theMiddleBlue/app.py Secret

## app.py
from flask import Flask
from flask import request
import re

app = Flask(__name__)

def is_valid_input(input):
    m = re.match(r'.*(["\';=]|select|union|from|where).*', input, re.IGNORECASE)
    if m is not None:
        return False
    return True

@app.route('/news', methods=['GET', 'POST'])
def news():
    if request.method == 'POST':
        if "id" in request.form:
            if "category" in request.form:
                if is_valid_input(request.form["id"]) and is_valid_input(request.form["category"]):
                    return f"OK: {request.form['category']}/{request.form['id']}"
                else:
                    return f"Invalid value: {request.form['category']}/{request.form['id']}", 403
            else:
                return "No category parameter sent."
        else:
            return "No id parameter sent."
	from flask import Flask
	from flask import request
	import re

	app = Flask(__name__)

	def is_valid_input(input):
	m = re.match(r'.(["\';=]\|select\|union\|from\|where).', input, re.IGNORECASE)
	if m is not None:
	return False
	return True

	@app.route('/news', methods=['GET', 'POST'])
	def news():
	if request.method == 'POST':
	if "id" in request.form:
	if "category" in request.form:
	if is_valid_input(request.form["id"]) and is_valid_input(request.form["category"]):
	return f"OK: {request.form['category']}/{request.form['id']}"
	else:
	return f"Invalid value: {request.form['category']}/{request.form['id']}", 403
	else:
	return "No category parameter sent."
	else:
	return "No id parameter sent."