fportantier · Deanadamik · Oct 11, 2024 · Oct 13, 2024
diff --git a/good/libuser.py b/good/libuser.py
@@ -53,12 +53,17 @@ def login(username, password, **kwargs):
 
 
 def user_create(username, password=None):
-
     conn = sqlite3.connect('db_users.sqlite')
     conn.set_trace_callback(print)
     conn.row_factory = sqlite3.Row
     c = conn.cursor()
-    c.execute("INSERT INTO users (username, password, salt, failures, mfa_enabled, mfa_secret) VALUES ('%s', '%s', '%s', '%d', '%d', '%s')" %(username, '', '', 0, 0, ''))
+
+    # Используем placeholders для безопасного выполнения запроса
+    query = """
+    INSERT INTO users (username, password, salt, failures, mfa_enabled, mfa_secret) 
+    VALUES (?, ?, ?, ?, ?, ?)
+    """
+    c.execute(query, (username, '', '', 0, 0, ''))
     conn.commit()
 
     if password:

diff --git a/good/vulpy-ssl.py b/good/vulpy-ssl.py
@@ -26,4 +26,4 @@ def do_home():
 def before_request():
     g.session = libsession.load(request)
 
-app.run(debug=True, host='127.0.1.1', ssl_context=('/tmp/acme.cert', '/tmp/acme.key'))
+app.run(debug=True, host='127.0.0.1', ssl_context=('/tmp/acme.cert', '/tmp/acme.key'))
diff --git a/good/vulpy.py b/good/vulpy.py
@@ -50,5 +50,5 @@ def add_csp_headers(response):
         response.headers['Content-Security-Policy'] = csp
     return response
 
-app.run(debug=True, host='127.0.1.1', port=5001, extra_files='csp.txt')
+app.run(debug=True, host='127.0.0.1', port=5001, extra_files='csp.txt')