![]() |
making a form purely with flask-wtf - Printable Version +- Python Forum (https://python-forum.io) +-- Forum: Python Coding (https://python-forum.io/forum-7.html) +--- Forum: General Coding Help (https://python-forum.io/forum-8.html) +--- Thread: making a form purely with flask-wtf (/thread-42211.html) Pages:
1
2
|
RE: making a form purely with flask-wtf - snippsat - May-30-2024 Quote:how would i go about when they hit the submit button it runs a powershell command with the variables the user has inputtedOn Server get values back so here i just use new_password(can use any field) and use subprocess to run this command line argument. ls(list files) not in standar Windows use dir,so see that in now list files in folder. new_password = form.new_password.data print(new_password) # ls result = subprocess.run([new_password], capture_output=True, text=True) print(result.stdout) G:\all_flask\2024\wtf_env (wtf_env) λ flask --app test1 run * Serving Flask app 'test1' * Debug mode: off WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead. * Running on http://127.0.0.1:5000 Press CTRL+C to quit 127.0.0.1 - - [30/May/2024 23:38:15] "GET / HTTP/1.1" 200 - ls __pycache__ Include Lib pyvenv.cfg Scripts templates test.py test1.py prod 127.0.0.1 - - [30/May/2024 23:38:22] "POST / HTTP/1.1" 200 - RE: making a form purely with flask-wtf - robertkwild - May-31-2024 (May-30-2024, 09:51 PM)snippsat Wrote:Quote:how would i go about when they hit the submit button it runs a powershell command with the variables the user has inputtedOn Server get values back so here i just use new_password(can use any field) and use subprocess to run this command line argument. your first lines of codes, i imagine i write that in my password.py script and not in the index.html sorry snippsat i dont see the powershell command that you wrote, is it just the ls but in powershell terms it will be dir RE: making a form purely with flask-wtf - snippsat - May-31-2024 (May-31-2024, 02:33 PM)robertkwild Wrote: sorry snippsat i dont see the powershell command that you wrote, is it just the ls but in powershell terms it will be dirSo now in Browser i type * in new_password and use this in PowerShell command to list files.Just mention this is normal stuff to do, but a you see it work this has of course some security concerns taking input for a website and run local stuff as PowerShell. new_password = form.new_password.data print(new_password) * #result = subprocess.run([new_password], capture_output=True, text=True) ps_command = f"Get-ChildItem -Path '{new_password}'" # Execute the PowerShell command result = subprocess.run(["powershell", "-Command", ps_command], capture_output=True, text=True) print(result.stdout) domain = form.domain.data G:\all_flask\2024\wtf_env (wtf_env) λ flask --app test1 run * Serving Flask app 'test1' * Debug mode: off WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead. * Running on http://127.0.0.1:5000 Press CTRL+C to quit 127.0.0.1 - - [31/May/2024 17:17:30] "GET / HTTP/1.1" 200 - * Directory: G:\all_flask\2024\wtf_env Mode LastWriteTime Length Name ---- ------------- ------ ---- d----- 29.05.2024 22:13 Include d----- 29.05.2024 22:13 Lib d----- 29.05.2024 22:16 Scripts d----- 30.05.2024 22:41 templates d----- 31.05.2024 17:17 __pycache__ -a---- 29.05.2024 22:13 184 pyvenv.cfg -a---- 30.05.2024 18:50 969 test.py -a---- 31.05.2024 17:17 1464 test1.py prod 127.0.0.1 - - [31/May/2024 17:17:54] "POST / HTTP/1.1" 200 - RE: making a form purely with flask-wtf - robertkwild - May-31-2024 if its a security concern what other way do you recommend doing what i want to do RE: making a form purely with flask-wtf - snippsat - May-31-2024 (May-31-2024, 05:36 PM)robertkwild Wrote: if its a security concern what other way do you recommend doing what i want to doNot sure what task you trying to do. It can be ok if check input and don't allow all command that can be given to Powershell. Eg this would delete a local file or worse if do Remove-Item -Path C:/*.* it start to delete all files on C:import subprocess new_password = 'Remove-Item -Path C:/bar/file-1.txt' # Execute the PowerShell command result = subprocess.run(["powershell", "-Command", new_password], capture_output=True, text=True)So eg in previous post here f"Get-ChildItem -Path '{new_password}'" it's restricted to only use Get-ChildItem -Path .Then cannot give full PS command that eg can delete files local from input in web-form. RE: making a form purely with flask-wtf - robertkwild - Jun-01-2024 (May-31-2024, 06:11 PM)snippsat Wrote:(May-31-2024, 05:36 PM)robertkwild Wrote: if its a security concern what other way do you recommend doing what i want to doNot sure what task you trying to do. im just going to get it to run a powershell command to change the users password ie Set-ADAccountPassword -Identity username -OldPassword (ConvertTo-SecureString -AsPlainText "old_password" -Force) -NewPassword (ConvertTo-SecureString -AsPlainText "confirm" -Force) -Server domain but im trying to do some validation but the equalto doesnt work and no idea why from flask import Flask, render_template, request from flask_wtf import FlaskForm from wtforms import StringField, PasswordField, BooleanField, DecimalField, RadioField, SelectField, TextAreaField, FileField, validators, SubmitField from wtforms.validators import InputRequired, Length, DataRequired, EqualTo, Regexp, ValidationError app = Flask(__name__) app.config['SECRET_KEY'] = 'secretkey' class MyForm(FlaskForm): username = StringField('Username', [InputRequired('Required')]) old_password = PasswordField('Old Password', [InputRequired('Required')]) password = PasswordField('New Password', [InputRequired('Required'), EqualTo('confirm', message='Passwords must match'), Length(min=12)]) confirm = PasswordField('Confirm New Password') domain = SelectField('domain', choices=[('prod', 'prod'), ('corp', 'corp')]) submit = SubmitField('Submit') @app.route('/', methods=['GET', 'POST']) def index(): form = MyForm() if form.validate_on_submit(): username = form.username.data old_password = form.old_password.data password = form.password.data confirm = form.confirm.data domain = form.domain.data submit = form.submit.data return render_template('index.html', form=form) if __name__ == '__main__': app.run() |