From 0e8a2ad1c8916301305dce4243068b634e4e69a1 Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Tue, 17 May 2022 18:03:59 +0200
Subject: [PATCH 01/14] sdf

---
 files/routes/static.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/files/routes/static.py b/files/routes/static.py
index ca077dff1..32d9c51b2 100644
--- a/files/routes/static.py
+++ b/files/routes/static.py
@@ -244,8 +244,8 @@ def cached_chart(kind, site):
 											 )
 	today_cutoff = calendar.timegm(midnight_this_morning)
 
-	if kind == "daily": day_cutoffs = [today_cutoff - 86400 * i for i in range(47)][1:]
-	else: day_cutoffs = [today_cutoff - 86400 * 7 * i for i in range(47)][1:]
+	if kind == "daily": day_cutoffs = [today_cutoff - 86400 * i for i in range(55)][1:]
+	else: day_cutoffs = [today_cutoff - 86400 * 7 * i for i in range(55)][1:]
 
 	day_cutoffs.insert(0, calendar.timegm(now))
 

From c80dcaf70697c2dd9bfcd7af33240524d135f20d Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Tue, 17 May 2022 18:16:56 +0200
Subject: [PATCH 02/14] sfd

---
 files/helpers/const.py   | 35 ++++++++++++++++++-----------------
 files/routes/settings.py |  4 ++--
 2 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/files/helpers/const.py b/files/helpers/const.py
index 72a9ae29b..28510f29e 100644
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
@@ -28,23 +28,7 @@ AJ_REPLACEMENTS = {
 	' TO ': " TOO ",
 }
 
-if SITE_NAME == 'Cringetopia':
-	SLURS = {
-		"retarded": "neurodivergent",
-		"retard": "neurodivergent",
-		"faggot": "cute twink",
-		"fag": "cute twink",
-		"n1gger": "🏀",
-		"nlgger": "🏀",
-		"nigger": "🏀",
-		"uss liberty incident": "tragic accident aboard the USS Liberty",
-		"lavon affair": "Lavon Misunderstanding",
-		"i hate marsey": "i love marsey",
-		"autistic": "neurodivergent",
-		"holohoax": "i tried to claim the Holocaust didn't happen because I am a pencil-dicked imbecile and the word filter caught me lol",
-		"i hate carp": "i love Carp",
-		"heil hitler": "hello kitty",	}
-else:
+if SITE_NAME == 'rDrama':
 	SLURS = {
 		"california": "commiefornia",
 		"hollywood": "hollyweird",
@@ -111,6 +95,23 @@ else:
 		" pedo ": " libertarian ",
 		" pedos ": " libertarians ",
 	}
+else:
+	SLURS = {
+		"retarded": "neurodivergent",
+		"retard": "neurodivergent",
+		"faggot": "cute twink",
+		"fag": "cute twink",
+		"n1gger": "🏀",
+		"nlgger": "🏀",
+		"nigger": "🏀",
+		"uss liberty incident": "tragic accident aboard the USS Liberty",
+		"lavon affair": "Lavon Misunderstanding",
+		"i hate marsey": "i love marsey",
+		"autistic": "neurodivergent",
+		"holohoax": "i tried to claim the Holocaust didn't happen because I am a pencil-dicked imbecile and the word filter caught me lol",
+		"i hate carp": "i love Carp",
+		"heil hitler": "hello kitty",
+	}
 
 single_words = "|".join([slur.lower() for slur in SLURS.keys()])
 
diff --git a/files/routes/settings.py b/files/routes/settings.py
index 36f177e67..85c144c8e 100644
--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@@ -788,8 +788,8 @@ def settings_name_change(v):
 	return redirect("/settings/profile")
 
 @app.post("/settings/song_change")
-@limiter.limit("2/second;10/day")
-@limiter.limit("2/second;10/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
+@limiter.limit("3/second;10/day")
+@limiter.limit("3/second;10/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def settings_song_change(v):
 	song=request.values.get("song").strip()

From ea7c4f833a5f1fc12c02bef36c51adff202f314a Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Tue, 17 May 2022 18:53:44 +0200
Subject: [PATCH 03/14] fg

---
 files/helpers/const.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/files/helpers/const.py b/files/helpers/const.py
index 28510f29e..affc0673b 100644
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
@@ -26,6 +26,15 @@ AJ_REPLACEMENTS = {
 
 	' YOUR ': " YOU'RE ",
 	' TO ': " TOO ",
+
+	'anybody': 'anypony',
+	'everybody': 'everypony',
+
+	'Anybody': 'Anypony',
+	'Everybody': 'Everypony',
+
+	'ANYBODY': 'ANYPONY',
+	'EVERYBODY': 'EVERYPONY',
 }
 
 if SITE_NAME == 'rDrama':

From 9854ed863f1ed0b01c5bbc8c5bc63beee28bbe64 Mon Sep 17 00:00:00 2001
From: TLSM <duolsm@outlook.com>
Date: Tue, 17 May 2022 14:34:54 -0400
Subject: [PATCH 04/14] Revert word filter * 'escapes'.

---
 files/helpers/const.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/files/helpers/const.py b/files/helpers/const.py
index affc0673b..7d0b2fe9d 100644
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
@@ -88,9 +88,9 @@ if SITE_NAME == 'rDrama':
 		"pedocord": "discord (actually a pretty cool service)",
 		"i hate carp": "i love Carp",
 		"manlet": "little king",
-		"gamer": "g\*mer",
-		"journalist": "journ\*list",
-		"journalism": "journ\*lism",
+		"gamer": "g*mer",
+		"journalist": "journ*list",
+		"journalism": "journ*lism",
 		"wuhan flu": "SARS-CoV-2 syndemic",
 		"china flu": "SARS-CoV-2 syndemic",
 		"china virus": "SARS-CoV-2 syndemic",

From e7349aec980f6ce5b9937bc7cb5114a5029f0ce7 Mon Sep 17 00:00:00 2001
From: HappyDOGE <28511119+HappyDOGE@users.noreply.github.com>
Date: Tue, 17 May 2022 21:59:07 +0300
Subject: [PATCH 05/14] Fix <a> tag link injection, don't throw a ValueError
 when href attr is missing, properly count marseys (their usage wasn't counted
 for 20 days :marseygasp:) (#265)

---
 files/helpers/sanitize.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py
index 89b5d5b59..607d35a19 100644
--- a/files/helpers/sanitize.py
+++ b/files/helpers/sanitize.py
@@ -81,8 +81,17 @@ def allowed_attributes(tag, name, value):
 url_re = build_url_re(tlds=TLDS, protocols=['http', 'https'])
 
 def callback(attrs, new=False):
+	if (None, "href") not in attrs:
+		return # Incorrect <a> tag
+
 	href = attrs[(None, "href")]
 
+	# \ in href right after / makes most browsers ditch site hostname and allows for a host injection bypassing the check, see <a href="/\google.com">cool</a>
+	if "\\" in href:
+		attrs["_text"] = href # Laugh at this user
+		del attrs[(None, "href")] # Make unclickable and reset harmful payload
+		return attrs
+
 	if not href.startswith('/') and not href.startswith(f'{SITE_FULL}/'):
 		attrs[(None, "target")] = "_blank"
 		attrs[(None, "rel")] = "nofollow noopener noreferrer"	
@@ -128,6 +137,7 @@ def render_emoji(html, regexp, edit, marseys_used=set(), b=False):
 
 
 		if emoji_html:
+			marseys_used.add(emoji)
 			html = re.sub(f'(?<!"){i.group(0)}', emoji_html, html)
 	return html
 

From 3491c9187d10121668e8a055793e39c164c3c780 Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Tue, 17 May 2022 21:58:41 +0200
Subject: [PATCH 06/14] pls review

---
 files/helpers/sanitize.py               | 18 ++++++++++--------
 files/templates/authforms.html          |  4 ++--
 files/templates/chat.html               |  2 +-
 files/templates/comments.html           |  2 +-
 files/templates/default.html            |  4 ++--
 files/templates/formatting.html         |  4 ++--
 files/templates/log.html                |  4 ++--
 files/templates/login.html              |  2 +-
 files/templates/login_2fa.html          |  2 +-
 files/templates/settings.html           |  2 +-
 files/templates/settings2.html          |  4 ++--
 files/templates/sign_up.html            |  2 +-
 files/templates/sign_up_failed_ref.html |  2 +-
 files/templates/submit.html             |  6 +++---
 files/templates/userpage.html           |  2 +-
 15 files changed, 31 insertions(+), 29 deletions(-)

diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py
index 89b5d5b59..66deb2799 100644
--- a/files/helpers/sanitize.py
+++ b/files/helpers/sanitize.py
@@ -42,8 +42,7 @@ def allowed_attributes(tag, name, value):
 		if name == 'loading' and value == 'lazy': return True
 		if name == 'referrpolicy' and value == 'no-referrer': return True
 		if name == 'data-bs-toggle' and value == 'tooltip': return True
-		if name in ['alt','title','g','b','pat']: return True
-		if name == 'class' and value == 'pat-hand': return True
+		if name in ['alt','title','g','b']: return True
 		return False
 
 	if tag == 'lite-youtube':
@@ -71,7 +70,6 @@ def allowed_attributes(tag, name, value):
 		return False
 
 	if tag == 'span':
-		if name == 'class' and value in ['pat-container', 'pat-hand']: return True
 		if name == 'data-bs-toggle' and value == 'tooltip': return True
 		if name == 'title': return True
 		if name == 'alt': return True
@@ -117,12 +115,10 @@ def render_emoji(html, regexp, edit, marseys_used=set(), b=False):
 
 		if emoji.endswith('pat'):
 			if path.isfile(f"files/assets/images/emojis/{emoji.replace('pat','')}.webp"):
-				attrs += ' pat'
-				emoji_html = f'<span class="pat-container" data-bs-toggle="tooltip" alt=":{old}:" title=":{old}:"><img src="/assets/images/hand.webp" class="pat-hand">{emoji_partial_pat.format(old, f"/e/{emoji[:-3]}.webp", attrs)}</span>'
+				emoji_html = f'<span data-bs-toggle="tooltip" alt=":{old}:" title=":{old}:"><img src="/assets/images/hand.webp">{emoji_partial_pat.format(old, f"/e/{emoji[:-3]}.webp", attrs)}</span>'
 			elif emoji.startswith('@'):
 				if u := get_user(emoji[1:-3], graceful=True):
-					attrs += ' pat'
-					emoji_html = f'<span class="pat-container" data-bs-toggle="tooltip" alt=":{old}:" title=":{old}:"><img src="/assets/images/hand.webp" class="pat-hand">{emoji_partial_pat.format(old, f"/pp/{u.id}", attrs)}</span>'
+					emoji_html = f'<span data-bs-toggle="tooltip" alt=":{old}:" title=":{old}:"><img src="/assets/images/hand.webp">{emoji_partial_pat.format(old, f"/pp/{u.id}", attrs)}</span>'
 		elif path.isfile(f'files/assets/images/emojis/{emoji}.webp'):
 			emoji_html = emoji_partial.format(old, f'/e/{emoji}.webp', attrs)
 
@@ -320,6 +316,12 @@ def allowed_attributes_emojis(tag, name, value):
 		if name == 'loading' and value == 'lazy': return True
 		if name == 'data-bs-toggle' and value == 'tooltip': return True
 		if name in ['src','alt','title','g']: return True
+
+	if tag == 'span':
+		if name == 'data-bs-toggle' and value == 'tooltip': return True
+		if name == 'title': return True
+		if name == 'alt': return True
+		return False
 	return False
 
 
@@ -334,7 +336,7 @@ def filter_emojis_only(title, edit=False, graceful=False):
 
 	title = strikethrough_regex.sub(r'<del>\1</del>', title)
 
-	title = bleach.clean(title, tags=['img','del'], attributes=allowed_attributes_emojis, protocols=['http','https'])
+	title = bleach.clean(title, tags=['img','del','span'], attributes=allowed_attributes_emojis, protocols=['http','https'])
 
 	signal.alarm(0)
 
diff --git a/files/templates/authforms.html b/files/templates/authforms.html
index 2d6cd3790..79d60118c 100644
--- a/files/templates/authforms.html
+++ b/files/templates/authforms.html
@@ -15,7 +15,7 @@
 
 		{% if v %}
 			<style>:root{--primary:#{{v.themecolor}}}</style>
-			<link rel="stylesheet" href="/assets/css/main.css?v=265">
+			<link rel="stylesheet" href="/assets/css/main.css?v=266">
 			<link rel="stylesheet" href="/assets/css/{{v.theme}}.css?v=57">
 			{% if v.agendaposter %}
 				<style>
@@ -40,7 +40,7 @@
 			{% endif %}
 		{% else %}
 			<style>:root{--primary:#{{config('DEFAULT_COLOR')}}</style>
-			<link rel="stylesheet" href="/assets/css/main.css?v=265">
+			<link rel="stylesheet" href="/assets/css/main.css?v=266">
 			<link rel="stylesheet" href="/assets/css/{{config('DEFAULT_THEME')}}.css?v=57">
 		{% endif %}
 
diff --git a/files/templates/chat.html b/files/templates/chat.html
index a35fbb4b7..cf697f29a 100644
--- a/files/templates/chat.html
+++ b/files/templates/chat.html
@@ -14,7 +14,7 @@
 	<title>Chat</title>
 
 	<style>:root{--primary:#{{v.themecolor}}}</style>
-	<link rel="stylesheet" href="/assets/css/main.css?v=265">
+	<link rel="stylesheet" href="/assets/css/main.css?v=266">
 	<link rel="stylesheet" href="/assets/css/{{v.theme}}.css?v=57">
 	{% if v.css %}
 		<link rel="stylesheet" href="/@{{v.username}}/css">
diff --git a/files/templates/comments.html b/files/templates/comments.html
index 929f5cf41..8264ed8cd 100644
--- a/files/templates/comments.html
+++ b/files/templates/comments.html
@@ -845,7 +845,7 @@
 	{% endif %}
 
 	{% if v %}
-		<script src="/assets/js/marked.js?v=252"></script>
+		<script src="/assets/js/marked.js?v=253"></script>
 		<script src="/assets/js/comments_v.js?v=266"></script>
 	{% endif %}
 
diff --git a/files/templates/default.html b/files/templates/default.html
index 4f4be96a6..65b32a9a6 100644
--- a/files/templates/default.html
+++ b/files/templates/default.html
@@ -7,7 +7,7 @@
 	<script src="/assets/js/bootstrap.js?v=245"></script>
 	{% if v %}
 		<style>:root{--primary:#{{v.themecolor}}}</style>
-		<link rel="stylesheet" href="/assets/css/main.css?v=265">
+		<link rel="stylesheet" href="/assets/css/main.css?v=266">
 		<link rel="stylesheet" href="/assets/css/{{v.theme}}.css?v=57">
 		{% if v.agendaposter %}
 			<style>
@@ -32,7 +32,7 @@
 		{% endif %}
 	{% else %}
 		<style>:root{--primary:#{{config('DEFAULT_COLOR')}}</style>
-		<link rel="stylesheet" href="/assets/css/main.css?v=265">
+		<link rel="stylesheet" href="/assets/css/main.css?v=266">
 		<link rel="stylesheet" href="/assets/css/{{config('DEFAULT_THEME')}}.css?v=57">
 	{% endif %}
 
diff --git a/files/templates/formatting.html b/files/templates/formatting.html
index 1ca22135b..c54331aa9 100644
--- a/files/templates/formatting.html
+++ b/files/templates/formatting.html
@@ -104,12 +104,12 @@ Text 2
 		<tr>
 			<td>Pat Emojis</td>
 			<td>:marseylovepat:</td>
-			<td><span alt=":marseylovepat:" class="pat-container" data-bs-toggle="tooltip" title=":marseylovepat:"><img class="pat-hand" src="/assets/images/hand.webp"><img alt=":marseylovepat:" b="" loading="lazy" pat="" src="/e/marseylove.webp"></span></td>
+			<td><span alt=":marseylovepat:" data-bs-toggle="tooltip" title=":marseylovepat:"><img  src="/assets/images/hand.webp"><img alt=":marseylovepat:" b="" loading="lazy" pat="" src="/e/marseylove.webp"></span></td>
 		</tr>
 		<tr>
 			<td>Pat User</td>
 			<td>:@snappypat:</td>
-			<td><span alt=":@snappypat:" class="pat-container" data-bs-toggle="tooltip" title="" data-bs-original-title=":@snappypat:" aria-label=":@snappypat:"><img class="pat-hand" src="/assets/images/hand.webp"><img alt=":@snappypat:" b="" loading="lazy" pat="" src="/pp/3"></span></td>
+			<td><span alt=":@snappypat:" data-bs-toggle="tooltip" title="" data-bs-original-title=":@snappypat:" aria-label=":@snappypat:"><img src="/assets/images/hand.webp"><img alt=":@snappypat:" b="" loading="lazy" pat="" src="/pp/3"></span></td>
 		</tr>
 		<tr>
 			<td>Random Marsey</td>
diff --git a/files/templates/log.html b/files/templates/log.html
index beafaef8c..ff2ff79bf 100644
--- a/files/templates/log.html
+++ b/files/templates/log.html
@@ -6,7 +6,7 @@
 {% block content %}
 {% if v %}
 	<style>:root{--primary:#{{v.themecolor}}}</style>
-	<link rel="stylesheet" href="/assets/css/main.css?v=265">
+	<link rel="stylesheet" href="/assets/css/main.css?v=266">
 	<link rel="stylesheet" href="/assets/css/{{v.theme}}.css?v=57">
 	{% if v.agendaposter %}
 		<style>
@@ -31,7 +31,7 @@
 	{% endif %}
 {% else %}
 	<style>:root{--primary:#{{config('DEFAULT_COLOR')}}</style>
-	<link rel="stylesheet" href="/assets/css/main.css?v=265">
+	<link rel="stylesheet" href="/assets/css/main.css?v=266">
 	<link rel="stylesheet" href="/assets/css/{{config('DEFAULT_THEME')}}.css?v=57">
 {% endif %}
 
diff --git a/files/templates/login.html b/files/templates/login.html
index 6747c4392..6fb7cd336 100644
--- a/files/templates/login.html
+++ b/files/templates/login.html
@@ -18,7 +18,7 @@
 	{% endblock %}
 	
 	<style>:root{--primary:#{{config('DEFAULT_COLOR')}}</style>
-	<link rel="stylesheet" href="/assets/css/main.css?v=265">
+	<link rel="stylesheet" href="/assets/css/main.css?v=266">
 	<link rel="stylesheet" href="/assets/css/{{config('DEFAULT_THEME')}}.css?v=57">
 
 </head>
diff --git a/files/templates/login_2fa.html b/files/templates/login_2fa.html
index 7fce5d5e9..7311290a4 100644
--- a/files/templates/login_2fa.html
+++ b/files/templates/login_2fa.html
@@ -14,7 +14,7 @@
 		<title>2-Step Login - {{SITE_NAME}}</title>
 
 		<style>:root{--primary:#{{config('DEFAULT_COLOR')}}</style>
-		<link rel="stylesheet" href="/assets/css/main.css?v=265">
+		<link rel="stylesheet" href="/assets/css/main.css?v=266">
 		<link rel="stylesheet" href="/assets/css/{{config('DEFAULT_THEME')}}.css?v=57">
 
 </head>
diff --git a/files/templates/settings.html b/files/templates/settings.html
index 1b2564b19..de414b787 100644
--- a/files/templates/settings.html
+++ b/files/templates/settings.html
@@ -34,7 +34,7 @@
 
 
 	<style>:root{--primary:#{{v.themecolor}}}</style>
-	<link rel="stylesheet" href="/assets/css/main.css?v=265">
+	<link rel="stylesheet" href="/assets/css/main.css?v=266">
 	<link rel="stylesheet" href="/assets/css/{{v.theme}}.css?v=57">
 	{% if v.agendaposter %}
 		<style>
diff --git a/files/templates/settings2.html b/files/templates/settings2.html
index c7d1e4fa7..2264003d4 100644
--- a/files/templates/settings2.html
+++ b/files/templates/settings2.html
@@ -39,11 +39,11 @@
 	
 	{% if v %}
 		<style>:root{--primary:#{{v.themecolor}}}</style>
-		<link rel="stylesheet" href="/assets/css/main.css?v=265">
+		<link rel="stylesheet" href="/assets/css/main.css?v=266">
 		<link rel="stylesheet" href="/assets/css/{{v.theme}}.css?v=57">
 	{% else %}
 		<style>:root{--primary:#{{config('DEFAULT_COLOR')}}</style>
-		<link rel="stylesheet" href="/assets/css/main.css?v=265">
+		<link rel="stylesheet" href="/assets/css/main.css?v=266">
 		<link rel="stylesheet" href="/assets/css/{{config('DEFAULT_THEME')}}.css?v=57">
 	{% endif %}
 </head>
diff --git a/files/templates/sign_up.html b/files/templates/sign_up.html
index 31498bf84..a22e43fa6 100644
--- a/files/templates/sign_up.html
+++ b/files/templates/sign_up.html
@@ -31,7 +31,7 @@
 		<title>{% if ref_user %}{{ref_user.username}} invites you to {{SITE_NAME}}{% else %}Sign up - {{SITE_NAME}}{% endif %}</title>
 
 		<style>:root{--primary:#{{config('DEFAULT_COLOR')}}</style>
-		<link rel="stylesheet" href="/assets/css/main.css?v=265">
+		<link rel="stylesheet" href="/assets/css/main.css?v=266">
 		<link rel="stylesheet" href="/assets/css/{{config('DEFAULT_THEME')}}.css?v=57">
 
 </head>
diff --git a/files/templates/sign_up_failed_ref.html b/files/templates/sign_up_failed_ref.html
index 7bc51d1cf..2e545e8e6 100644
--- a/files/templates/sign_up_failed_ref.html
+++ b/files/templates/sign_up_failed_ref.html
@@ -32,7 +32,7 @@
 		<title>{% if ref_user %}{{ref_user.username}} invites you to {{SITE_NAME}}{% else %}{{SITE_NAME}}{% endif %}</title>
 
 		<style>:root{--primary:#{{config('DEFAULT_COLOR')}}</style>
-		<link rel="stylesheet" href="/assets/css/main.css?v=265">
+		<link rel="stylesheet" href="/assets/css/main.css?v=266">
 		<link rel="stylesheet" href="/assets/css/{{config('DEFAULT_THEME')}}.css?v=57">
 
 </head>
diff --git a/files/templates/submit.html b/files/templates/submit.html
index c68aa27e5..94ec7b9a5 100644
--- a/files/templates/submit.html
+++ b/files/templates/submit.html
@@ -26,7 +26,7 @@
 		{% block stylesheets %}
 		{% if v %}
 			<style>:root{--primary:#{{v.themecolor}}}</style>
-			<link rel="stylesheet" href="/assets/css/main.css?v=265">
+			<link rel="stylesheet" href="/assets/css/main.css?v=266">
 			<link rel="stylesheet" href="/assets/css/{{v.theme}}.css?v=49">
 			{% if v.agendaposter %}
 				<style>
@@ -51,7 +51,7 @@
 			{% endif %}
 		{% else %}
 			<style>:root{--primary:#{{config('DEFAULT_COLOR')}}</style>
-			<link rel="stylesheet" href="/assets/css/main.css?v=265">
+			<link rel="stylesheet" href="/assets/css/main.css?v=266">
 			<link rel="stylesheet" href="/assets/css/{{config('DEFAULT_THEME')}}.css?v=49">
 		{% endif %}
 		{% endblock %}
@@ -224,7 +224,7 @@
 			</script>
 		{% endif %}
 
-		<script src="/assets/js/marked.js?v=252"></script>
+		<script src="/assets/js/marked.js?v=253"></script>
 		<script src="/assets/js/formatting.js?v=240"></script>
 		<script src="/assets/js/submit.js?v=255"></script>
 		{% include "emoji_modal.html" %}
diff --git a/files/templates/userpage.html b/files/templates/userpage.html
index 3d3c8083b..88a505d1f 100644
--- a/files/templates/userpage.html
+++ b/files/templates/userpage.html
@@ -769,7 +769,7 @@
 </nav>
 {% endif %}
 
-<script src="/assets/js/marked.js?v=252"></script>
+<script src="/assets/js/marked.js?v=253"></script>
 
 
 {% if v and v.id != u.id and '/comments' not in request.path %}

From d3c404a5f54f392765db0b6a5e1990bfca51037b Mon Sep 17 00:00:00 2001
From: DrTransmisia <95589613+DrTransmisia@users.noreply.github.com>
Date: Tue, 17 May 2022 22:44:17 +0200
Subject: [PATCH 08/14] CTRL + ENTER TO POST LE NEW COMMENT (#266)

* le shortcut handlers

* le white line as arrived

* Update default.html

Co-authored-by: Aevann1 <59999695+Aevann1@users.noreply.github.com>
---
 files/templates/default.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/templates/default.html b/files/templates/default.html
index 65b32a9a6..74f120ee8 100644
--- a/files/templates/default.html
+++ b/files/templates/default.html
@@ -5,6 +5,7 @@
 	<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com; connect-src 'self' tls-use1.fpapi.io api.fpjs.io {% if PUSHER_ID != 'blahblahblah' %}{{PUSHER_ID}}.pushnotifications.pusher.com{% endif %}; object-src 'none';">
 
 	<script src="/assets/js/bootstrap.js?v=245"></script>
+	<script src="/assets/js/shortcut handler.js?v=1"></script>
 	{% if v %}
 		<style>:root{--primary:#{{v.themecolor}}}</style>
 		<link rel="stylesheet" href="/assets/css/main.css?v=266">

From 9677f505a4a350582917a6ab420fdbf7439619ec Mon Sep 17 00:00:00 2001
From: TLSM <duolsm@outlook.com>
Date: Tue, 17 May 2022 17:01:11 -0400
Subject: [PATCH 10/14] Cache busting comments_v.js.

---
 files/templates/comments.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/templates/comments.html b/files/templates/comments.html
index 8264ed8cd..f227a0596 100644
--- a/files/templates/comments.html
+++ b/files/templates/comments.html
@@ -858,7 +858,7 @@
 	{% include "expanded_image_modal.html" %}
 
 	<script src="/assets/js/comments+submission_listing.js?v=257"></script>
-	<script src="/assets/js/comments.js?v=256"></script>
+	<script src="/assets/js/comments.js?v=257"></script>
 
 	<script>
 		{% if p and (not v or v.highlightcomments) %}

From 0b28758e169505b5d0795036063bfa69a4db37f5 Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Tue, 17 May 2022 23:09:36 +0200
Subject: [PATCH 11/14] stole testing from mottechads

---
 .github/workflows/codeql-analysis.yml | 70 ---------------------------
 .github/workflows/codeql.yml          |  6 +--
 .github/workflows/ossar.yml           |  6 ++-
 .github/workflows/test.yml            | 14 ++++++
 docker-compose.yml                    |  1 +
 files/templates/comments.html         |  2 +-
 files/tests/test_e2e.py               | 37 ++++++++++++++
 push.sh                               |  4 --
 pushforce.sh                          |  3 --
 readme.md                             |  3 ++
 requirements.txt                      |  1 +
 run_tests.py                          | 52 ++++++++++++++++++++
 12 files changed, 116 insertions(+), 83 deletions(-)
 delete mode 100644 .github/workflows/codeql-analysis.yml
 create mode 100644 .github/workflows/test.yml
 create mode 100644 files/tests/test_e2e.py
 delete mode 100644 push.sh
 delete mode 100644 pushforce.sh
 create mode 100644 run_tests.py

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
deleted file mode 100644
index b7ad2f868..000000000
--- a/.github/workflows/codeql-analysis.yml
+++ /dev/null
@@ -1,70 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ master ]
-  schedule:
-    - cron: '18 19 * * 1'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'javascript', 'python' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at https://git.io/codeql-language-support
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 87af76111..d5f6da0a6 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -42,7 +42,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,7 +53,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -67,4 +67,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2
\ No newline at end of file
diff --git a/.github/workflows/ossar.yml b/.github/workflows/ossar.yml
index 4cfa76d5b..726eb0c3f 100644
--- a/.github/workflows/ossar.yml
+++ b/.github/workflows/ossar.yml
@@ -22,6 +22,8 @@ jobs:
     # OSSAR runs on windows-latest.
     # ubuntu-latest and macos-latest support coming soon
     runs-on: windows-latest
+    permissions:
+      security-events: write
 
     steps:
     - name: Checkout repository
@@ -44,6 +46,6 @@ jobs:
 
       # Upload results to the Security tab
     - name: Upload OSSAR results
-      uses: github/codeql-action/upload-sarif@v1
+      uses: github/codeql-action/upload-sarif@v2
       with:
-        sarif_file: ${{ steps.ossar.outputs.sarifFile }}
+        sarif_file: ${{ steps.ossar.outputs.sarifFile }}
\ No newline at end of file
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 000000000..b4eacda94
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,14 @@
+name: "run_tests.py"
+
+on: [push, pull_request]
+
+jobs:
+  analyze:
+    runs-on: ubuntu-20.04
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+    - name: run_tests.py
+      run: |
+        ./run_tests.py
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 691c16797..ac99b2d20 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,6 +2,7 @@ version: '2.3'
 
 services:
   files:
+    container_name: "rDrama"
     build:
       context: .
     volumes:
diff --git a/files/templates/comments.html b/files/templates/comments.html
index 8264ed8cd..14806f8c1 100644
--- a/files/templates/comments.html
+++ b/files/templates/comments.html
@@ -846,7 +846,7 @@
 
 	{% if v %}
 		<script src="/assets/js/marked.js?v=253"></script>
-		<script src="/assets/js/comments_v.js?v=266"></script>
+		<script src="/assets/js/comments_v.js?v=267"></script>
 	{% endif %}
 
 	<script src="/assets/js/clipboard.js?v=250"></script>
diff --git a/files/tests/test_e2e.py b/files/tests/test_e2e.py
new file mode 100644
index 000000000..865184d00
--- /dev/null
+++ b/files/tests/test_e2e.py
@@ -0,0 +1,37 @@
+from bs4 import BeautifulSoup
+from time import time, sleep
+from files.__main__ import app
+
+# these tests require `docker-compose up` first
+
+def test_rules():
+	response = app.test_client().get("/logged_out/rules")
+	assert response.status_code == 200
+	assert response.text.startswith("<!DOCTYPE html>")
+
+
+def test_signup():
+	client = app.test_client()
+	with client: # this keeps the session between requests, which we need
+		signup_get_response = client.get("/signup")
+		assert signup_get_response.status_code == 200
+		soup = BeautifulSoup(signup_get_response.text, 'html.parser')
+		# these hidden input values seem to be used for anti-bot purposes and need to be submitted
+		formkey = next(tag for tag in soup.find_all("input") if tag.get("name") == "formkey").get("value")
+		form_timestamp = next(tag for tag in soup.find_all("input") if tag.get("name") == "now").get("value")
+
+		sleep(5) # too-fast submissions are rejected (bot check?)
+		username = "testuser" + str(round(time()))
+		signup_post_response = client.post("/signup", data={
+			"username": username,
+			"password": "password",
+			"password_confirm": "password",
+			"email": "",
+			"formkey": formkey,
+			"now": form_timestamp
+		})
+		print(f"Signing up as {username}")
+		assert signup_post_response.status_code == 302
+		assert "error" not in signup_post_response.location
+
+		# we should now be logged in and able to post
\ No newline at end of file
diff --git a/push.sh b/push.sh
deleted file mode 100644
index edce13413..000000000
--- a/push.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-git pull
-git add .
-git commit -m "sneed"
-git push
\ No newline at end of file
diff --git a/pushforce.sh b/pushforce.sh
deleted file mode 100644
index 26412e5da..000000000
--- a/pushforce.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-git add .
-git commit -m "force push"
-git push --force
\ No newline at end of file
diff --git a/readme.md b/readme.md
index 1317d2f04..cb0e18f53 100644
--- a/readme.md
+++ b/readme.md
@@ -1,3 +1,6 @@
+[![Build status](https://img.shields.io/github/workflow/status/TheMotte/rDrama/run_tests.py/frost)](https://github.com/Aevann1/rDrama/actions?query=workflow%3Arun_tests.py+branch%3Afrost)
+
+
 This code runs https://rdrama.net and https://pcmemes.net
 
 # Installation (Windows/Linux/MacOS)
diff --git a/requirements.txt b/requirements.txt
index 9d27fd158..2c8c517f6 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -24,6 +24,7 @@ tldextract
 psycopg2-binary
 pusher_push_notifications
 pyenchant
+pytest
 youtube-dl
 yattag
 webptools
\ No newline at end of file
diff --git a/run_tests.py b/run_tests.py
new file mode 100644
index 000000000..80e6114a3
--- /dev/null
+++ b/run_tests.py
@@ -0,0 +1,52 @@
+#!/usr/bin/python3
+
+import subprocess
+import sys
+
+# we want to leave the container in whatever state it currently is, so check to see if it's running
+docker_inspect = subprocess.run([
+            "docker",
+            "container",
+            "inspect",
+            "-f", "{{.State.Status}}",
+            "rDrama",
+        ],
+        capture_output = True,
+    ).stdout.decode("utf-8").strip()
+
+was_running = docker_inspect == "running"
+
+# update containers, just in case they're out of date
+if was_running:
+    print("Updating containers . . .")
+else:
+    print("Starting containers . . .")
+subprocess.run([
+            "docker-compose",
+            "up",
+            "--build",
+            "-d",
+        ],
+        check = True,
+    )
+
+# run the test
+print("Running test . . .")
+result = subprocess.run([
+        "docker",
+        "exec",
+        "rDrama",
+        "bash", "-c", "cd service && python3 -m pytest -s"
+    ])
+
+if not was_running:
+    # shut down, if we weren't running in the first place
+    print("Shutting down containers . . .")
+    subprocess.run([
+            "docker-compose",
+            "stop",
+        ],
+        check = True,
+    )
+
+sys.exit(result.returncode)
\ No newline at end of file

From d27cefb87e3ba7e948788ca55bfe55cd4fd6c5f8 Mon Sep 17 00:00:00 2001
From: DrTransmisia <95589613+DrTransmisia@users.noreply.github.com>
Date: Tue, 17 May 2022 23:19:53 +0200
Subject: [PATCH 13/14] le execution bit (#269)

---
 run_tests.py | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 run_tests.py

diff --git a/run_tests.py b/run_tests.py
old mode 100644
new mode 100755

From 143427097597fc7742fe74b5828d36d52a2e4067 Mon Sep 17 00:00:00 2001
From: TLSM <duolsm@outlook.com>
Date: Tue, 17 May 2022 17:20:37 -0400
Subject: [PATCH 14/14] Cache busting comments_v.js (again).

---
 files/templates/comments.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/templates/comments.html b/files/templates/comments.html
index 0119a4f59..c44f224e4 100644
--- a/files/templates/comments.html
+++ b/files/templates/comments.html
@@ -846,7 +846,7 @@
 
 	{% if v %}
 		<script src="/assets/js/marked.js?v=253"></script>
-		<script src="/assets/js/comments_v.js?v=267"></script>
+		<script src="/assets/js/comments_v.js?v=268"></script>
 	{% endif %}
 
 	<script src="/assets/js/clipboard.js?v=250"></script>