aboutsummaryrefslogtreecommitdiff
path: root/pyaggr3g470r
diff options
context:
space:
mode:
authorCédric Bonhomme <cedric@cedricbonhomme.org>2014-05-05 12:36:42 +0200
committerCédric Bonhomme <cedric@cedricbonhomme.org>2014-05-05 12:36:42 +0200
commit3633fc4125da6605dde3a7cca760be79baf03429 (patch)
treea2516c9d1f13e4b919c9115ff13d537442b58d60 /pyaggr3g470r
parentIntegration of recaptcha module. (diff)
downloadnewspipe-3633fc4125da6605dde3a7cca760be79baf03429.tar.gz
newspipe-3633fc4125da6605dde3a7cca760be79baf03429.tar.bz2
newspipe-3633fc4125da6605dde3a7cca760be79baf03429.zip
Fixed a security problem.
Diffstat (limited to 'pyaggr3g470r')
-rw-r--r--pyaggr3g470r/views.py5
1 files changed, 3 insertions, 2 deletions
diff --git a/pyaggr3g470r/views.py b/pyaggr3g470r/views.py
index dbbaf5d0..a0373ef0 100644
--- a/pyaggr3g470r/views.py
+++ b/pyaggr3g470r/views.py
@@ -177,7 +177,7 @@ def signup():
lastname=form.lastname.data,
email=form.email.data,
pwdhash=generate_password_hash(form.password.data))
- user.roles.extend([role_user])
+ user.roles = [role_user]
db.session.add(user)
try:
db.session.commit()
@@ -685,17 +685,18 @@ def create_user(user_id=None):
if request.method == 'POST':
if form.validate():
+ role_user = Role.query.filter(Role.name == "user").first()
if user_id is not None:
# Edit a user
user = User.query.filter(User.id == user_id).first()
form.populate_obj(user)
if form.password.data != "":
user.set_password(form.password.data)
+ user.roles = [role_user]
db.session.commit()
flash(gettext('User') + ' ' + user.firstname + ' ' + gettext('successfully updated.'), 'success')
else:
# Create a new user
- role_user = Role.query.filter(Role.name == "user").first()
user = User(firstname=form.firstname.data,
lastname=form.lastname.data,
email=form.email.data,
bgstack15