From f1ed87cd8a2601fadedfa76c0d83e8ab35c31005 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yannik=20R=C3=B6del?= Date: Wed, 25 Jan 2023 08:28:45 +0100 Subject: [PATCH] Disable the form on the server --- cgi-bin/form.py | 21 ++++++++++++++------- sites/angestoepselt/httpd.conf | 4 ---- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/cgi-bin/form.py b/cgi-bin/form.py index d74a929..1b2ae7c 100755 --- a/cgi-bin/form.py +++ b/cgi-bin/form.py @@ -61,18 +61,24 @@ match os.environ.get("REQUEST_METHOD", "").upper(): case "GET": # For GET requests, serve the form that the user requested. The CSRF # token will be added here as well. - print("Status: 200") - print("Content-Type: text/html") + + form_disabled = request_uri.startswith("/computer-beantragen/privat") + + print(f"Status: {200 if not form_disabled else 503}") + print(f"Content-Type: text/html") print(f"Set-Cookie: __Host-csrftoken={signed_csrf_token}; path=/; Secure; SameSite=Strict; HttpOnly") print("") with open(f"{SITE_DIRECTORY}/{request_uri.strip('/')}/index.html", "r") as template: for line in template.readlines(): - # This is a very rudimentary check to ensure that we actually - # place the token *inside* the form. It assumes that there is - # a) only one form on the site and - # b) the
tag doesn't end on the same line. - if re.match(r"", line, re.IGNORECASE) is not None: + if ( + not form_disabled + # This is a very rudimentary check to ensure that we + # actually place the token *inside* the form. It requires + # adding a comment somewhere in the form that + # will be replaced with the hidden fields and hCaptcha. + and re.match(r"", line, re.IGNORECASE) is not None + ): print(f'') print(f'