ASV-326 Vulnerable askrover Dependency : pyjwt (< 2.4.0)

askbot/context.py

@@ -43,11 +43,6 @@ def application_settings(request):
                                         'ASKBOT_CSS_DEVEL',
                                         False
                                     )
-    my_settings['USE_LOCAL_FONTS'] = getattr(
-                                        settings,
-                                        'ASKBOT_USE_LOCAL_FONTS',
-                                        False
-                                    )
     my_settings['CSRF_COOKIE_NAME'] = settings.CSRF_COOKIE_NAME
     my_settings['DEBUG'] = settings.DEBUG
     my_settings['USING_RUNSERVER'] = 'runserver' in sys.argv
@@ -64,15 +59,15 @@ def application_settings(request):
     my_settings['LOGOUT_REDIRECT_URL'] = url_utils.get_logout_redirect_url()
     my_settings['USE_ASKBOT_LOGIN_SYSTEM'] = 'askbot.deps.django_authopenid' \
         in settings.INSTALLED_APPS
-    
+
     current_language = get_language()
 
     #for some languages we will start searching for shorter words
     if current_language == 'ja':
         #we need to open the search box and show info message about
         #the japanese lang search
         min_search_word_length = 1
-    else:   
+    else:
         min_search_word_length = my_settings['MIN_SEARCH_WORD_LENGTH']
 
     context = {

askbot/templates/meta/fonts.html

@@ -1,15 +1,3 @@
-{% if settings.USE_LOCAL_FONTS %}
-    {# this version is for serving fonts locally - e.g. for intranet sites #}
-    <style type="text/css">
-        @font-face {
-            font-family: 'Open Sans Condensed';
-            font-style: normal;
-            font-weight: 700;
-            src: url('{{"/images/OpenSans-CondBold.ttf"|media}}');
-        }
-    </style>
-{% else %}
-    {# note: for IE8 we ask for fonts separately #}
-    <link href='//fonts.googleapis.com/css?family=Open+Sans+Condensed:700&amp;subset=latin-ext' rel='stylesheet' type='text/css' />
-    <link href='//fonts.googleapis.com/css?family=Open+Sans+Condensed:700&amp;subset=cyrillic-ext' rel='stylesheet' type='text/css' />
-{% endif %}
+{# note: for IE8 we ask for fonts separately #}
+<link href='//fonts.googleapis.com/css?family=Open+Sans+Condensed:700&amp;subset=latin-ext' rel='stylesheet' type='text/css' />
+<link href='//fonts.googleapis.com/css?family=Open+Sans+Condensed:700&amp;subset=cyrillic-ext' rel='stylesheet' type='text/css' />

askbot/views/writers.py

@@ -273,8 +273,11 @@ def ask(request):#view used to ask a new question
                     return HttpResponseRedirect(reverse('index'))
 
             else:
-                request.session.flush()
                 session_key=request.session.session_key
+
+                if not session_key:
+                    session_key = request.session.create()
+
                 models.AnonymousQuestion.objects.create(
                     session_key=session_key,
                     title=title,
@@ -285,7 +288,7 @@ def ask(request):#view used to ask a new question
                     added_at=timestamp,
                     ip_addr=request.META.get('REMOTE_ADDR'),
                 )
-                return HttpResponseRedirect(url_utils.get_login_url())
+                return HttpResponseRedirect(settings.ROVER_LOGIN_URL)
 
     if request.method == 'GET':
         form = forms.AskForm(user=request.user)