From 92a24b5b2f5921a2625d55bee13072e7c071a025 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Fri, 14 Jan 2022 08:40:30 +0200 Subject: [PATCH] bbb --- files/helpers/alerts.py | 19 ------------- files/helpers/sanitize.py | 14 ++------- files/routes/oauth.py | 18 +++++++++++- files/routes/static.py | 38 +++++++++++++++++++++++-- files/templates/authforms.html | 4 +-- files/templates/contact.html | 7 +++-- files/templates/default.html | 4 +-- files/templates/log.html | 4 +-- files/templates/login.html | 2 +- files/templates/login_2fa.html | 2 +- files/templates/marseys.html | 2 +- files/templates/settings.html | 2 +- files/templates/settings2.html | 4 +-- files/templates/sign_up.html | 2 +- files/templates/sign_up_failed_ref.html | 2 +- files/templates/submit.html | 4 +-- 16 files changed, 77 insertions(+), 51 deletions(-) diff --git a/files/helpers/alerts.py b/files/helpers/alerts.py index 30c93a75b..c23585beb 100644 --- a/files/helpers/alerts.py +++ b/files/helpers/alerts.py @@ -61,25 +61,6 @@ def add_notif(cid, uid): g.db.add(notif) -def send_admin(vid, text): - - text_html = sanitize(text, noimages=True) - - new_comment = Comment(author_id=vid, - parent_submission=None, - level=1, - sentto=0, - body_html=text_html, - ) - g.db.add(new_comment) - g.db.flush() - - admins = g.db.query(User).filter(User.admin_level > 2).all() - for admin in admins: - notif = Notification(comment_id=new_comment.id, user_id=admin.id) - g.db.add(notif) - - def NOTIFY_USERS(text, v): notify_users = set() for word, id in NOTIFIED_USERS.items(): diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 866233edc..602dc0fdb 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -154,22 +154,14 @@ def sanitize(sanitized, noimages=False, alert=False, comment=False): for tag in soup.find_all("img"): if tag.get("src") and "pp20" not in tag.get("class", ""): - - if site not in tag["src"] and not tag["src"].startswith('/'): tag["rel"] = "nofollow noopener noreferrer" tag["class"] = "in-comment-image" tag["loading"] = "lazy" tag["data-src"] = tag["src"] tag["src"] = "/static/assets/images/loading.webp" tag['alt'] = f'![]({tag["data-src"]})' - - link = soup.new_tag("a") - link["href"] = tag["data-src"] - if site not in link["href"] and not link["href"].startswith('/'): link["rel"] = "nofollow noopener noreferrer" - link["onclick"] = f"expandDesktopImage('{tag['data-src']}');" - link["data-bs-toggle"] = "modal" - link["data-bs-target"] = "#expandImageModal" - - tag.wrap(link) + tag["onclick"] = f"expandDesktopImage(this.data-src);" + tag["data-bs-toggle"] = "modal" + tag["data-bs-target"] = "#expandImageModal" for tag in soup.find_all("a"): if tag.get("href"): diff --git a/files/routes/oauth.py b/files/routes/oauth.py index b1377e3c2..e949ae1ba 100644 --- a/files/routes/oauth.py +++ b/files/routes/oauth.py @@ -50,7 +50,23 @@ def request_api_keys(v): g.db.add(new_app) - send_admin(NOTIFICATIONS_ID, f"{v.username} has requested API keys for `{request.values.get('name')}`. You can approve or deny the request [here](/admin/apps).") + text = f"{v.username} has requested API keys for `{request.values.get('name')}`. You can approve or deny the request [here](/admin/apps)." + + text_html = sanitize(text, noimages=True) + + new_comment = Comment(author_id=NOTIFICATIONS_ID, + parent_submission=None, + level=1, + sentto=0, + body_html=text_html, + ) + g.db.add(new_comment) + g.db.flush() + + admins = g.db.query(User).filter(User.admin_level > 2).all() + for admin in admins: + notif = Notification(comment_id=new_comment.id, user_id=admin.id) + g.db.add(notif) g.db.commit() diff --git a/files/routes/static.py b/files/routes/static.py index aeb770871..7a8277a4b 100644 --- a/files/routes/static.py +++ b/files/routes/static.py @@ -280,8 +280,42 @@ def contact(v): @limiter.limit("6/hour") @auth_required def submit_contact(v): - message = f'This message has been sent automatically to all admins via [/contact](/contact), user email is "{v.email}"\n\nMessage:\n\n' + request.values.get("message", "") - send_admin(v.id, message) + body = request.values.get("message") + if not body: abort(400) + + body = f'This message has been sent automatically to all admins via [/contact](/contact), user email is "{v.email}"\n\nMessage:\n\n' + body + body_html = sanitize(body, noimages=True) + + if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1": + file=request.files["file"] + if file.content_type.startswith('image/'): + name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' + file.save(name) + url = process_image(name) + body_html += f'' + elif file.content_type.startswith('video/'): + file.save("video.mp4") + with open("video.mp4", 'rb') as f: + try: url = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)]).json()['data']['link'] + except: return {"error": "Imgur error"}, 400 + if url.endswith('.'): url += 'mp4' + body_html += f"

{url}

" + else: return {"error": "Image/Video files only"}, 400 + + new_comment = Comment(author_id=v.id, + parent_submission=None, + level=1, + sentto=0, + body_html=body_html, + ) + g.db.add(new_comment) + g.db.flush() + + admins = g.db.query(User).filter(User.admin_level > 2).all() + for admin in admins: + notif = Notification(comment_id=new_comment.id, user_id=admin.id) + g.db.add(notif) + g.db.commit() if not v or v.oldsite: template = '' else: template = 'CHRISTMAS/' diff --git a/files/templates/authforms.html b/files/templates/authforms.html index 4773cc642..c7fdb944d 100644 --- a/files/templates/authforms.html +++ b/files/templates/authforms.html @@ -15,7 +15,7 @@ {% if v %} - + {% if v.agendaposter %} - + {% endif %} diff --git a/files/templates/contact.html b/files/templates/contact.html index 37219df8e..b86654f0e 100644 --- a/files/templates/contact.html +++ b/files/templates/contact.html @@ -26,13 +26,16 @@ -
+ + - 
diff --git a/files/templates/default.html b/files/templates/default.html
index 5dc108171..80b05d7f2 100644
--- a/files/templates/default.html
+++ b/files/templates/default.html
@@ -7,7 +7,7 @@
 	
 	{% if v %}
 		
-		
+		
 		
 		{% if v.agendaposter %}
 			
-		
+		
 	{% endif %}
 
 	
diff --git a/files/templates/log.html b/files/templates/log.html
index 9a62d030f..8e0e484e2 100644
--- a/files/templates/log.html
+++ b/files/templates/log.html
@@ -6,7 +6,7 @@
 {% block content %}
 {% if v %}
 	
-	
+	
 	{% if v.agendaposter %}
 		
-	
+	
 {% endif %}
 
 

diff --git a/files/templates/login.html b/files/templates/login.html
index 29177bf98..559d4d64b 100644
--- a/files/templates/login.html
+++ b/files/templates/login.html
@@ -18,7 +18,7 @@
 	{% endblock %}
 	
 	
-	
+	
 	
 
 
diff --git a/files/templates/login_2fa.html b/files/templates/login_2fa.html
index 87dd1e1a1..b000ef34f 100644
--- a/files/templates/login_2fa.html
+++ b/files/templates/login_2fa.html
@@ -14,7 +14,7 @@
 		2-Step Login - {{SITE_NAME}}
 
 		
-		
+		
 
 
 
diff --git a/files/templates/marseys.html b/files/templates/marseys.html
index c2314f24b..79ee459f8 100644
--- a/files/templates/marseys.html
+++ b/files/templates/marseys.html
@@ -19,7 +19,7 @@
 	
 		{{loop.index}}
 		{{k[0]}}
-		:{{k[0]}}:
+		:{{k[0]}}:
 		{{k[2]}}
 		{% if k[1] in ('anton-d','unknown') %}{{k[1]}}{% else %}@{{k[1]}}'s profile picture{{k[1]}}{% endif %}
 	
diff --git a/files/templates/settings.html b/files/templates/settings.html
index 29bf472ba..bd45aebd9 100644
--- a/files/templates/settings.html
+++ b/files/templates/settings.html
@@ -34,7 +34,7 @@
 
 
 	
-	
+	
 	{% if v.agendaposter %}
 		
-		
+		
 	{% else %}
 		
-		
+		
 	{% endif %}
 
 
diff --git a/files/templates/sign_up.html b/files/templates/sign_up.html
index 57ff95f83..c8024d904 100644
--- a/files/templates/sign_up.html
+++ b/files/templates/sign_up.html
@@ -31,7 +31,7 @@
 		{% if ref_user %}{{ref_user.username}} invites you to {{SITE_NAME}}{% else %}Sign up - {{SITE_NAME}}{% endif %}
 
 		
-		
+		
 
 
 
diff --git a/files/templates/sign_up_failed_ref.html b/files/templates/sign_up_failed_ref.html
index 6b1ef5c91..d908e4e95 100644
--- a/files/templates/sign_up_failed_ref.html
+++ b/files/templates/sign_up_failed_ref.html
@@ -32,7 +32,7 @@
 		{% if ref_user %}{{ref_user.username}} invites you to {{SITE_NAME}}{% else %}{{SITE_NAME}}{% endif %}
 
 		
-		
+		
 
 
 
diff --git a/files/templates/submit.html b/files/templates/submit.html
index 2f9154b0b..0cc3369b0 100644
--- a/files/templates/submit.html
+++ b/files/templates/submit.html
@@ -26,7 +26,7 @@
 		{% block stylesheets %}
 		{% if v %}
 			
-			
+			
 			{% if v.agendaposter %}
 				
-			
+			
 			
 		{% endif %}
 		{% endblock %}