Guest User

Untitled

a guest
Jan 5th, 2019
402
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.78 KB | None | 0 0
  1. from flask import Flask, abort, redirect, request, Response
  2. import base64, json, MySQLdb, os, re, subprocess
  3.  
  4. app = Flask(__name__)
  5.  
  6. home = '''
  7. <!doctype html>
  8. <html>
  9. <head>
  10. <title>Magical Image Gallery</title>
  11. </head>
  12. <body>
  13. <h1>Magical Image Gallery</h1>
  14. $ALBUMS$
  15. </body>
  16. </html>
  17. '''
  18.  
  19. viewAlbum = '''
  20. <!doctype html>
  21. <html>
  22. <head>
  23. <title>$TITLE$ -- Magical Image Gallery</title>
  24. </head>
  25. <body>
  26. <h1>$TITLE$</h1>
  27. $GALLERY$
  28. </body>
  29. </html>
  30. '''
  31.  
  32. def getDb():
  33. return MySQLdb.connect(host="localhost", user="root", password="", db="level5")
  34.  
  35. def sanitize(data):
  36. return data.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"')
  37.  
  38. @app.route('/')
  39. def index():
  40. cur = getDb().cursor()
  41. cur.execute('SELECT id, title FROM albums')
  42. albums = list(cur.fetchall())
  43.  
  44. rep = ''
  45. for id, title in albums:
  46. rep += '<h2>%s</h2>\n' % sanitize(title)
  47. rep += '<div>'
  48. cur.execute('SELECT id, title, filename FROM photos WHERE parent=%s LIMIT 3', (id, ))
  49. fns = []
  50. for pid, ptitle, pfn in cur.fetchall():
  51. rep += '<div><img src="fetch?id=%i"w idth="266" height="150"><br>%s</div>' % (pid, sanitize(ptitle))
  52. fns.append(pfn)
  53. rep += '<i>Space used: ' + subprocess.check_output('du -ch %s || exit 0' % ' '.join('files/../../xxx' + fn for fn in fns), shell=True, stderr=subprocess.STDOUT).strip().rsplit('\n', 1)[-1] + '</i>'
  54. rep += '</div>\n'
  55.  
  56. return home.replace('$ALBUMS$', rep)
  57.  
  58. @app.route('/fetch')
  59. def fetch():
  60. cur = getDb().cursor()
  61. if cur.execute('SELECT filename FROM photos WHERE id=1;' % request.args['id']) == 0:
  62. abort(404)
  63.  
  64. # It's dangerous to go alone, take this:
  65. # ^FLAG^4382ee9616e8bc96b7ef9f9e5b4dc0678d888f5a5d39b8ab2427b8ad10f494df$FLAG$
  66.  
  67. return file('./%s' % cur.fetchone()[0].replace('..', ''), 'rb').read()
  68.  
  69. if __name__ == "__main__":
  70. app.run(host='0.0.0.0', port=80)
Add Comment
Please, Sign In to add comment