Handle duplicate username on server side so this contrived vulnerability makes sense

01444f7d · chzesa · bbf653ef · 01444f7d · 01444f7d
Commit 01444f7d authored 4 years ago by chzesa
--- a/chat/templates/chat/profile.html
+++ b/chat/templates/chat/profile.html
@@ -10,8 +10,6 @@
 		headers: { from:'{{user}}' }
 	}).then(r => r.json()).then(v => {
 		v.users.forEach(u => {
-			if (u == '{{user}}')
-				return;
 			let p = document.createElement(`p`)
 			let e = document.createElement(`a`);
 			p.appendChild(e)

--- a/chat/views.py
+++ b/chat/views.py
@@ -17,7 +17,7 @@ def getUsers(request):
 		return JsonResponse()

 	with connection.cursor() as cursor:
-		users = cursor.execute("SELECT username FROM auth_user WHERE id != '%s'" % (request.GET.get('from')))
+		users = cursor.execute("SELECT username FROM auth_user WHERE username != '%s'" % (request.headers.get('from')))
 		r = []

 		for u in users: