QingdaoU/OnlineJudge
1
0
Fork 0
mirror of https://github.com/QingdaoU/OnlineJudge.git synced 2024-09-21 08:23:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

只判断 ajax 可能存在绕过

Browse Source
This commit is contained in:
virusdefender 2015-11-03 23:55:14 +08:00
parent f4514fa3b8
commit 0ee76a57e0
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
contest/decorators.py
View File

@ -4,6 +4,7 @@ from functools import wraps
from django.http import HttpResponse, HttpResponseRedirect
from django.shortcuts import render
from django.core.urlresolvers import reverse
from utils.shortcuts import error_response, error_page
@ -92,7 +93,7 @@ def check_user_contest_permission(func):
{"reason": "contest_not_start", "show_tab": False, "contest": contest})
# 比赛已经结束了,只拦截 ajax 的答案提交
if contest.status == CONTEST_ENDED and request.is_ajax():
if contest.status == CONTEST_ENDED and request.path == reverse("contest_submission_api") and request.is_ajax():
return error_response(u"比赛已经结束")
return func(*args, **kwargs)