API를 통해 숨겨진 문서를 볼 수 있는 버그와 기타 버그 수정

app.py

@@ -3610,14 +3610,21 @@ def acl(name = None):
                 check_ok = 'disabled'
 
     if flask.request.method == 'POST':
+        if flask.request.form.get('dec', '') != flask.request.form.get('view', ''):
+            dec = flask.request.form.get('view', '')
+            view = flask.request.form.get('view', '')
+        else:
+            dec = flask.request.form.get('dec', '')
+            view = flask.request.form.get('view', '')
+
         curs.execute("select title from acl where title = ?", [name])
         if curs.fetchall():
-            curs.execute("update acl set dec = ? where title = ?", [flask.request.form.get('dec', ''), name])
+            curs.execute("update acl set dec = ? where title = ?", [dec, name])
             curs.execute("update acl set dis = ? where title = ?", [flask.request.form.get('dis', ''), name])
             curs.execute("update acl set why = ? where title = ?", [flask.request.form.get('why', ''), name])
-            curs.execute("update acl set view = ? where title = ?", [flask.request.form.get('view', ''), name])
+            curs.execute("update acl set view = ? where title = ?", [view, name])
         else:
-            curs.execute("insert into acl (title, dec, dis, why, view) values (?, ?, ?, ?, ?)", [name, flask.request.form.get('dec', ''), flask.request.form.get('dis', ''), flask.request.form.get('why', ''), flask.request.form.get('view', '')])
+            curs.execute("insert into acl (title, dec, dis, why, view) values (?, ?, ?, ?, ?)", [name, dec, flask.request.form.get('dis', ''), flask.request.form.get('why', ''), view])
         
         curs.execute("select title from acl where title = ? and dec = '' and dis = ''", [name])
         if curs.fetchall():
@@ -3679,14 +3686,14 @@ def acl(name = None):
                     data += '<hr class=\"main_hr\"><input placeholder="' + load_lang('why') + '" name="why" type="text" ' + check_ok + '>'
             
         return easy_minify(flask.render_template(skin_check(), 
-            imp = [name, wiki_set(), custom(), other2([' (acl)', 0])],
+            imp = [name, wiki_set(), custom(), other2([' (' + load_lang('acl') + ')', 0])],
             data =  '''
-                    <form method="post">
-                        ''' + data + '''
-                        <hr class=\"main_hr\">
-                        <button type="submit" ''' + check_ok + '''>''' + load_lang('save') + '''</button>
-                    </form>
-                    ''',
+                <form method="post">
+                    ''' + data + '''
+                    <hr class=\"main_hr\">
+                    <button type="submit" ''' + check_ok + '''>''' + load_lang('save') + '''</button>
+                </form>
+            ''',
             menu = [['w/' + url_pas(name), load_lang('document')], ['manager', load_lang('admin')]]
         ))
             
@@ -4544,7 +4551,7 @@ def api_raw(name = ''):
     curs.execute("select data from data where title = ?", [name])
     data = curs.fetchall()
     if data:
-        json_data = { "title" : name, "data" : data[0][0] }
+        json_data = { "title" : name, "data" : render_set(title = name, data = data[0][0], s_data = 1) }
     
         return flask.jsonify(json_data)
     else:

emergency_tool.py

@@ -1,6 +1,5 @@
 import json
 import sqlite3
-import bcrypt
 import hashlib
 import threading
 
@@ -10,10 +9,11 @@ from mark import load_conn2, namumark
 try:
     f = open('set.json', 'r')
 except FileNotFoundError as e:
-    print('Error: set.json is not found. please run setup script first.')
+    print('Error: set.json is not found. Please run setup script first.')
     exit()
 else:
     f.close()
+    
 json_data = open('set.json').read()
 set_data = json.loads(json_data)
 
@@ -22,16 +22,16 @@ curs = conn.cursor()
 
 load_conn(conn)
 
-print('1. backlink reset')
-print('2. recaptcha delete')
-print('3. ban delete')
-print('4. change host')
-print('5. change port')
-print('6. change skin')
-print('7. change password')
-print('8. reset version')
+print('1. Backlink reset')
+print('2. reCAPTCHA delete')
+print('3. Ban delete')
+print('4. Change host')
+print('5. Change port')
+print('6. Change skin')
+print('7. Change password')
+print('8. Reset version')
 
-print('select : ', end = '')
+print('Select : ', end = '')
 what_i_do = input()
 
 if what_i_do == '1':
@@ -58,7 +58,7 @@ elif what_i_do == '2':
     curs.execute("delete from other where name = 'recaptcha'")
     curs.execute("delete from other where name = 'sec_re'")
 elif what_i_do == '3':
-    print('ip or name : ', end = '')
+    print('IP or Name : ', end = '')
     user_data = input()
 
     if re.search("^([0-9]{1,3}\.[0-9]{1,3})$", user_data):
@@ -69,47 +69,36 @@ elif what_i_do == '3':
         curs.execute("insert into rb (block, end, today, blocker, why, band) values (?, ?, ?, ?, ?, ?)", [user_data, load_lang('release', 1), get_time(), load_lang('tool', 1) + ':emergency', '', band])
     curs.execute("delete from ban where block = ?", [user_data])
 elif what_i_do == '4':
-    print('host : ', end = '')
+    print('Host : ', end = '')
     host = input()
 
     curs.execute("update other set data = ? where name = 'host'", [host])
 elif what_i_do == '5':
-    try:
-        print('port : ', end = '')
-        port = int(input())
-    except ValueError:
-            print('Error: Please input int value')
-            exit()
+    print('Port : ', end = '')
+    port = int(input())
 
     curs.execute("update other set data = ? where name = 'port'", [port])
 elif what_i_do == '6':
-    print('skin name : ', end = '')
+    print('Skin\'s name : ', end = '')
     skin = input()
 
     curs.execute("update other set data = ? where name = 'skin'", [skin])
 elif what_i_do == '7':
-    try:
-        print('1. sha256')
-        print('2. sha3')
-        print('3. bcrypt')
-        print('select : ', end = '')
-        what_i_do = int(input())
-    except ValueError:
-        print('Error: Please input int value')
-        exit()
-
-    print('user name : ', end = '')
+    print('1. sha256')
+    print('2. sha3')
+    print('Select : ', end = '')
+    what_i_do = int(input())
+
+    print('User\'s name : ', end = '')
     user_name = input()
 
-    print('user password : ', end = '')
+    print('User\'s password : ', end = '')
     user_pw = input()
 
     if what_i_do == '1':
         hashed = hashlib.sha256(bytes(user_pw, 'utf-8')).hexdigest()
     elif what_i_do == '2':
         hashed = sha3_256(bytes(user_pw, 'utf-8')).hexdigest()
-    elif what_i_do == '3':
-        hashed = bcrypt.hashpw(bytes(user_pw, 'utf-8'), bcrypt.gensalt()).decode()
        
     curs.execute("update user set pw = ? where id = ?", [hashed, user_name])
 elif what_i_do == '8':
@@ -117,4 +106,4 @@ elif what_i_do == '8':
 
 conn.commit()
 
-print('ok')
+print('OK')

func.py

@@ -53,7 +53,7 @@ def send_email(who, title, data):
 
         smtp.quit()
     except:
-        print('error : email login error')
+        print('Error : Email login error')
 
 def easy_minify(data, tool = None):
     try:
@@ -561,14 +561,14 @@ def acl_check(name, tool = ''):
         acl_data = curs.fetchall()
         if acl_data:
             if acl_data[0][0] == 'user':
-                if not user_data:
+                if ip_or_user(ip):
                     return 1
 
             if acl_data[0][0] == 'admin':
-                if not user_data:
+                if ip_or_user(ip):
                     return 1
 
-                if not admin_check(5, 'view (' + name + ')') == 1:
+                if admin_check(5, 'view (' + name + ')') != 1:
                     return 1
 
         return 0