context(): + client = login_as_user(app, name="admin", password="password") + + with client.session_transaction() as sess: + data = { + "title": "title", + "route": "route", + "content": "content_testing", + "nonce": sess.get("nonce"), + "draft": "y", + "hidden": "y", + "auth_required": "y", + } + + r = client.post("/admin/pages/preview", data=data) + assert r.status_code == 200 + resp = r.get_data(as_text=True) + assert "content_testing" in resp + + destroy_ctfd(app)