diff --git a/files/classes/submission.py b/files/classes/submission.py index e31508b39..1eda5a81a 100644 --- a/files/classes/submission.py +++ b/files/classes/submission.py @@ -401,7 +401,7 @@ class Submission(Base, Stndrd, Age_times, Scores, Fuzzing): @property def is_image(self): - if self.url: return self.url.lower().endswith('.jpg') or self.url.lower().endswith('.png') or self.url.lower().endswith('.gif') or self.url.lower().endswith('.jpeg') or self.url.lower().endswith('?maxwidth=9999') or self.url.lower().endswith('?maxwidth=8888') + if self.url: return self.url.lower().endswith('.jpg') or self.url.lower().endswith('.png') or self.url.lower().endswith('.gif') or self.url.lower().endswith('.jpeg') or self.url.lower().endswith('?maxwidth=9999') else: return False @property diff --git a/files/helpers/alerts.py b/files/helpers/alerts.py index a16e9fda1..5b5d3389d 100644 --- a/files/helpers/alerts.py +++ b/files/helpers/alerts.py @@ -14,7 +14,7 @@ def send_notification(vid, user, text): with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text)) - text_html = sanitize(text_html, linkgen=True) + text_html = sanitize(text_html) new_comment = Comment(author_id=vid, parent_submission=None, @@ -39,7 +39,7 @@ def send_pm(vid, user, text): with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text)) - text_html = sanitize(text_html, linkgen=True) + text_html = sanitize(text_html) new_comment = Comment(author_id=vid, parent_submission=None, @@ -62,7 +62,7 @@ def send_follow_notif(vid, user, text): text = text.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text)) - text_html = sanitize(text_html, linkgen=True) + text_html = sanitize(text_html) new_comment = Comment(author_id=NOTIFICATIONS_ACCOUNT, parent_submission=None, @@ -88,7 +88,7 @@ def send_unfollow_notif(vid, user, text): with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text)) - text_html = sanitize(text_html, linkgen=True) + text_html = sanitize(text_html) new_comment = Comment(author_id=NOTIFICATIONS_ACCOUNT, parent_submission=None, @@ -114,7 +114,7 @@ def send_block_notif(vid, user, text): with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text)) - text_html = sanitize(text_html, linkgen=True) + text_html = sanitize(text_html) new_comment = Comment(author_id=NOTIFICATIONS_ACCOUNT, parent_submission=None, @@ -140,7 +140,7 @@ def send_unblock_notif(vid, user, text): with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text)) - text_html = sanitize(text_html, linkgen=True) + text_html = sanitize(text_html) new_comment = Comment(author_id=NOTIFICATIONS_ACCOUNT, parent_submission=None, @@ -166,7 +166,7 @@ def send_admin(vid, text): with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text)) - text_html = sanitize(text_html, linkgen=True) + text_html = sanitize(text_html) new_comment = Comment(author_id=vid, parent_submission=None, diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 827d24fe5..a3558b8a7 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -59,8 +59,7 @@ _allowed_styles =[ # filter to make all links show domain on hover - -def a_modify(attrs, new=False): +def a_modify(attrs, whatever): raw_url=attrs.get((None, "href"), None) if raw_url: @@ -85,16 +84,14 @@ def a_modify(attrs, new=False): return attrs +def sanitize(sanitized): + sanitized = sanitized.replace("\ufeff", "").replace("m.youtube.com", "youtube.com") + for i in re.finditer('https://i.imgur.com/(([^_]*?)\.(jpg|png|jpeg))', sanitized): + sanitized = sanitized.replace(i.group(1), i.group(2) + "_d." + i.group(3) + "?maxwidth=9999") - -_clean_wo_links = bleach.Cleaner(tags=_allowed_tags, - attributes=_allowed_attributes, - protocols=_allowed_protocols, - ) - -_clean_w_links = bleach.Cleaner(tags=_allowed_tags, + sanitized = bleach.Cleaner(tags=_allowed_tags, attributes=_allowed_attributes, protocols=_allowed_protocols, styles=_allowed_styles, @@ -104,74 +101,64 @@ _clean_w_links = bleach.Cleaner(tags=_allowed_tags, callbacks=[a_modify] ) ] - ) + ).clean(sanitized) + + #soupify + soup = BeautifulSoup(sanitized, features="html.parser") + + #img elements - embed + for tag in soup.find_all("img"): + + url = tag.get("src", "") + if not url: continue + + if "profile-pic-20" not in tag.get("class", ""): + #print(tag.get('class')) + # set classes and wrap in link + + tag["rel"] = "nofollow" + tag["style"] = "max-height: 100px; max-width: 100%;" + tag["class"] = "in-comment-image rounded-sm my-2" + + link = soup.new_tag("a") + link["href"] = tag["src"] + link["rel"] = "nofollow noopener" + link["target"] = "_blank" + + link["onclick"] = f"expandDesktopImage('{tag['src']}');" + link["data-toggle"] = "modal" + link["data-target"] = "#expandImageModal" + + tag.wrap(link) + + #disguised link preventer + for tag in soup.find_all("a"): + + if re.match("https?://\S+", str(tag.string)): + try: + tag.string = tag["href"] + except: + tag.string = "" + + #clean up tags in code + for tag in soup.find_all("code"): + tag.contents=[x.string for x in tag.contents if x.string] + + #whatever else happens with images, there are only two sets of classes allowed + for tag in soup.find_all("img"): + if 'profile-pic-20' not in tag.attrs.get("class",""): + tag.attrs['class']="in-comment-image rounded-sm my-2" + + #table format + for tag in soup.find_all("table"): + tag.attrs['class']="table table-striped" + + for tag in soup.find_all("thead"): + tag.attrs['class']="bg-primary text-white" -def sanitize(text, linkgen=False): + sanitized = str(soup) - text = text.replace("\ufeff", "").replace("m.youtube.com", "youtube.com") - - if linkgen: - sanitized = _clean_w_links.clean(text) - - #soupify - soup = BeautifulSoup(sanitized, features="html.parser") - - #img elements - embed - for tag in soup.find_all("img"): - - url = tag.get("src", "") - if not url: continue - - if "profile-pic-20" not in tag.get("class", ""): - #print(tag.get('class')) - # set classes and wrap in link - - tag["rel"] = "nofollow" - tag["style"] = "max-height: 100px; max-width: 100%;" - tag["class"] = "in-comment-image rounded-sm my-2" - - link = soup.new_tag("a") - link["href"] = tag["src"] - link["rel"] = "nofollow noopener" - link["target"] = "_blank" - - link["onclick"] = f"expandDesktopImage('{tag['src']}');" - link["data-toggle"] = "modal" - link["data-target"] = "#expandImageModal" - - tag.wrap(link) - - #disguised link preventer - for tag in soup.find_all("a"): - - if re.match("https?://\S+", str(tag.string)): - try: - tag.string = tag["href"] - except: - tag.string = "" - - #clean up tags in code - for tag in soup.find_all("code"): - tag.contents=[x.string for x in tag.contents if x.string] - - #whatever else happens with images, there are only two sets of classes allowed - for tag in soup.find_all("img"): - if 'profile-pic-20' not in tag.attrs.get("class",""): - tag.attrs['class']="in-comment-image rounded-sm my-2" - - #table format - for tag in soup.find_all("table"): - tag.attrs['class']="table table-striped" - - for tag in soup.find_all("thead"): - tag.attrs['class']="bg-primary text-white" - - - sanitized = str(soup) - - else: - sanitized = _clean_wo_links.clean(text) start = '<s>' end = '</s>' diff --git a/files/routes/admin.py b/files/routes/admin.py index dca56ca8d..6623cbce0 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -567,7 +567,7 @@ def admin_title_change(user_id, v): new_name=request.form.get("title").strip() user.customtitleplain=new_name - new_name = sanitize(new_name, linkgen=True) + new_name = sanitize(new_name) user=g.db.query(User).with_for_update().options(lazyload('*')).filter_by(id=user.id).first() user.customtitle=new_name @@ -704,7 +704,7 @@ def ban_post(post_id, v): ban_reason = ban_reason.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") with CustomRenderer() as renderer: ban_reason = renderer.render(mistletoe.Document(ban_reason)) - ban_reason = sanitize(ban_reason, linkgen=True) + ban_reason = sanitize(ban_reason) post.ban_reason = ban_reason diff --git a/files/routes/comments.py b/files/routes/comments.py index 015f7e6bc..14428fca8 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -158,7 +158,7 @@ def api_comment(v): for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|PNG|JPG|JPEG|GIF|9999))', body, re.MULTILINE): body = body.replace(i.group(1), f'![]({i.group(1)})') body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") with CustomRenderer(post_id=parent_id) as renderer: body_md = renderer.render(mistletoe.Document(body)) - body_html = sanitize(body_md, linkgen=True) + body_html = sanitize(body_md) # Run safety filter bans = filter_comment_html(body_html) @@ -281,7 +281,7 @@ def api_comment(v): body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") with CustomRenderer(post_id=parent_id) as renderer: body_md = renderer.render(mistletoe.Document(body)) - body_html = sanitize(body_md, linkgen=True) + body_html = sanitize(body_md) c_aux = CommentAux( id=c.id, @@ -341,7 +341,7 @@ def api_comment(v): body = random.choice(LONGPOST_REPLIES) body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") with CustomRenderer(post_id=parent_id) as renderer: body_md = renderer.render(mistletoe.Document(body)) - body_html2 = sanitize(body_md, linkgen=True) + body_html2 = sanitize(body_md) c_aux = CommentAux( id=c2.id, body_html=body_html2, @@ -371,7 +371,7 @@ def api_comment(v): body = "zoz" with CustomRenderer(post_id=parent_id) as renderer: body_md = renderer.render(mistletoe.Document(body)) - body_html2 = sanitize(body_md, linkgen=True) + body_html2 = sanitize(body_md) c_aux = CommentAux( id=c2.id, body_html=body_html2, @@ -397,7 +397,7 @@ def api_comment(v): body = "zle" with CustomRenderer(post_id=parent_id) as renderer: body_md = renderer.render(mistletoe.Document(body)) - body_html2 = sanitize(body_md, linkgen=True) + body_html2 = sanitize(body_md) c_aux = CommentAux( id=c3.id, body_html=body_html2, @@ -423,7 +423,7 @@ def api_comment(v): body = "zozzle" with CustomRenderer(post_id=parent_id) as renderer: body_md = renderer.render(mistletoe.Document(body)) - body_html2 = sanitize(body_md, linkgen=True) + body_html2 = sanitize(body_md) c_aux = CommentAux( id=c4.id, body_html=body_html2, @@ -530,7 +530,7 @@ def edit_comment(cid, v): for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|PNG|JPG|JPEG|GIF|9999))', body, re.MULTILINE): body = body.replace(i.group(1), f'![]({i.group(1)})') body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") with CustomRenderer(post_id=c.post.id) as renderer: body_md = renderer.render(mistletoe.Document(body)) - body_html = sanitize(body_md, linkgen=True) + body_html = sanitize(body_md) bans = filter_comment_html(body_html) @@ -624,7 +624,7 @@ def edit_comment(cid, v): body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") with CustomRenderer(post_id=c.parent_submission) as renderer: body_md = renderer.render(mistletoe.Document(body)) - body_html = sanitize(body_md, linkgen=True) + body_html = sanitize(body_md) c.body = body c.body_html = body_html diff --git a/files/routes/posts.py b/files/routes/posts.py index 752af894e..811c407fd 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -241,7 +241,7 @@ def edit_post(pid, v): body = request.form.get("body", "") for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|PNG|JPG|JPEG|GIF|9999))', body, re.MULTILINE): body = body.replace(i.group(1), f'![]({i.group(1)})') with CustomRenderer() as renderer: body_md = renderer.render(mistletoe.Document(body)) - body_html = sanitize(body_md, linkgen=True) + body_html = sanitize(body_md) # Run safety filter bans = filter_comment_html(body_html) @@ -559,7 +559,7 @@ def submit_post(v): else: url = "" - if "i.imgur.com" in url: url = url.replace(".png", "_d.png").replace(".jpg", "_d.jpg").replace(".jpeg", "_d.jpeg") + "?maxwidth=8888" + if "i.imgur.com" in url: url = url.replace(".png", "_d.png").replace(".jpg", "_d.jpg").replace(".jpeg", "_d.jpeg") + "?maxwidth=9999" body = request.form.get("body", "") # check for duplicate @@ -606,7 +606,7 @@ def submit_post(v): if t: embed = f"https://youtube.com/embed/{yt_id}?start={t}" else: embed = f"https://youtube.com/embed/{yt_id}" - elif app.config['SERVER_NAME'] in domain and "/post/" in url: + elif app.config['SERVER_NAME'] in domain and "/post/" in url and "context" not in url: id = url.split("/post/")[1] if "/" in id: id = id.split("/")[0] embed = id @@ -704,7 +704,7 @@ def submit_post(v): for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|PNG|JPG|JPEG|GIF|9999))', body, re.MULTILINE): body = body.replace(i.group(1), f'![]({i.group(1)})') with CustomRenderer() as renderer: body_md = renderer.render(mistletoe.Document(body)) - body_html = sanitize(body_md, linkgen=True) + body_html = sanitize(body_md) # Run safety filter bans = filter_comment_html(body_html) @@ -893,7 +893,7 @@ def submit_post(v): body += f"Snapshots:\n\n* [reveddit.com](https://reveddit.com/{new_post.url})\n* [archive.org](https://web.archive.org/{new_post.url})\n* [archive.ph](https://archive.ph/?url={urllib.parse.quote(new_post.url)}&run=1) (click to archive)" gevent.spawn(archiveorg, new_post.url) with CustomRenderer(post_id=new_post.id) as renderer: body_md = renderer.render(mistletoe.Document(body)) - body_html = sanitize(body_md, linkgen=True) + body_html = sanitize(body_md) c_aux = CommentAux( id=c.id, body_html=body_html, diff --git a/files/routes/settings.py b/files/routes/settings.py index 4d22b9778..28477a011 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -82,7 +82,7 @@ def settings_profile_post(v): for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|PNG|JPG|JPEG|GIF|9999))', bio, re.MULTILINE): bio = bio.replace(i.group(1), f'![]({i.group(1)})') bio = bio.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") with CustomRenderer() as renderer: bio_html = renderer.render(mistletoe.Document(bio)) - bio_html = sanitize(bio_html, linkgen=True) + bio_html = sanitize(bio_html) # Run safety filter bans = filter_comment_html(bio_html) diff --git a/files/routes/users.py b/files/routes/users.py index 6d8718915..d70b9baef 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -115,7 +115,7 @@ def messagereply(v, username, id): if existing: return redirect('/notifications?messages=true') with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(message)) - text_html = sanitize(text_html, linkgen=True) + text_html = sanitize(text_html) parent = get_comment(int(id), v=v) new_comment = Comment(author_id=v.id, parent_submission=None, diff --git a/files/templates/admins.html b/files/templates/admins.html index 4c1fd7d5d..280d7d5b4 100644 --- a/files/templates/admins.html +++ b/files/templates/admins.html @@ -4,7 +4,7 @@ {% block content %}
-
+ {% for f in c.ordered_flags %} +- @{{f.user.username}}{% if f.reason %}: {{f.reason | safe}}{% endif %}
+ {% endfor %}
+
+- {% for f in c.ordered_flags %} -- @{{f.user.username}}{% if f.reason %}: {{f.reason | safe}}{% endif %}
- {% endfor %}
-
-@@ -311,7 +314,7 @@ {% endif %} {% if v and v.admin_level==6 and v.id != c.author_id %} - {% if c.author.is_banned %} + {% if c.author.is_suspended %}- Unban user
{% else %}
- Ban user
@@ -470,7 +473,7 @@
{% if v and (c.post and v.admin_level == 6) %}
{% if c.author_id != v.id %}
- {% if c.author.is_banned %}
+ {% if c.author.is_suspended %}
- Unban user
{% else %}
- Ban user
diff --git a/files/templates/default.html b/files/templates/default.html
index 706fb34cb..9bce37061 100644
--- a/files/templates/default.html
+++ b/files/templates/default.html
@@ -1034,7 +1034,7 @@
-
+
{% include "header.html" %}
diff --git a/files/templates/settings2.html b/files/templates/settings2.html
index 850fe2ca2..b2662ad13 100644
--- a/files/templates/settings2.html
+++ b/files/templates/settings2.html
@@ -98,7 +98,7 @@
Leaderboard
-
- admins
+ Admins
-
Moderation Log
diff --git a/files/templates/submission.html b/files/templates/submission.html
index 191cd9206..f36627b5c 100644
--- a/files/templates/submission.html
+++ b/files/templates/submission.html
@@ -159,7 +159,7 @@
{% endif %}
{% if v and v.admin_level == 6 and v.id!=p.author_id %}
- {% if p.author.is_banned %}
+ {% if p.author.is_suspended %}
{% else %}
@@ -194,7 +194,7 @@
-
+
{% if p.thumb_url and not p.embed_url %}
@@ -225,7 +225,9 @@
{% if p.over_18 %}+18{% endif %}
{% if p.private %}unlisted{% endif %}
{% if p.active_flags %}{{p.active_flags}} Reports{% endif %}
- {{p.author.username}}{% if p.author.customtitle %} {{p.author.customtitle | safe}}{% endif %}
+ {% if p.author.verified %}
+ {% endif %}
+ {{p.author.username}}{% if p.author.customtitle %} {{p.author.customtitle | safe}}{% endif %}
{{p.age_string}}
({% if p.realurl(v) %}{{p.domain}}{% else %}text post{% endif %})
@@ -234,6 +236,18 @@
{{p.views}} views
+ {% if p.active_flags %}
+
+ Reported by:
+
+
+ {% endif %}
+
{% if p.realurl(v) %}
- {% if v and v.id==p.author_id and not v.is_banned %}
+ {% if v and v.id==p.author_id and not v.is_suspended %}
-{% if p.active_flags %}
-
- Reported by:
-
-
-{% endif %}
-
@@ -569,7 +571,7 @@
- {% if not v and not p.is_banned %}
+ {% if not v and not p.is_suspended %}
diff --git a/files/templates/submission_banned.html b/files/templates/submission_banned.html
index 572dc2a40..f7a27f368 100644
--- a/files/templates/submission_banned.html
+++ b/files/templates/submission_banned.html
@@ -11,7 +11,7 @@
{% block title %}
{{p.realtitle(v)}}
-{% if p.is_banned %}
+{% if p.is_suspended %}
{% else %}
@@ -32,7 +32,7 @@
{% endif %}
{% if v.admin_level >=1 and v.admin_level > p.author.admin_level %}
-{% if p.is_banned %}
+{% if p.is_suspended %}
+ {% for f in p.ordered_flags %} +- @{{f.user.username}}{% if f.reason %}: {{f.reason | safe}}{% endif %}
+ {% endfor %}
+
+{{title | safe}}
{% else %} @@ -277,7 +291,7 @@- {% for f in p.ordered_flags %} -- @{{f.user.username}}{% if f.reason %}: {{f.reason | safe}}{% endif %}
- {% endfor %}
-
-