aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/app.py14
1 files changed, 9 insertions, 5 deletions
diff --git a/src/app.py b/src/app.py
index 0560ea9..c51ed99 100644
--- a/src/app.py
+++ b/src/app.py
@@ -7,6 +7,8 @@ import pytz
7import flask 7import flask
8import library 8import library
9import forms 9import forms
10import bleach
11import urllib.parse
10 12
11app = flask.Flask(__name__) 13app = flask.Flask(__name__)
12app.config['SECRET_KEY'] = "JAnmklasd39u2mnwim" 14app.config['SECRET_KEY'] = "JAnmklasd39u2mnwim"
@@ -26,7 +28,7 @@ def check_submission(location, form):
26def index(): 28def index():
27 form = forms.WeatherForm() 29 form = forms.WeatherForm()
28 if form.validate_on_submit(): 30 if form.validate_on_submit():
29 location = form.location.data 31 location = bleach.clean(form.location.data)
30 return check_submission(location, form) 32 return check_submission(location, form)
31 else: 33 else:
32 return flask.render_template("index.html", form=form) 34 return flask.render_template("index.html", form=form)
@@ -34,7 +36,8 @@ def index():
34 36
35@ app.route('/weather', methods=('GET', 'POST')) 37@ app.route('/weather', methods=('GET', 'POST'))
36def weather(): 38def weather():
37 location = flask.request.args.get('location') 39 location = urllib.parse.quote_plus(
40 bleach.clean(flask.request.args.get('location', type=str)))
38 latitude = flask.request.args.get('latitude', type=str) 41 latitude = flask.request.args.get('latitude', type=str)
39 longitude = flask.request.args.get('longitude', type=str) 42 longitude = flask.request.args.get('longitude', type=str)
40 data = library.get_data(latitude, longitude) 43 data = library.get_data(latitude, longitude)
@@ -50,7 +53,7 @@ def weather():
50 location_data = requests.get(url, headers=headers).json()["results"][0] 53 location_data = requests.get(url, headers=headers).json()["results"][0]
51 54
52 if form.validate_on_submit(): 55 if form.validate_on_submit():
53 location = form.location.data 56 location = urllib.parse.quote_plus(bleach.clean(form.location.data))
54 return check_submission(location, form=form) 57 return check_submission(location, form=form)
55 else: 58 else:
56 return flask.render_template("weather.html", data=data, form=form, weather_codes=library.weather_codes, datetime=datetime, 59 return flask.render_template("weather.html", data=data, form=form, weather_codes=library.weather_codes, datetime=datetime,
@@ -60,7 +63,8 @@ def weather():
60 63
61@ app.route('/location', methods=('GET', 'POST')) 64@ app.route('/location', methods=('GET', 'POST'))
62def location(): 65def location():
63 location = flask.request.args.get('location', type=str) 66 location = urllib.parse.quote_plus(bleach.clean(
67 flask.request.args.get('location', type=str)))
64 url = f"https://geocoding-api.open-meteo.com/v1/search?name={location}&count=10&language=en&format=json" 68 url = f"https://geocoding-api.open-meteo.com/v1/search?name={location}&count=10&language=en&format=json"
65 headers = {"User-Agent": "pywttr 0.1"} 69 headers = {"User-Agent": "pywttr 0.1"}
66 data = requests.get(url, headers=headers).json() 70 data = requests.get(url, headers=headers).json()
@@ -79,7 +83,7 @@ def location():
79 form.location.choices = choices 83 form.location.choices = choices
80 form.location.default = choices[0] 84 form.location.default = choices[0]
81 if form.is_submitted(): 85 if form.is_submitted():
82 index = int(form.location.data) 86 index = int(bleach.clean(form.location.data))
83 location_data = data["results"][index] 87 location_data = data["results"][index]
84 latitude = location_data["latitude"] 88 latitude = location_data["latitude"]
85 longitude = location_data["longitude"] 89 longitude = location_data["longitude"]