diff options
Diffstat (limited to 'searx/webapp.py')
-rwxr-xr-x | searx/webapp.py | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/searx/webapp.py b/searx/webapp.py index ad6ed368b..47f77acc7 100755 --- a/searx/webapp.py +++ b/searx/webapp.py @@ -31,6 +31,8 @@ from pygments.formatters import HtmlFormatter # pylint: disable=no-name-in-modu from werkzeug.middleware.proxy_fix import ProxyFix from werkzeug.serving import WSGIRequestHandler +import flask + from flask import ( Flask, request, @@ -86,6 +88,7 @@ from searx.utils import ( gen_useragent, dict_subset, match_language, + get_value, ) from searx.version import VERSION_STRING from searx.query import RawTextQuery @@ -161,6 +164,8 @@ for indice, theme in enumerate(themes): for (dirpath, dirnames, filenames) in os.walk(theme_img_path): global_favicons[indice].extend(filenames) +OUTPUT_FORMATS = ['html', 'csv', 'json', 'rss'] + STATS_SORT_PARAMETERS = { 'name': (False, 'name', ''), 'score': (True, 'score', 0), @@ -511,6 +516,11 @@ def render(template_name, override_theme=None, **kwargs): kwargs['preferences'] = request.preferences + kwargs['search_formats'] = [ + x for x in get_value( + settings, 'search', 'formats', default=OUTPUT_FORMATS) + if x != 'html'] + kwargs['brand'] = brand kwargs['translations'] = json.dumps(get_translations(), separators=(',', ':')) @@ -683,9 +693,12 @@ def search(): # output_format output_format = request.form.get('format', 'html') - if output_format not in ['html', 'csv', 'json', 'rss']: + if output_format not in OUTPUT_FORMATS: output_format = 'html' + if output_format not in get_value(settings, 'search', 'formats', default=OUTPUT_FORMATS): + flask.abort(403) + # check if there is query (not None and not an empty string) if not request.form.get('q'): if output_format == 'html': |