Fix raw whois bug, and make sure everything is properly sanitized

12 years ago · d72f6ede8f
parent d399e1b684
commit d72f6ede8f
2 changed files with 14 additions and 9 deletions
--- a/app.py
+++ b/app.py
@ -74,9 +74,11 @@ def find_whois(domain):
 		
 		return (db_results['timestamp'], db_results['response'], raw)
 	else:
-		raw, result = whois(domain)
+		returned = whois(domain)
 		
-		if result is not None:
+		if returned is not None:
+			raw, result = returned
+			
 			db['responses'].insert({
 				'domain': domain,
 				'response': result,
@ -86,7 +88,7 @@ def find_whois(domain):
 			
 			return (time.time(), result, raw)
 		else:
-			return (time.time(), None)
+			return (time.time(), None, None)

@app.route('/query', methods=["POST"])
 def query():
@ -120,9 +122,12 @@ def query_json(domain):
 	if domain is not None:
 		retrieval_date, result, raw = find_whois(domain)
 		
-		result['retrieval_date'] = int(retrieval_date)
-		
-		return json.dumps(result)
+		if result is not None:
+			result['retrieval_date'] = int(retrieval_date)
+			result['raw_response'] = raw
+			return json.dumps(result)
+		else:
+			return json.dumps(None)
 	else:
 		return json.dumps(None)

--- a/templates/result.tpl
+++ b/templates/result.tpl
@ -1,7 +1,8 @@
 {% extends "base.tpl" %}
 {% block body %}
+	{% autoescape true %}
 	<div class="whois-results">
-		<h2>WHOIS results</h2>
+		<h2>WHOIS results for {{ domain }}</h2>
 		<table>
 			<tr>
 				<th>WHOIS record retrieval date:</th>
@ -61,10 +62,9 @@
 		{% if raw != None %}
 			<h2>Raw WHOIS response</h2>
 <pre>
-{% autoescape true %}
 {{ raw }}
-{% endautoescape %}
 </pre>
 		{% endif %}
 	</div>
+	{% endautoescape %}
 {% endblock %}