From 981692550fdffe2e0ea5261948c535ff83c79e92 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Fri, 5 Aug 2022 17:14:22 +0200 Subject: [PATCH] fix ping limiting being applies on all instances of "sanitize()" --- files/helpers/sanitize.py | 4 ++-- files/routes/comments.py | 4 ++-- files/routes/posts.py | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 4d9ac68d1..9f21b11f8 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -214,7 +214,7 @@ def with_sigalrm_timeout(timeout: int): @with_sigalrm_timeout(2) -def sanitize(sanitized, edit=False): +def sanitize(sanitized, edit=False, limit_pings=False): sanitized = sanitized.strip() sanitized = normalize_url(sanitized) @@ -246,7 +246,7 @@ def sanitize(sanitized, edit=False): matches = [ m for m in mention_regex.finditer(sanitized) if m ] names = set( m.group(2) for m in matches ) - if len(names) > 3 and not v.admin_level: abort(406) + if limit_pings and len(names) > 3 and not v.admin_level: abort(406) users = get_users(names, graceful=True) for u in users: diff --git a/files/routes/comments.py b/files/routes/comments.py index 36b028fef..1f2cf22c6 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -284,7 +284,7 @@ def api_comment(v): if v.agendaposter and not v.marseyawarded and parent_post.id not in ADMIGGERS: body = torture_ap(body, v.username) - body_html = sanitize(body) + body_html = sanitize(body, limit_pings=True) if parent_post.id not in ADMIGGERS and '!slots' not in body.lower() and '!blackjack' not in body.lower() and '!wordle' not in body.lower() and AGENDAPOSTER_PHRASE not in body.lower(): @@ -713,7 +713,7 @@ def edit_comment(cid, v): body = body.strip() - body_html = sanitize(body, edit=True) + body_html = sanitize(body, edit=True, limit_pings=True) if len(body_html) > 20000: abort(400) diff --git a/files/routes/posts.py b/files/routes/posts.py index 66e4ab6b7..225ddcd38 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -432,7 +432,7 @@ def edit_post(pid, v): g.db.add(option) - body_html = sanitize(body, edit=True) + body_html = sanitize(body, edit=True, limit_pings=True) if v.id == p.author_id and v.marseyawarded and marseyaward_body_regex.search(body_html): return {"error":"You can only type marseys!"}, 403 @@ -875,7 +875,7 @@ def submit_post(v, sub=None): body = body.strip() - body_html = sanitize(body) + body_html = sanitize(body, limit_pings=True) if v.marseyawarded and marseyaward_body_regex.search(body_html): return error("You can only type marseys!")