diff --git a/anatomy/views.py b/anatomy/views.py index 7a02a7ec..8135da10 100644 --- a/anatomy/views.py +++ b/anatomy/views.py @@ -228,8 +228,9 @@ def loadJsonAnswer(answer): # TODO Update to only allow valid Candidates eid = int(answer["eid"].split("/")[1]) + cid = int(answer["cid"]) # As access is not restricted make sure the data appears valid - if (not isinstance(answer["cid"], int)) or ( + if (not isinstance(cid, int)) or ( not isinstance(eid, int) or (not isinstance(answer["ans"], str)) ): return False, JsonResponse( @@ -238,13 +239,13 @@ def loadJsonAnswer(answer): # The model should catch invalid data but this should be less intensive max_int = 999999999999999999999 - if answer["cid"] > max_int or eid > max_int: + if cid > max_int or eid > max_int: return False, JsonResponse({"success": False, "error": "invalid cid"}) exam = get_object_or_404(Exam, pk=eid) - if not exam.check_cid_user(answer["cid"], answer["passcode"]): + if not exam.check_cid_user(cid, answer["passcode"]): return False, JsonResponse( {"success": False, "error": "invalid cid / passcode"} ) @@ -255,11 +256,11 @@ def loadJsonAnswer(answer): # ) exiting_answers = CidUserAnswer.objects.filter( - question__id=answer["qid"], exam__id=eid, cid=answer["cid"] + question__id=answer["qid"], exam__id=eid, cid=cid ) if not exiting_answers: - ans = CidUserAnswer(answer=answer["ans"], cid=answer["cid"]) + ans = CidUserAnswer(answer=answer["ans"], cid=cid) ans.question_id = answer["qid"] ans.exam_id = eid ans.score = Answer.MarkOptions.UNMARKED diff --git a/generic/views.py b/generic/views.py index a43e3046..101501bd 100644 --- a/generic/views.py +++ b/generic/views.py @@ -1318,7 +1318,7 @@ def group_email(request, pk, resend=False): if resend: users = group.ciduser_set.filter() else: - users = gGroup.ciduser_set.filter(login_email_sent=False) + users = group.ciduser_set.filter(login_email_sent=False) sent = [] not_sent = []