From 8214e2c6f9cb1489c7b1cf8e4d684f1ad0ab071d Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Mon, 18 Apr 2022 00:13:37 +0200 Subject: [PATCH] fds --- files/classes/submission.py | 2 +- files/helpers/const.py | 9 +++++---- files/helpers/sanitize.py | 2 +- files/routes/front.py | 23 ++++++++++++++++++----- files/templates/authforms.html | 4 ++-- files/templates/chat.html | 2 +- files/templates/default.html | 4 ++-- files/templates/header.html | 7 ++++++- files/templates/log.html | 4 ++-- files/templates/login.html | 2 +- files/templates/login_2fa.html | 2 +- files/templates/settings.html | 2 +- files/templates/settings2.html | 4 ++-- files/templates/sign_up.html | 2 +- files/templates/sign_up_failed_ref.html | 2 +- 15 files changed, 45 insertions(+), 26 deletions(-) diff --git a/files/classes/submission.py b/files/classes/submission.py index d24081541..cedb8594c 100644 --- a/files/classes/submission.py +++ b/files/classes/submission.py @@ -478,7 +478,7 @@ class Submission(Base): @property @lazy def is_image(self): - if self.url and (self.url.lower().endswith('.webp') or self.url.lower().endswith('.jpg') or self.url.lower().endswith('.png') or self.url.lower().endswith('.gif') or self.url.lower().endswith('.jpeg') or self.url.lower().endswith('?maxwidth=9999') or self.url.lower().endswith('&fidelity=high')) and (self.url.startswith('/') or self.url.startswith(f'{SITE_FULL}/') or embed_check_regex.fullmatch(self.url)): + if self.url and (self.url.lower().endswith('.webp') or self.url.lower().endswith('.jpg') or self.url.lower().endswith('.png') or self.url.lower().endswith('.gif') or self.url.lower().endswith('.jpeg') or self.url.lower().endswith('?maxwidth=9999') or self.url.lower().endswith('&fidelity=high')) and embed_check_regex.fullmatch(self.url): return True return False diff --git a/files/helpers/const.py b/files/helpers/const.py index d66a2de37..b700a8407 100644 --- a/files/helpers/const.py +++ b/files/helpers/const.py @@ -804,13 +804,14 @@ approved_embed_hosts = [ 'amazonaws.com', 'githubusercontent.com', 'unilad.co.uk', - 'grrrgraphics.com' + 'grrrgraphics.com', + 'redditmedia.com' ] hosts = "|".join(approved_embed_hosts).replace('.','\.') -image_check_regex = re.compile(f'!\[\]\(((?!https:\/\/([a-z0-9-]\.)*({hosts})\/).*?)\)', flags=re.A) +image_check_regex = re.compile(f'!\[\]\(((?!(https:\/\/([a-z0-9-]\.)*({hosts}))?\/).*?)\)', flags=re.A) -embed_check_regex = regex.compile(f'(?)https:\/\/([a-z0-9-]\.)*({hosts})\/[\w:~,()\-.#&\/=?@%;+]*', flags=regex.A) +embed_check_regex = regex.compile(f'(?)(https:\/\/([a-z0-9-]\.)*({hosts}))?\/[\w:~,()\-.#&\/=?@%;+]*', flags=regex.A) -video_regex = regex.compile(f'((?)https:\/\/([a-z0-9-]\.)*({hosts})\/[\w:~,()\-.#&\/=?@%;+]*?\.(mp4|webm|mov))', flags=regex.A) \ No newline at end of file +video_regex = regex.compile(f'((?)(https:\/\/([a-z0-9-]\.)*({hosts}))?\/[\w:~,()\-.#&\/=?@%;+]*?\.(mp4|webm|mov))', flags=regex.A) \ No newline at end of file diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index a251b6426..2502f5403 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -37,7 +37,7 @@ def allowed_attributes(tag, name, value): if tag == 'img': if name in ['src','data-src']: - if value.startswith('/') or value.startswith(f'{SITE_FULL}/') or embed_check_regex.fullmatch(value): return True + if embed_check_regex.fullmatch(value): return True else: return False if name == 'loading' and value == 'lazy': return True diff --git a/files/routes/front.py b/files/routes/front.py index 091242500..d2eb334ef 100644 --- a/files/routes/front.py +++ b/files/routes/front.py @@ -490,12 +490,25 @@ def changeloglist(v=None, sort="new", page=1 ,t="all"): @auth_required def random_post(v): - x = g.db.query(Submission).filter(Submission.deleted_utc == 0, Submission.is_banned == False, Submission.private == False) - total = x.count() - n = random.randint(1, total - 2) + p = g.db.query(Submission.id).filter(Submission.deleted_utc == 0, Submission.is_banned == False, Submission.private == False).order_by(func.random()).first() + + if p: p = p[0] + else: abort(404) + + return redirect(f"/post/{p.id}") + + +@app.get("/random_user") +@auth_required +def random_user(v): + + u = g.db.query(User.username).filter(User.song != None).order_by(func.random()).first() + + if u: u = u[0] + else: abort(404) + + return redirect(f"/@{x}") - post = x.offset(n).limit(1).one_or_none() - return redirect(f"/post/{post.id}") @app.get("/comments") @auth_required diff --git a/files/templates/authforms.html b/files/templates/authforms.html index 2574dc895..9bb65334b 100644 --- a/files/templates/authforms.html +++ b/files/templates/authforms.html @@ -15,7 +15,7 @@ {% if v %} - + {% if v.agendaposter %} - + {% endif %} diff --git a/files/templates/chat.html b/files/templates/chat.html index 651e86779..a346d4c1b 100644 --- a/files/templates/chat.html +++ b/files/templates/chat.html @@ -14,7 +14,7 @@ Chat - + {% if v.css %} diff --git a/files/templates/default.html b/files/templates/default.html index 229576b84..964b26177 100644 --- a/files/templates/default.html +++ b/files/templates/default.html @@ -7,7 +7,7 @@ {% if v %} - + {% if v.agendaposter %} - + {% endif %} diff --git a/files/templates/header.html b/files/templates/header.html index 1e16c300a..952984a98 100644 --- a/files/templates/header.html +++ b/files/templates/header.html @@ -83,14 +83,19 @@