From bb6d543bdba66fb0c9326483c80ef8e6f62166ec Mon Sep 17 00:00:00 2001
From: Guillaume Horel <guillaume.horel@gmail.com>
Date: Mon, 23 Nov 2020 21:10:20 -0500
Subject: bugfix

the code was so secure to injections, that even the form fields were not
allowed.
---
 famille.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/famille.py b/famille.py
index a3b844d..9481dac 100644
--- a/famille.py
+++ b/famille.py
@@ -272,8 +272,8 @@ def edit_user():
     elif request.method == 'POST':
         result = {}
         result['notify'] = "notify" in request.form
-        for k in ["birthday", "nameday", "email", "phone", "adress_line1",
-                  "adress_line2", "adress_city_line", "timezone"]:
+        for k in ["birthday", "nameday", "email", "phone", "address_line1",
+                  "address_line2", "address_city_line", "timezone"]:
             if k in request.form:
                 result[k] = request.form[k]
         set_string = ",".join([f"{k}=?" for k in result.keys()])
-- 
cgit v1.2.3-70-g09d2