I am learning about sessions and how to update profile data when doing an edit. I am having an issue with my dictionary and wouldn't mind any suggestions. :)
Code:
@application.route("/profileEdit/", methods = ["POST", "GET"])
def profileEdit():
if request.method == "POST":
usersDB = client["userRegistration"]
users = usersDB['userregistrations']
username = request.form.get('username')
#request.form.get('password')
email = request.form.get('email')
labor = request.form.get('image')
phone = request.form.get('phone')
existing_user = users.find_one({'email': session['email']})
g.user = existing_user
file = request.files.get('file')
filename = file.filename
newvalues = { g.user: {
'date': str(date.today()),
'name': username,
'email': email,
'phonenumber': phone,
'labor':labor,
'profilePic': file}
}
if filename == '':
flash('No image selected for uploading')
return redirect(request.url)
if push: #need a security boost to prevent injections of code check file extensions
file.save(os.path.join('static\Images', filename))
#print('upload_image filename: ' + filename)
if existing_user is None:
return redirect(url_for('registration'))
else:
users.update_one(g.user, newvalues)
return redirect(url_for('profile'))
else:
flash('Allowed image types are - png, jpg, jpeg, gif')#security protocol
return redirect(request.url)
return render_template("profileEdit.html")#, image_file = image_file)
error:
Traceback (most recent call last):
File "C:\Python39\Lib\site-packages\flask\app.py", line 2091, in __call__
return self.wsgi_app(environ, start_response)
File "C:\Python39\Lib\site-packages\flask\app.py", line 2076, in wsgi_app
response = self.handle_exception(e)
File "C:\Python39\Lib\site-packages\flask\app.py", line 2073, in wsgi_app
response = self.full_dispatch_request()
File "C:\Python39\Lib\site-packages\flask\app.py", line 1518, in full_dispatch_request
rv = self.handle_user_exception(e)
File "C:\Python39\Lib\site-packages\flask\app.py", line 1516, in full_dispatch_request
rv = self.dispatch_request()
File "C:\Python39\Lib\site-packages\flask\app.py", line 1502, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
File "C:\Users\tquig\OneDrive\Documents\GitHub\FS-CSCI150-F21-Team4\application.py", line 146, in profileEdit
newvalues = { g.user: {
TypeError: unhashable type: 'dict'
I know it isn't super secure because people can upload malicious code when uploading an image due to no verification process. If you guys have suggestion on filtering file extensions and making sure it isn't malicious files - that would be super awesome because the internet is sort of lacking on security tutorials with flask.
Aucun commentaire:
Enregistrer un commentaire