From c5f3f5a8c40407a01c195e1a18b0dd18216c549b Mon Sep 17 00:00:00 2001
From: xemeds <xemeds@protonmail.com>
Date: Mon, 20 Jul 2020 16:53:18 +0000
Subject: [PATCH] Made the url validator not accept urls from the website

---
 tiny0/config.json |   1 +
 tiny0/config.py   |   1 +
 tiny0/database.db | Bin 12288 -> 12288 bytes
 tiny0/forms.py    |   6 ++++++
 tiny0/routes.py   |   3 ++-
 5 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/tiny0/config.json b/tiny0/config.json
index 536a9e4..378eeb7 100644
--- a/tiny0/config.json
+++ b/tiny0/config.json
@@ -1,4 +1,5 @@
 {
+	"WEBSITE_DOMAIN":"127.0.0.1:5000",
 	"SECRET_KEY": "SECRET_KEY",
 	"SQLALCHEMY_DATABASE_URI": "sqlite:///database.db"
 }
diff --git a/tiny0/config.py b/tiny0/config.py
index 3e22084..b5b5047 100644
--- a/tiny0/config.py
+++ b/tiny0/config.py
@@ -4,5 +4,6 @@ with open("tiny0/config.json", "r") as config_file:
 
 	config_data = json.load(config_file)
 
+	WEBSITE_DOMAIN = config_data.get("WEBSITE_DOMAIN")
 	SECRET_KEY = config_data.get("SECRET_KEY")
 	SQLALCHEMY_DATABASE_URI = config_data.get("SQLALCHEMY_DATABASE_URI")
diff --git a/tiny0/database.db b/tiny0/database.db
index 5dba13055853e02bb8ca3911ac5faec788853272..ef1ce4c9df39fe68c4d66aebc55a408216cfa7fe 100644
GIT binary patch
delta 33
gcmZojXh@hKEvUi3z`zW|Fd#Ki$Cy!LW5NP`0AIxgy8r+H

delta 33
gcmZojXh@hKEvU@Ez`zW|Fd#lr$Cy!hW5NP`0ACCRt^fc4

diff --git a/tiny0/forms.py b/tiny0/forms.py
index 60ce28f..b3dda3f 100644
--- a/tiny0/forms.py
+++ b/tiny0/forms.py
@@ -1,6 +1,7 @@
 from flask_wtf import FlaskForm
 from wtforms import StringField, SubmitField, ValidationError
 from wtforms.validators import DataRequired, Length
+from tiny0.config import WEBSITE_DOMAIN
 
 # Validates a URL
 def validate_URL(form, field):
@@ -23,6 +24,11 @@ def validate_URL(form, field):
 		# Raise a ValidationError
 		raise ValidationError("Invalid URL")
 
+	# If the url contains the websites domain
+	if WEBSITE_DOMAIN in field.data:
+	# Raise a ValidationError
+		raise ValidationError("Invalid URL")
+
 	# If the URL does not start with http:// and https://
 	if not(field.data.startswith("http://")) and not(field.data.startswith("https://")):
 		# Add https:// to the beginning of the URL
diff --git a/tiny0/routes.py b/tiny0/routes.py
index 59c802c..3aa8764 100644
--- a/tiny0/routes.py
+++ b/tiny0/routes.py
@@ -3,6 +3,7 @@ from tiny0 import app, db
 from tiny0.forms import URLForm
 from tiny0.models import URL
 from tiny0.token import gen_valid_token
+from tiny0.config import WEBSITE_DOMAIN
 
 # Index route
 @app.route("/", methods=['GET', 'POST'])
@@ -20,7 +21,7 @@ def index():
 		db.session.commit()
 
 		# Return the url page with the shortened url
-		return render_template("url.html", url="127.0.0.1:5000/" + token)
+		return render_template("url.html", url=WEBSITE_DOMAIN + "/" + token)
 
 	# If the form was invalid or not submitted
 	else: