checks for arguments

app.py

@@ -16,6 +16,8 @@ Session(app)
 @app.route('/')
 def index():
     tab = request.args.get("tab", default="what", type=str)
+    if tab not in [ "what", "how", "why", "about" ]:
+        tab = "what"
     return render_template("index.html", tab=tab)
 
 @app.route('/party', methods = ["GET"])
@@ -29,6 +31,12 @@ def party():
         count = request.args.get("count", default=4, type=int)
         level = request.args.get("level", default=1, type=int)
         cache = request.args.get("cache", default='true', type=str)
+        if cache not in [ "true", "false" ]:
+            cache = 'true'
+        if level < 1 or level > 5:
+            level = 1
+        if count < 2 or count > 5:
+            count = 4
         adv_party = returnParty(count, level) 
         # check for cookies present
         if request.cookies:
@@ -78,6 +86,14 @@ def character():
         level = request.args.get("level", default=1, type=int)
         role = request.args.get("role", default="fighter", type=str)
         cache = request.args.get("cache", default='true', type=str)
+        if cache not in [ "true", "false" ]:
+            cache = 'true'
+        if not c_id.startswith('adv-'):
+            c_id = 'adv-1'
+        if level < 1 or level > 5:
+            level = 1
+        if role not in [ 'fighter','magic-user','cleric', 'thief', 'dwarf', 'elf', 'halfling']:
+            role = 'fighter'
         if request.cookies and cache != "false":
             cookie_encoded = request.cookies[c_id]
             cookie_compressed = base64.urlsafe_b64decode(cookie_encoded)