summaryrefslogtreecommitdiff
path: root/searx/webapp.py
diff options
context:
space:
mode:
Diffstat (limited to 'searx/webapp.py')
-rwxr-xr-xsearx/webapp.py15
1 files changed, 14 insertions, 1 deletions
diff --git a/searx/webapp.py b/searx/webapp.py
index ad6ed368b..47f77acc7 100755
--- a/searx/webapp.py
+++ b/searx/webapp.py
@@ -31,6 +31,8 @@ from pygments.formatters import HtmlFormatter # pylint: disable=no-name-in-modu
from werkzeug.middleware.proxy_fix import ProxyFix
from werkzeug.serving import WSGIRequestHandler
+import flask
+
from flask import (
Flask,
request,
@@ -86,6 +88,7 @@ from searx.utils import (
gen_useragent,
dict_subset,
match_language,
+ get_value,
)
from searx.version import VERSION_STRING
from searx.query import RawTextQuery
@@ -161,6 +164,8 @@ for indice, theme in enumerate(themes):
for (dirpath, dirnames, filenames) in os.walk(theme_img_path):
global_favicons[indice].extend(filenames)
+OUTPUT_FORMATS = ['html', 'csv', 'json', 'rss']
+
STATS_SORT_PARAMETERS = {
'name': (False, 'name', ''),
'score': (True, 'score', 0),
@@ -511,6 +516,11 @@ def render(template_name, override_theme=None, **kwargs):
kwargs['preferences'] = request.preferences
+ kwargs['search_formats'] = [
+ x for x in get_value(
+ settings, 'search', 'formats', default=OUTPUT_FORMATS)
+ if x != 'html']
+
kwargs['brand'] = brand
kwargs['translations'] = json.dumps(get_translations(), separators=(',', ':'))
@@ -683,9 +693,12 @@ def search():
# output_format
output_format = request.form.get('format', 'html')
- if output_format not in ['html', 'csv', 'json', 'rss']:
+ if output_format not in OUTPUT_FORMATS:
output_format = 'html'
+ if output_format not in get_value(settings, 'search', 'formats', default=OUTPUT_FORMATS):
+ flask.abort(403)
+
# check if there is query (not None and not an empty string)
if not request.form.get('q'):
if output_format == 'html':