Prevent exploitation of visit feature

2018-03-13 18:03:57 -07:00 · 2018-03-13 18:03:57 -07:00 · ce268c0609
parent b9ef7c31bb
commit ce268c0609
1 changed files with 4 additions and 2 deletions
--- a/botany.py
+++ b/botany.py
@ -231,8 +231,10 @@ class Plant(object):
                            self.visitors.append(element['user'])
                        if element['user'] not in visitors_this_check:
                            visitors_this_check.append(element['user'])
-                        if element['timestamp'] > latest_timestamp:
-                            latest_timestamp = element['timestamp']
+                        # prevent users from manually setting watered_time in the future
+                        if element['timestamp'] < int(time.time()):
+                            if element['timestamp'] > latest_timestamp:
+                                latest_timestamp = element['timestamp']
                    try:
                       self.update_visitor_db(visitors_this_check)
                    except: