From e732e9066126ca9c6221ae57f7ee3c171038ce69 Mon Sep 17 00:00:00 2001 From: Kevin Chung Date: Fri, 16 Jun 2017 15:25:05 -0400 Subject: [PATCH] Fixing hints glitches (#281) * Fixes #255 * Hints are automatically unlocked once the CTF is finished * Don't provide hints if CTF hasn't started --- CTFd/challenges.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/CTFd/challenges.py b/CTFd/challenges.py index c386b2aa..fee06bc5 100644 --- a/CTFd/challenges.py +++ b/CTFd/challenges.py @@ -17,6 +17,8 @@ challenges = Blueprint('challenges', __name__) @challenges.route('/hints/', methods=['GET', 'POST']) def hints_view(hintid): + if not utils.ctf_started(): + abort(403) hint = Hints.query.filter_by(id=hintid).first_or_404() chal = Challenges.query.filter_by(id=hint.chal).first() unlock = Unlocks.query.filter_by(model='hints', itemid=hintid, teamid=session['id']).first() @@ -33,7 +35,7 @@ def hints_view(hintid): 'cost': hint.cost }) elif request.method == 'POST': - if not unlock: + if not unlock and utils.ctftime(): team = Teams.query.filter_by(id=session['id']).first() if team.score() < hint.cost: return jsonify({'errors': 'Not enough points'}) @@ -49,6 +51,14 @@ def hints_view(hintid): } db.session.close() return jsonify(json_data) + elif utils.ctf_ended(): + json_data = { + 'hint': hint.hint, + 'chal': hint.chal, + 'cost': hint.cost + } + db.session.close() + return jsonify(json_data) else: json_data = { 'hint': hint.hint, @@ -104,7 +114,7 @@ def chals(): unlocked_hints = set([u.itemid for u in Unlocks.query.filter_by(model='hints', teamid=session['id'])]) hints = [] for hint in Hints.query.filter_by(chal=x.id).all(): - if hint.id in unlocked_hints: + if hint.id in unlocked_hints or utils.ctf_ended(): hints.append({'id': hint.id, 'cost': hint.cost, 'hint': hint.hint}) else: hints.append({'id': hint.id, 'cost': hint.cost})