add more user input santitation

README.md

@@ -10,12 +10,21 @@ Install python and pip on local machine
 pip install virtualenv
 python -m venv venv #/path/to/new/virtual/environment
 source venv/bin/activate #activate virtual env
-pip install -r requirements.txt
+pip install -r requirments.txt
 python3 ./init_db.py #initialize database
 
 python3 ./run.py #run project
 ```
 
+# On database changes
+
+Delete file `/instance/taskmanager.db`
+And reinit the db
+
+```shell
+python3 ./init_db.py  
+```
+
 # Build app
 
 ```bash

taskmanager/routes.py

@@ -1,10 +1,14 @@
+import configparser
+import os
+
 from flask import render_template, request, redirect
+
 from taskmanager import app, db
 from taskmanager.functions import *
 from taskmanager.models import *
-import configparser
 
-CONFIG_PATH = "/var/taskmanager/taskmanager/config.ini"
+PROJECT_PATH = os.path.abspath(os.path.dirname(__file__))
+CONFIG_PATH = os.path.join(PROJECT_PATH, "config.ini")
 
 config = configparser.ConfigParser()
 config.read(CONFIG_PATH)
@@ -25,7 +29,7 @@ def addtask():
         username = request.form['username']
         # Input sanitation
         # Task name
-        if not taskname.isprintable():
+        if not taskname.printable() or ("<" in taskname and ">" in taskname):
             return render_template('pages/response.html', response = "Task name has to be made only of letters or numbers.")
         if len(taskname) < 1 or len(taskname) > 40:
             return render_template('pages/response.html', response = "Task name lenght invalid, only smaller then 40 charachters allowed")
@@ -43,7 +47,7 @@ def addtask():
  
         # Task descripton
         if taskdesc != '':
-            if not taskdesc.isprintable():
+            if not taskdesc.isprintable() or ("<" in taskdesc and ">" in taskdesc):
                 return render_template('pages/response.html', response = "Task description has to be made of printable characters.")
             if len(taskdesc) > 2000:
                 return render_template('pages/response.html', response = "Task description lenght invalid, only smaller then 2000 charachters allowed")
@@ -72,7 +76,7 @@ def register():
 
         # Contact
         if contact != '':
-            if not contact.isprintable():
+            if not contact.isprintable() or ("<" in contact and ">" in contact):
                 return render_template('pages/response.html', response = "Contact information has to be made of printable characters.")
             if len(contact) > 100:
                 return render_template('pages/response.html', response = "Contact lenght invalid, only smaller then 100 charachters allowed")