diff --git a/files/helpers/alerts.py b/files/helpers/alerts.py index 5d7fae9e2c..a0eb82dbd1 100644 --- a/files/helpers/alerts.py +++ b/files/helpers/alerts.py @@ -89,12 +89,12 @@ def NOTIFY_USERS(text, v): captured = [] for i in mention_regex.finditer(text): - if v.username.lower() == i.group(1).lower(): continue + if v.username.lower() == i.group(2).lower(): continue if i.group(0) in captured: continue captured.append(i.group(0)) - user = get_user(i.group(1), graceful=True) + user = get_user(i.group(2), graceful=True) if user and v.id != user.id and not v.any_block_exists(user): notify_users.add(user.id) if SITE_NAME == "WPD" and 'daisy' in text.lower(): diff --git a/files/helpers/regex.py b/files/helpers/regex.py index c57220395a..e08c6ded88 100644 --- a/files/helpers/regex.py +++ b/files/helpers/regex.py @@ -4,7 +4,7 @@ from random import choice, choices valid_username_chars = 'a-zA-Z0-9_\-' valid_username_regex = re.compile("^[a-zA-Z0-9_\-]{3,25}$", flags=re.A) -mention_regex = re.compile('@(([a-zA-Z0-9_\-]){1,25})($|[^a-zA-Z0-9_\-])', flags=re.A) +mention_regex = re.compile('(^|\s|>)@(([a-zA-Z0-9_\-]){1,25})(?![^<]*<\/(code|pre|a)>)', flags=re.A) valid_password_regex = re.compile("^.{8,100}$", flags=re.A) @@ -61,8 +61,8 @@ torture_regex_exclude = re.compile('^\s*>', flags=re.A) image_check_regex = re.compile(f'!\[\]\(((?!(https:\/\/([a-z0-9-]+\.)*({hosts})\/|\/)).*?)\)', flags=re.A) -video_sub_regex = re.compile(f'(

[^<]*)(https:\/\/([a-z0-9-]+\.)*({hosts})\/[\w:~,()\-.#&\/=?@%;+]*?\.(mp4|webm|mov))', flags=re.A) -audio_sub_regex = re.compile(f'(

[^<]*)(https:\/\/([a-z0-9-]+\.)*({hosts})\/[\w:~,()\-.#&\/=?@%;+]*?\.(mp3|wav|ogg|aac|m4a|flac))', flags=re.A) +video_sub_regex = re.compile(f'(https:\/\/([a-z0-9-]+\.)*({hosts})\/[\w:~,()\-.#&\/=?@%;+]*?\.(mp4|webm|mov))', flags=re.A) +audio_sub_regex = re.compile(f'(https:\/\/([a-z0-9-]+\.)*({hosts})\/[\w:~,()\-.#&\/=?@%;+]*?\.(mp3|wav|ogg|aac|m4a|flac))', flags=re.A) imgur_regex = re.compile('(https:\/\/i\.imgur\.com\/[a-z0-9]+)\.(jpg|png|jpeg|webp)', flags=re.I|re.A) giphy_regex = re.compile('(https:\/\/media\.giphy\.com\/media\/[a-z0-9]+\/giphy)\.gif', flags=re.I|re.A) diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 8357886c28..3de65c6192 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -245,16 +245,20 @@ def sanitize(sanitized, edit=False, limit_pings=False, showmore=True): v = getattr(g, 'v', None) matches = [m for m in mention_regex.finditer(sanitized) if m] - names = set(m.group(1) for m in matches) + names = set(m.group(2) for m in matches) if limit_pings and len(names) > 3 and not v.admin_level: abort(406) users = get_users(names, graceful=True) for u in users: if not u: continue - m = [m for m in matches if u.username.lower() == m.group(1).lower() or u.original_username.lower() == m.group(1).lower()] + m = [m for m in matches if u.username.lower() == m.group(2).lower() or u.original_username.lower() == m.group(2).lower()] for i in m: if not (v and v.any_block_exists(u)) or (v and v.admin_level >= 2): - sanitized = sanitized.replace(i.group(0), f'''@{u.username}{i.group(3)}''') + sanitized = re.sub( + f'{i.group(0)}($|[^a-zA-Z0-9_\-])', + rf'''{i.group(1)}@{u.username}\1''', + sanitized + ) soup = BeautifulSoup(sanitized, 'lxml') @@ -335,8 +339,8 @@ def sanitize(sanitized, edit=False, limit_pings=False, showmore=True): sanitized = sanitized.replace(i.group(0), htmlsource) - sanitized = video_sub_regex.sub(r'\1', sanitized) - sanitized = audio_sub_regex.sub(r'\1', sanitized) + sanitized = video_sub_regex.sub(r'', sanitized) + sanitized = audio_sub_regex.sub(r'', sanitized) if not edit: for marsey in g.db.query(Marsey).filter(Marsey.name.in_(marseys_used)).all():