forked from rDrama/rDrama
give an error instead of slicing
parent
aac06f40b4
commit
1fa0e3e8d2
|
@ -264,7 +264,7 @@ def remove_cuniform(sanitized):
|
|||
if not sanitized: return ""
|
||||
sanitized = sanitized.replace('\u200e','').replace('\u200b','').replace('\u202e','').replace("\ufeff", "").replace("\u033f","").replace("\u0589", ":")
|
||||
sanitized = sanitized.replace("𒐪","").replace("𒐫","").replace("﷽","").replace("⸻","")
|
||||
sanitized = sanitized.replace("\r\n", "\n")
|
||||
sanitized = sanitized.replace("\r", "")
|
||||
sanitized = sanitized.replace("’", "'")
|
||||
return sanitized.strip()
|
||||
|
||||
|
|
|
@ -256,8 +256,9 @@ atexit.register(close_running_threads)
|
|||
@limiter.limit("6/minute;50/hour;200/day", deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||
@auth_required
|
||||
def messagereply(v):
|
||||
body = request.values.get("body", "")
|
||||
body = body[:COMMENT_BODY_LENGTH_LIMIT].strip()
|
||||
body = request.values.get("body", "").strip()
|
||||
if len(body) > COMMENT_BODY_LENGTH_LIMIT:
|
||||
abort(400, f'Message is too long (max {COMMENT_BODY_LENGTH_LIMIT} characters)!')
|
||||
|
||||
id = request.values.get("parent_id")
|
||||
parent = get_comment(id, v=v)
|
||||
|
@ -290,7 +291,8 @@ def messagereply(v):
|
|||
|
||||
if not g.is_tor and get_setting("dm_media"):
|
||||
body = process_files(request.files, v, body, is_dm=True, dm_user=user)
|
||||
body = body[:COMMENT_BODY_LENGTH_LIMIT].strip() #process_files potentially adds characters to the post
|
||||
if len(body) > COMMENT_BODY_LENGTH_LIMIT:
|
||||
abort(400, f'Message is too long (max {COMMENT_BODY_LENGTH_LIMIT} characters)!')
|
||||
|
||||
if not body: abort(400, "Message is empty!")
|
||||
|
||||
|
|
|
@ -165,8 +165,10 @@ def comment(v):
|
|||
|
||||
if level > COMMENT_MAX_DEPTH: abort(400, f"Max comment level is {COMMENT_MAX_DEPTH}")
|
||||
|
||||
body = request.values.get("body", "")
|
||||
body = body[:COMMENT_BODY_LENGTH_LIMIT].strip()
|
||||
body = request.values.get("body", "").strip()
|
||||
if len(body) > COMMENT_BODY_LENGTH_LIMIT:
|
||||
abort(400, f'Comment body is too long (max {COMMENT_BODY_LENGTH_LIMIT} characters)!')
|
||||
|
||||
|
||||
if not posting_to_post or post_target.id not in ADMIGGER_THREADS:
|
||||
if v.longpost and (len(body) < 280 or ' [](' in body or body.startswith('[](')):
|
||||
|
@ -242,8 +244,9 @@ def comment(v):
|
|||
else:
|
||||
abort(415)
|
||||
|
||||
body = body.replace('\n ', '\n').replace('\r', '')
|
||||
body = body[:COMMENT_BODY_LENGTH_LIMIT].strip()
|
||||
body = body.strip()
|
||||
if len(body) > COMMENT_BODY_LENGTH_LIMIT:
|
||||
abort(400, f'Comment body is too long (max {COMMENT_BODY_LENGTH_LIMIT} characters)!')
|
||||
|
||||
if v.admin_level >= PERMS['USE_ADMIGGER_THREADS'] and posting_to_post and post_target.id == SNAPPY_THREAD and level == 1:
|
||||
with open(f"snappy_{SITE_NAME}.txt", "r+") as f:
|
||||
|
@ -653,8 +656,9 @@ def edit_comment(cid, v):
|
|||
if not c.parent_post and not c.wall_user_id:
|
||||
abort(403)
|
||||
|
||||
body = request.values.get("body", "")
|
||||
body = body[:COMMENT_BODY_LENGTH_LIMIT].strip()
|
||||
body = request.values.get("body", "").strip()
|
||||
if len(body) > COMMENT_BODY_LENGTH_LIMIT:
|
||||
abort(400, f'Comment body is too long (max {COMMENT_BODY_LENGTH_LIMIT} characters)!')
|
||||
|
||||
if len(body) < 1 and not (request.files.get("file") and not g.is_tor):
|
||||
abort(400, "You have to actually type something!")
|
||||
|
@ -668,7 +672,8 @@ def edit_comment(cid, v):
|
|||
execute_antispam_comment_check(body, v)
|
||||
|
||||
body = process_files(request.files, v, body)
|
||||
body = body[:COMMENT_BODY_LENGTH_LIMIT].strip() # process_files potentially adds characters to the post
|
||||
if len(body) > COMMENT_BODY_LENGTH_LIMIT:
|
||||
abort(400, f'Comment body is too long (max {COMMENT_BODY_LENGTH_LIMIT} characters)!')
|
||||
|
||||
body_html = sanitize(body, golden=False, limit_pings=5, showmore=(not v.hieroglyphs), commenters_ping_post_id=c.parent_post, obj=c, author=c.author)
|
||||
|
||||
|
|
|
@ -57,11 +57,15 @@ def rescind(v, aid):
|
|||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||
@auth_required
|
||||
def request_api_keys(v):
|
||||
description = request.values.get("description", "").strip()
|
||||
if len(description) > 256:
|
||||
abort(400, 'App description is too long (max 256 characters)!')
|
||||
|
||||
new_app = OauthApp(
|
||||
app_name=request.values.get('name').replace('<','').replace('>',''),
|
||||
redirect_uri=request.values.get('redirect_uri'),
|
||||
author_id=v.id,
|
||||
description=request.values.get("description")[:256]
|
||||
description=description,
|
||||
)
|
||||
|
||||
g.db.add(new_app)
|
||||
|
@ -115,7 +119,12 @@ def edit_oauth_app(v, aid):
|
|||
|
||||
app.redirect_uri = request.values.get('redirect_uri')
|
||||
app.app_name = request.values.get('name')
|
||||
app.description = request.values.get("description")[:256]
|
||||
|
||||
description = request.values.get("description", "").strip()
|
||||
if len(description) > 256:
|
||||
abort(400, 'App description is too long (max 256 characters)!')
|
||||
|
||||
app.description = description
|
||||
|
||||
g.db.add(app)
|
||||
|
||||
|
|
|
@ -461,11 +461,13 @@ def submit_post(v, hole=None):
|
|||
|
||||
if '\\' in url: abort(400)
|
||||
|
||||
title = request.values.get("title", "")
|
||||
title = title[:POST_TITLE_LENGTH_LIMIT].strip()
|
||||
title = request.values.get("title", "").strip()
|
||||
if len(title) > POST_TITLE_LENGTH_LIMIT:
|
||||
abort(400, f'Post title is too long (max {POST_TITLE_LENGTH_LIMIT} characters)!')
|
||||
|
||||
body = request.values.get("body", "")
|
||||
body = body[:POST_BODY_LENGTH_LIMIT(g.v)].strip()
|
||||
body = request.values.get("body", "").strip()
|
||||
if len(body) > POST_BODY_LENGTH_LIMIT(g.v):
|
||||
abort(400, f'Post body is too long (max {POST_BODY_LENGTH_LIMIT(g.v)} characters)!')
|
||||
|
||||
if not title:
|
||||
abort(400, "Please enter a better title!")
|
||||
|
@ -551,8 +553,9 @@ def submit_post(v, hole=None):
|
|||
if len(url) > 2048:
|
||||
abort(400, "There's a 2048 character limit for URLs!")
|
||||
|
||||
body = process_files(request.files, v, body)
|
||||
body = body[:POST_BODY_LENGTH_LIMIT(v)].strip() # process_files() adds content to the body, so we need to re-strip
|
||||
body = process_files(request.files, v, body).strip()
|
||||
if len(body) > POST_BODY_LENGTH_LIMIT(g.v):
|
||||
abort(400, f'Post body is too long (max {POST_BODY_LENGTH_LIMIT(g.v)} characters)!')
|
||||
|
||||
flag_notify = (request.values.get("notify", "on") == "on")
|
||||
flag_new = request.values.get("new", False, bool) or 'megathread' in title.lower()
|
||||
|
@ -1011,11 +1014,13 @@ def edit_post(pid, v):
|
|||
and v.admin_level < PERMS["IGNORE_1MONTH_EDITING_LIMIT"] and v.id not in EXEMPT_FROM_1MONTH_EDITING_LIMIT:
|
||||
abort(403, "You can't edit posts older than 1 month!")
|
||||
|
||||
title = request.values.get("title", "")
|
||||
title = title[:POST_TITLE_LENGTH_LIMIT].strip()
|
||||
title = request.values.get("title", "").strip()
|
||||
if len(title) > POST_TITLE_LENGTH_LIMIT:
|
||||
abort(400, f'Post title is too long (max {POST_TITLE_LENGTH_LIMIT} characters)!')
|
||||
|
||||
body = request.values.get("body", "")
|
||||
body = body[:POST_BODY_LENGTH_LIMIT(g.v)].strip()
|
||||
body = request.values.get("body", "").strip()
|
||||
if len(body) > POST_BODY_LENGTH_LIMIT(g.v):
|
||||
abort(400, f'Post body is too long (max {POST_BODY_LENGTH_LIMIT(g.v)} characters)!')
|
||||
|
||||
if p.author.longpost and (len(body) < 280 or ' [](' in body or body.startswith('[](')):
|
||||
abort(403, "You have to type more than 280 characters!")
|
||||
|
@ -1049,8 +1054,9 @@ def edit_post(pid, v):
|
|||
p.title = title
|
||||
p.title_html = title_html
|
||||
|
||||
body = process_files(request.files, v, body)
|
||||
body = body[:POST_BODY_LENGTH_LIMIT(v)].strip() # process_files() may be adding stuff to the body
|
||||
body = process_files(request.files, v, body).strip()
|
||||
if len(body) > POST_BODY_LENGTH_LIMIT(g.v):
|
||||
abort(400, f'Post body is too long (max {POST_BODY_LENGTH_LIMIT(g.v)} characters)!')
|
||||
|
||||
if body != p.body or p.chudded:
|
||||
body_html = sanitize(body, golden=False, limit_pings=100, obj=p, author=p.author)
|
||||
|
|
|
@ -247,7 +247,7 @@ def settings_personal_post(v):
|
|||
|
||||
sig = request.values.get("sig").replace('\n','').replace('\r','').strip()
|
||||
sig = process_files(request.files, v, sig)
|
||||
sig = sig.strip() # process_files potentially adds characters to the post
|
||||
sig = sig.strip()
|
||||
|
||||
if len(sig) > 200:
|
||||
abort(400, "New signature is too long (max 200 characters)")
|
||||
|
@ -262,14 +262,13 @@ def settings_personal_post(v):
|
|||
return {"message": "Your sig has been updated."}
|
||||
|
||||
elif not updated and FEATURES['USERS_PROFILE_BODYTEXT'] and request.values.get("friends"):
|
||||
friends = request.values.get("friends")[:BIO_FRIENDS_ENEMIES_LENGTH_LIMIT]
|
||||
friends = request.values.get("friends", "").strip()
|
||||
if len(friends) > BIO_FRIENDS_ENEMIES_LENGTH_LIMIT:
|
||||
abort(400, f'Ypur friend list is too long (max {BIO_FRIENDS_ENEMIES_LENGTH_LIMIT} characters)!')
|
||||
|
||||
friends_html = sanitize(friends, blackjack="friends")
|
||||
|
||||
if len(friends_html) > BIO_FRIENDS_ENEMIES_HTML_LENGTH_LIMIT:
|
||||
abort(400, "Your friends list is too long")
|
||||
|
||||
friends = friends[:BIO_FRIENDS_ENEMIES_LENGTH_LIMIT]
|
||||
abort(400, "Your friend list is too long")
|
||||
|
||||
notify_users = NOTIFY_USERS(friends, v, oldtext=v.friends)
|
||||
if notify_users:
|
||||
|
@ -296,14 +295,13 @@ def settings_personal_post(v):
|
|||
|
||||
|
||||
elif not updated and FEATURES['USERS_PROFILE_BODYTEXT'] and request.values.get("enemies"):
|
||||
enemies = request.values.get("enemies")[:BIO_FRIENDS_ENEMIES_LENGTH_LIMIT]
|
||||
enemies = request.values.get("enemies", "").strip()
|
||||
if len(enemies) > BIO_FRIENDS_ENEMIES_LENGTH_LIMIT:
|
||||
abort(400, f'You enemy list is too long (max {BIO_FRIENDS_ENEMIES_LENGTH_LIMIT} characters)!')
|
||||
|
||||
enemies_html = sanitize(enemies, blackjack="enemies")
|
||||
|
||||
if len(enemies_html) > BIO_FRIENDS_ENEMIES_HTML_LENGTH_LIMIT:
|
||||
abort(400, "Your enemies list is too long")
|
||||
|
||||
enemies = enemies[:BIO_FRIENDS_ENEMIES_LENGTH_LIMIT]
|
||||
abort(400, "Your enemy list is too long")
|
||||
|
||||
notify_users = NOTIFY_USERS(enemies, v, oldtext=v.enemies)
|
||||
if notify_users:
|
||||
|
@ -329,18 +327,16 @@ def settings_personal_post(v):
|
|||
return {"message": "Your enemies list has been updated."}
|
||||
|
||||
|
||||
elif not updated and FEATURES['USERS_PROFILE_BODYTEXT'] and \
|
||||
(request.values.get("bio") or request.files.get('file')):
|
||||
bio = request.values.get("bio", "")[:BIO_FRIENDS_ENEMIES_LENGTH_LIMIT]
|
||||
elif not updated and FEATURES['USERS_PROFILE_BODYTEXT'] and (request.values.get("bio") or request.files.get('file')):
|
||||
bio = request.values.get("bio", "").strip()
|
||||
bio = process_files(request.files, v, bio)
|
||||
bio = bio.strip()
|
||||
bio_html = sanitize(bio, blackjack="bio")
|
||||
if len(bio) > BIO_FRIENDS_ENEMIES_LENGTH_LIMIT:
|
||||
abort(400, f'Your bio is too long (max {BIO_FRIENDS_ENEMIES_LENGTH_LIMIT} characters)!')
|
||||
|
||||
bio_html = sanitize(bio, blackjack="bio")
|
||||
if len(bio_html) > BIO_FRIENDS_ENEMIES_HTML_LENGTH_LIMIT:
|
||||
abort(400, "Your bio is too long")
|
||||
|
||||
|
||||
v.bio = bio[:BIO_FRIENDS_ENEMIES_LENGTH_LIMIT]
|
||||
v.bio_html=bio_html
|
||||
g.db.add(v)
|
||||
return {"message": "Your bio has been updated."}
|
||||
|
|
|
@ -597,12 +597,14 @@ def message(v, username=None, id=None):
|
|||
if user.has_muted(v):
|
||||
abort(403, f"@{user.username} is muting notifications from you, so messaging them is pointless!")
|
||||
|
||||
body = request.values.get("message", "")
|
||||
body = body[:COMMENT_BODY_LENGTH_LIMIT].strip()
|
||||
body = request.values.get("message", "").strip()
|
||||
if len(body) > COMMENT_BODY_LENGTH_LIMIT:
|
||||
abort(400, f'Message is too long (max {COMMENT_BODY_LENGTH_LIMIT} characters)!')
|
||||
|
||||
if not g.is_tor and get_setting("dm_media"):
|
||||
body = process_files(request.files, v, body, is_dm=True, dm_user=user)
|
||||
body = body[:COMMENT_BODY_LENGTH_LIMIT].strip() #process_files potentially adds characters to the post
|
||||
if len(body) > COMMENT_BODY_LENGTH_LIMIT:
|
||||
abort(400, f'Message is too long (max {COMMENT_BODY_LENGTH_LIMIT} characters)!')
|
||||
|
||||
if not body: abort(400, "Message is empty!")
|
||||
|
||||
|
|
Loading…
Reference in New Issue