Fix raw whois bug, and make sure everything is properly sanitized

master
Sven Slootweg 12 years ago
parent d399e1b684
commit d72f6ede8f

@ -74,9 +74,11 @@ def find_whois(domain):
return (db_results['timestamp'], db_results['response'], raw) return (db_results['timestamp'], db_results['response'], raw)
else: else:
raw, result = whois(domain) returned = whois(domain)
if result is not None: if returned is not None:
raw, result = returned
db['responses'].insert({ db['responses'].insert({
'domain': domain, 'domain': domain,
'response': result, 'response': result,
@ -86,7 +88,7 @@ def find_whois(domain):
return (time.time(), result, raw) return (time.time(), result, raw)
else: else:
return (time.time(), None) return (time.time(), None, None)
@app.route('/query', methods=["POST"]) @app.route('/query', methods=["POST"])
def query(): def query():
@ -120,9 +122,12 @@ def query_json(domain):
if domain is not None: if domain is not None:
retrieval_date, result, raw = find_whois(domain) retrieval_date, result, raw = find_whois(domain)
result['retrieval_date'] = int(retrieval_date) if result is not None:
result['retrieval_date'] = int(retrieval_date)
return json.dumps(result) result['raw_response'] = raw
return json.dumps(result)
else:
return json.dumps(None)
else: else:
return json.dumps(None) return json.dumps(None)

@ -1,7 +1,8 @@
{% extends "base.tpl" %} {% extends "base.tpl" %}
{% block body %} {% block body %}
{% autoescape true %}
<div class="whois-results"> <div class="whois-results">
<h2>WHOIS results</h2> <h2>WHOIS results for {{ domain }}</h2>
<table> <table>
<tr> <tr>
<th>WHOIS record retrieval date:</th> <th>WHOIS record retrieval date:</th>
@ -61,10 +62,9 @@
{% if raw != None %} {% if raw != None %}
<h2>Raw WHOIS response</h2> <h2>Raw WHOIS response</h2>
<pre> <pre>
{% autoescape true %}
{{ raw }} {{ raw }}
{% endautoescape %}
</pre> </pre>
{% endif %} {% endif %}
</div> </div>
{% endautoescape %}
{% endblock %} {% endblock %}

Loading…
Cancel
Save