From aee58baa9023e1d99b89447a60f69dc3803d3ee6 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Wed, 1 Dec 2021 19:17:27 +0200 Subject: [PATCH 1/3] fdssdf --- files/classes/user.py | 2 +- files/routes/comments.py | 4 ++-- files/routes/settings.py | 2 +- files/routes/users.py | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/files/classes/user.py b/files/classes/user.py index c551ab6e4b..08dafb8dbc 100644 --- a/files/classes/user.py +++ b/files/classes/user.py @@ -27,7 +27,7 @@ cardview = bool(int(environ.get("CARD_VIEW", 1))) class User(Base): __tablename__ = "users" - if "pcmemes.net" in site: + if site == "pcmemes.net": quadrant = Column(String) basedcount = Column(Integer, default=0) pills = deferred(Column(String, default="")) diff --git a/files/routes/comments.py b/files/routes/comments.py index b53ff2533e..61deea83b7 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -52,7 +52,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None): if not pid: if comment.parent_submission: pid = comment.parent_submission elif "rama" in request.host: pid = 6489 - elif 'pcmemes.net' in request.host: pid = 2487 + elif 'pcmemes.net' == request.host: pid = 2487 else: pid = 1 try: pid = int(pid) @@ -300,7 +300,7 @@ def api_comment(v): g.db.add(c_option) - if 'pcmemes.net' in request.host and c.body.lower().startswith("based"): + if 'pcmemes.net' == request.host and c.body.lower().startswith("based"): pill = re.match("based and (.{1,20}?)(-| )pilled", body, re.IGNORECASE) if level == 1: basedguy = get_account(c.post.author_id) diff --git a/files/routes/settings.py b/files/routes/settings.py index 537369e7b3..3a47b2dc70 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -388,7 +388,7 @@ def settings_profile_post(v): updated = True quadrant = request.values.get("quadrant") - if quadrant and 'pcmemes.net' in request.host.lower(): + if quadrant and 'pcmemes.net' == request.host.lower(): v.quadrant = quadrant v.customtitle = quadrant if quadrant=="Centrist": diff --git a/files/routes/users.py b/files/routes/users.py index 7bd6491772..22db2bd9eb 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -270,7 +270,7 @@ def leaderboard(v): - if 'pcmemes.net' in request.host: + if 'pcmemes.net' == request.host: users6 = users.order_by(User.basedcount.desc()).limit(10).all() return render_template("leaderboard.html", v=v, users1=users1, users2=users2, users3=users3, users4=users4, users5=users5, users6=users6, users7=users7, users9=users9) return render_template("leaderboard.html", v=v, users1=users1, users2=users2, users3=users3, users4=users4, users5=users5, users7=users7, users9=users9) From fb700b7bdef42ace0354cb579575fa1c386b0842 Mon Sep 17 00:00:00 2001 From: Aevann1 <59999695+Aevann1@users.noreply.github.com> Date: Wed, 1 Dec 2021 09:18:02 -0800 Subject: [PATCH 2/3] Create codeql-analysis.yml --- .github/workflows/codeql-analysis.yml | 70 +++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000000..b7ad2f868d --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,70 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '18 19 * * 1' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'javascript', 'python' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://git.io/codeql-language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 From 7debf6766ca970287fde8690a471fcba28874a43 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Wed, 1 Dec 2021 19:25:28 +0200 Subject: [PATCH 3/3] sfdds --- files/classes/submission.py | 2 +- files/helpers/sanitize.py | 8 ++++---- files/routes/posts.py | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/files/classes/submission.py b/files/classes/submission.py index 7702c7a5d1..6781104087 100644 --- a/files/classes/submission.py +++ b/files/classes/submission.py @@ -216,7 +216,7 @@ class Submission(Base): if self.over_18: return f"http://{site}/assets/images/nsfw.webp" elif not self.url: return f"http://{site}/assets/images/{site_name}/default_text.webp" elif self.thumburl: return self.thumburl - elif "youtu.be" in self.domain or "youtube.com" in self.domain: return f"http://{site}/assets/images/default_thumb_yt.webp" + elif "youtu.be" in self.domain or "youtube.com" == self.domain: return f"http://{site}/assets/images/default_thumb_yt.webp" else: return f"http://{site}/assets/images/default_thumb_link.webp" @property diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 5224e0e205..fd1fb11327 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -95,7 +95,7 @@ def sanitize(sanitized, noimages=False): sanitized = sanitized.replace("\ufeff", "").replace("đ’Ē","") - for i in re.finditer('https://i.imgur.com/(([^_]*?)\.(jpg|png|jpeg))', sanitized): + for i in re.finditer('https://i\.imgur\.com/(([^_]*?)\.(jpg|png|jpeg))', sanitized): sanitized = sanitized.replace(i.group(1), i.group(2) + "_d." + i.group(3) + "?maxwidth=9999") if noimages: @@ -208,7 +208,7 @@ def sanitize(sanitized, noimages=False): sanitized = sanitized.replace("https://www.", "https://").replace("https://youtu.be/", "https://youtube.com/watch?v=").replace("https://music.youtube.com/watch?v=", "https://youtube.com/watch?v=").replace("https://open.spotify.com/", "https://open.spotify.com/embed/").replace("https://streamable.com/", "https://streamable.com/e/").replace("https://youtube.com/shorts/", "https://youtube.com/watch?v=").replace("https://mobile.twitter", "https://twitter").replace("https://m.facebook", "https://facebook").replace("https://m.wikipedia", "https://wikipedia").replace("https://m.youtube", "https://youtube") - for i in re.finditer('" target="_blank">(https://youtube.com/watch\?v\=.*?)', sanitized): + for i in re.finditer('" target="_blank">(https://youtube\.com/watch\?v\=.*?)', sanitized): url = i.group(1) replacing = f'{url}' url = url.replace("watch?v=", "embed/").replace("&t", "?start").replace("?t", "?start") @@ -216,7 +216,7 @@ def sanitize(sanitized, noimages=False): htmlsource = f'' sanitized = sanitized.replace(replacing, htmlsource) - for i in re.finditer('{url}' htmlsource = f'' @@ -225,7 +225,7 @@ def sanitize(sanitized, noimages=False): for i in re.finditer('

(https:.*?\.mp4)

', sanitized): sanitized = sanitized.replace(i.group(0), f'

') - for i in re.finditer('{url}' htmlsource = f'' diff --git a/files/routes/posts.py b/files/routes/posts.py index 9bda08cde1..d3321a8dff 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -622,7 +622,7 @@ def submit_post(v): if domain_obj: if request.headers.get("Authorization"): return {"error":domain_obj.reason}, 400 else: return render_template("submit.html", v=v, error=domain_obj.reason, title=title, url=url, body=request.values.get("body", "")), 400 - elif "twitter.com" in domain: + elif "twitter.com" == domain: try: embed = requests.get("https://publish.twitter.com/oembed", timeout=5, params={"url":url, "omit_script":"t"}).json()["html"] except: embed = None elif "youtu" in domain: