diff --git a/files/helpers/get.py b/files/helpers/get.py index 04c99289a..bfcba9837 100644 --- a/files/helpers/get.py +++ b/files/helpers/get.py @@ -26,7 +26,7 @@ def get_id(username:str, graceful=False) -> Optional[int]: return user[0] -def get_user(username:str, v:Optional[User]=None, graceful=False, rendered=False, include_blocks=False, include_shadowbanned=True) -> Optional[User]: +def get_user(username:str, v:Optional[User]=None, graceful=False, include_blocks=False, include_shadowbanned=True) -> Optional[User]: if not username: if graceful: return None abort(404) @@ -50,7 +50,7 @@ def get_user(username:str, v:Optional[User]=None, graceful=False, rendered=False if graceful: return None abort(404) - if rendered and v and include_blocks: + if v and include_blocks: user = add_block_props(user, v) return user diff --git a/files/routes/users.py b/files/routes/users.py index 760a36868..b780e9c61 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -488,6 +488,14 @@ def messagereply(v): if parent.sentto == 2: user_id = None elif v.id == user_id: user_id = parent.sentto + if user_id: + user = get_account(user_id, v=v, include_blocks=True) + if hasattr(user, 'is_blocking') and user.is_blocking: + abort(403, "You're blocking this user.") + elif (v.admin_level <= PERMS['MESSAGE_BLOCKED_USERS'] + and hasattr(user, 'is_blocked') and user.is_blocked): + abort(403, "You're blocked by this user.") + if parent.sentto == 2: body += process_files() @@ -650,7 +658,7 @@ def visitors(v): @app.get("/logged_out/@") @auth_desired_with_logingate def u_username(username, v=None): - u = get_user(username, v=v, include_blocks=True, include_shadowbanned=False, rendered=True) + u = get_user(username, v=v, include_blocks=True, include_shadowbanned=False) if username != u.username: return redirect(SITE_FULL + request.full_path.replace(username, u.username)) is_following = v and u.has_follower(v) @@ -731,7 +739,7 @@ def u_username(username, v=None): @app.get("/logged_out/@/comments") @auth_desired_with_logingate def u_username_comments(username, v=None): - u = get_user(username, v=v, include_blocks=True, include_shadowbanned=False, rendered=True) + u = get_user(username, v=v, include_blocks=True, include_shadowbanned=False) if username != u.username: return redirect(f"/@{u.username}/comments") is_following = v and u.has_follower(v)