From ce268c0609e9eec2439facaff0503568d944b9fd Mon Sep 17 00:00:00 2001 From: Jake Funke Date: Tue, 13 Mar 2018 18:03:57 -0700 Subject: [PATCH] Prevent exploitation of visit feature --- botany.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/botany.py b/botany.py index 6432358..ef47b14 100755 --- a/botany.py +++ b/botany.py @@ -231,8 +231,10 @@ class Plant(object): self.visitors.append(element['user']) if element['user'] not in visitors_this_check: visitors_this_check.append(element['user']) - if element['timestamp'] > latest_timestamp: - latest_timestamp = element['timestamp'] + # prevent users from manually setting watered_time in the future + if element['timestamp'] < int(time.time()): + if element['timestamp'] > latest_timestamp: + latest_timestamp = element['timestamp'] try: self.update_visitor_db(visitors_this_check) except: