xuyue/OnlineJudge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

只判断 ajax 可能存在绕过

Browse Source
This commit is contained in:
virusdefender
2015-11-03 23:55:14 +08:00
parent f4514fa3b8
commit 0ee76a57e0
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
contest/decorators.py
View File

@@ -4,6 +4,7 @@ from functools import wraps
from django.http import HttpResponse, HttpResponseRedirect from django.http import HttpResponse, HttpResponseRedirect
from django.shortcuts import render from django.shortcuts import render
from django.core.urlresolvers import reverse
from utils.shortcuts import error_response, error_page from utils.shortcuts import error_response, error_page
@@ -92,7 +93,7 @@ def check_user_contest_permission(func):
{"reason": "contest_not_start", "show_tab": False, "contest": contest}) {"reason": "contest_not_start", "show_tab": False, "contest": contest})
# 比赛已经结束了,只拦截 ajax 的答案提交 # 比赛已经结束了,只拦截 ajax 的答案提交
if contest.status == CONTEST_ENDED and request.is_ajax(): if contest.status == CONTEST_ENDED and request.path == reverse("contest_submission_api") and request.is_ajax():
return error_response(u"比赛已经结束") return error_response(u"比赛已经结束")
return func(*args, **kwargs) return func(*args, **kwargs)