MarseyWorld/files/helpers/sanitize.py

887 lines
29 KiB
Python
Raw Normal View History

import functools
[DO NOT MERGE] import detanglation (#442) * move Base definition to files.classes.__init__.py * fix ImportError * move userpage listing to users.py * don't import the app from classes * consts: set default values to avoid crashes consts: warn if the secret key is the default config value * card view: sneed (user db schema) * cloudflare: use DEFAULT_CONFIG_VALUE * const: set default values * decouple media.py from __main__ * pass database to avoid imports * import cleanup and import request not in const, but in the requests mega import * move asset_submissions site check to __init__ * asset submissions feature flag * flag * g.is_tor * don't import request where it's not needed * i think this is fine * mail: move to own routes and helper * wrappers * required wrappers move * unfuck wrappers a bit * move snappy quotes and marseys to stateful consts * marsify * :pepodrool: * fix missing import * import cache * ...and settings.py * and static.py * static needs cache * route * lmao all of the jinja shit was in feeds.py amazing * classes should only import what they need from flask * import Response * hdjbjdhbhjf * ... * dfdfdfdf * make get a non-required import * isort imports (mostly) * but actually * configs * reload config on import * fgfgfgfg * config * config * initialize snappy and test * cookie of doom debug * edfjnkf * xikscdfd * debug config * set session cookie domain, i think this fixes the can't login bug * sdfbgnhvfdsghbnjfbdvvfghnn * hrsfxgf * dump the entire config on a request * kyskyskyskyskyskyskyskyskys * duifhdskfjdfd * dfdfdfdfdfdfdfdfdfdfdfdf * dfdfdfdf * imoprt all of the consts beacuse fuck it * 😭 * dfdfdfdfdfdfsdasdf * print the entire session * rffdfdfjkfksj * fgbhffh * not the secret keys * minor bug fixes * be helpful in the warning * gfgfgfg * move warning lower * isort main imports (i hope this doesn't fuck something up) * test * session cookie domain redux * dfdfdfd * try only importing Flask * formkeys fix * y * :pepodrool: * route helper * remove before flight * dfdfdfdfdf * isort classes * isort helpers * move check_for_alts to routehelpers and also sort imports and get rid of unused ones * that previous commit but actkally * readd the cache in a dozen places they were implicitly imported * use g.is_tor instead of request.headers. bla bla bla * upgrade streamers to their own route file * get rid of unused imports in __main__ * fgfgf * don't pull in the entire ORM where we don't need it * features * explicit imports for the get helper * explicit imports for the get helper redux * testing allroutes * remove unused import * decouple flask from classes * syntax fix also remember these have side fx for some reason (why?) * move side effects out of the class * posts * testing on devrama * settings * reloading * settingssdsdsds * streamer features * site settings * testing settings on devrama * import * fix modlog * remove debug stuff * revert commit 67275b21ab6e2f2520819e84d10bfc1c746a15b6 * archiveorg to _archiveorg * skhudkfkjfd * fix cron for PCM * fix bugs that snekky wants me to * Fix call to realbody passing db, standardize kwarg * test * import check_for_alts from the right place * cloudflare * testing on devrama * fix cron i think * shadow properly * tasks * Remove print which will surely be annoying in prod. * v and create new session * use files.classes * make errors import little and fix rare 500 in /allow_nsfw * Revert "use files.classes" This reverts commit 98c10b876cf86ce058b7fb955cf1ec0bfb9996c6. * pass v to media functions rather than using g * fix * dfdfdfdfd * cleanup, py type checking is dumb so don't use it where it causes issues * Fix some merge bugs, add DEFAULT_RATELIMIT to main. * Fix imports on sqlalchemy expressions. * `from random import random` is an error. * Fix replies db param. * errors: fix missing import * fix rare 500: only send to GIFT_NOTIF_ID if it exists, and send them the right text * Fix signup formkey. * fix 2 500s * propagate db to submissions * fix replies * dfdfdfdf * Fix verifiedcolor. * is_manual * can't use getters outside of an app context * don't attempt to do gumroad on sites where it's not enabled * don't attempt to do gumraod on sites's where it's unnecessary * Revert "don't attempt to do gumroad on sites where it's not enabled" This reverts commit 6f8a6331878655492dfaf1907b27f8be513c14d3. * fix 500 * validate media type Co-authored-by: TLSM <duolsm@outlook.com>
2022-11-15 09:19:08 +00:00
import random
import re
import signal
from functools import partial
2023-01-01 07:55:22 +00:00
from os import path, listdir
2023-08-05 19:01:42 +00:00
from urllib.parse import parse_qs, urlparse, unquote, ParseResult, urlencode, urlunparse
import time
import requests
[DO NOT MERGE] import detanglation (#442) * move Base definition to files.classes.__init__.py * fix ImportError * move userpage listing to users.py * don't import the app from classes * consts: set default values to avoid crashes consts: warn if the secret key is the default config value * card view: sneed (user db schema) * cloudflare: use DEFAULT_CONFIG_VALUE * const: set default values * decouple media.py from __main__ * pass database to avoid imports * import cleanup and import request not in const, but in the requests mega import * move asset_submissions site check to __init__ * asset submissions feature flag * flag * g.is_tor * don't import request where it's not needed * i think this is fine * mail: move to own routes and helper * wrappers * required wrappers move * unfuck wrappers a bit * move snappy quotes and marseys to stateful consts * marsify * :pepodrool: * fix missing import * import cache * ...and settings.py * and static.py * static needs cache * route * lmao all of the jinja shit was in feeds.py amazing * classes should only import what they need from flask * import Response * hdjbjdhbhjf * ... * dfdfdfdf * make get a non-required import * isort imports (mostly) * but actually * configs * reload config on import * fgfgfgfg * config * config * initialize snappy and test * cookie of doom debug * edfjnkf * xikscdfd * debug config * set session cookie domain, i think this fixes the can't login bug * sdfbgnhvfdsghbnjfbdvvfghnn * hrsfxgf * dump the entire config on a request * kyskyskyskyskyskyskyskyskys * duifhdskfjdfd * dfdfdfdfdfdfdfdfdfdfdfdf * dfdfdfdf * imoprt all of the consts beacuse fuck it * 😭 * dfdfdfdfdfdfsdasdf * print the entire session * rffdfdfjkfksj * fgbhffh * not the secret keys * minor bug fixes * be helpful in the warning * gfgfgfg * move warning lower * isort main imports (i hope this doesn't fuck something up) * test * session cookie domain redux * dfdfdfd * try only importing Flask * formkeys fix * y * :pepodrool: * route helper * remove before flight * dfdfdfdfdf * isort classes * isort helpers * move check_for_alts to routehelpers and also sort imports and get rid of unused ones * that previous commit but actkally * readd the cache in a dozen places they were implicitly imported * use g.is_tor instead of request.headers. bla bla bla * upgrade streamers to their own route file * get rid of unused imports in __main__ * fgfgf * don't pull in the entire ORM where we don't need it * features * explicit imports for the get helper * explicit imports for the get helper redux * testing allroutes * remove unused import * decouple flask from classes * syntax fix also remember these have side fx for some reason (why?) * move side effects out of the class * posts * testing on devrama * settings * reloading * settingssdsdsds * streamer features * site settings * testing settings on devrama * import * fix modlog * remove debug stuff * revert commit 67275b21ab6e2f2520819e84d10bfc1c746a15b6 * archiveorg to _archiveorg * skhudkfkjfd * fix cron for PCM * fix bugs that snekky wants me to * Fix call to realbody passing db, standardize kwarg * test * import check_for_alts from the right place * cloudflare * testing on devrama * fix cron i think * shadow properly * tasks * Remove print which will surely be annoying in prod. * v and create new session * use files.classes * make errors import little and fix rare 500 in /allow_nsfw * Revert "use files.classes" This reverts commit 98c10b876cf86ce058b7fb955cf1ec0bfb9996c6. * pass v to media functions rather than using g * fix * dfdfdfdfd * cleanup, py type checking is dumb so don't use it where it causes issues * Fix some merge bugs, add DEFAULT_RATELIMIT to main. * Fix imports on sqlalchemy expressions. * `from random import random` is an error. * Fix replies db param. * errors: fix missing import * fix rare 500: only send to GIFT_NOTIF_ID if it exists, and send them the right text * Fix signup formkey. * fix 2 500s * propagate db to submissions * fix replies * dfdfdfdf * Fix verifiedcolor. * is_manual * can't use getters outside of an app context * don't attempt to do gumroad on sites where it's not enabled * don't attempt to do gumraod on sites's where it's unnecessary * Revert "don't attempt to do gumroad on sites where it's not enabled" This reverts commit 6f8a6331878655492dfaf1907b27f8be513c14d3. * fix 500 * validate media type Co-authored-by: TLSM <duolsm@outlook.com>
2022-11-15 09:19:08 +00:00
2023-07-26 23:41:52 +00:00
from sqlalchemy.sql import func
2022-05-04 23:09:46 +00:00
import bleach
2022-05-25 00:27:41 +00:00
from bleach.css_sanitizer import CSSSanitizer
2022-07-15 13:27:45 +00:00
from bleach.linkifier import LinkifyFilter
[DO NOT MERGE] import detanglation (#442) * move Base definition to files.classes.__init__.py * fix ImportError * move userpage listing to users.py * don't import the app from classes * consts: set default values to avoid crashes consts: warn if the secret key is the default config value * card view: sneed (user db schema) * cloudflare: use DEFAULT_CONFIG_VALUE * const: set default values * decouple media.py from __main__ * pass database to avoid imports * import cleanup and import request not in const, but in the requests mega import * move asset_submissions site check to __init__ * asset submissions feature flag * flag * g.is_tor * don't import request where it's not needed * i think this is fine * mail: move to own routes and helper * wrappers * required wrappers move * unfuck wrappers a bit * move snappy quotes and marseys to stateful consts * marsify * :pepodrool: * fix missing import * import cache * ...and settings.py * and static.py * static needs cache * route * lmao all of the jinja shit was in feeds.py amazing * classes should only import what they need from flask * import Response * hdjbjdhbhjf * ... * dfdfdfdf * make get a non-required import * isort imports (mostly) * but actually * configs * reload config on import * fgfgfgfg * config * config * initialize snappy and test * cookie of doom debug * edfjnkf * xikscdfd * debug config * set session cookie domain, i think this fixes the can't login bug * sdfbgnhvfdsghbnjfbdvvfghnn * hrsfxgf * dump the entire config on a request * kyskyskyskyskyskyskyskyskys * duifhdskfjdfd * dfdfdfdfdfdfdfdfdfdfdfdf * dfdfdfdf * imoprt all of the consts beacuse fuck it * 😭 * dfdfdfdfdfdfsdasdf * print the entire session * rffdfdfjkfksj * fgbhffh * not the secret keys * minor bug fixes * be helpful in the warning * gfgfgfg * move warning lower * isort main imports (i hope this doesn't fuck something up) * test * session cookie domain redux * dfdfdfd * try only importing Flask * formkeys fix * y * :pepodrool: * route helper * remove before flight * dfdfdfdfdf * isort classes * isort helpers * move check_for_alts to routehelpers and also sort imports and get rid of unused ones * that previous commit but actkally * readd the cache in a dozen places they were implicitly imported * use g.is_tor instead of request.headers. bla bla bla * upgrade streamers to their own route file * get rid of unused imports in __main__ * fgfgf * don't pull in the entire ORM where we don't need it * features * explicit imports for the get helper * explicit imports for the get helper redux * testing allroutes * remove unused import * decouple flask from classes * syntax fix also remember these have side fx for some reason (why?) * move side effects out of the class * posts * testing on devrama * settings * reloading * settingssdsdsds * streamer features * site settings * testing settings on devrama * import * fix modlog * remove debug stuff * revert commit 67275b21ab6e2f2520819e84d10bfc1c746a15b6 * archiveorg to _archiveorg * skhudkfkjfd * fix cron for PCM * fix bugs that snekky wants me to * Fix call to realbody passing db, standardize kwarg * test * import check_for_alts from the right place * cloudflare * testing on devrama * fix cron i think * shadow properly * tasks * Remove print which will surely be annoying in prod. * v and create new session * use files.classes * make errors import little and fix rare 500 in /allow_nsfw * Revert "use files.classes" This reverts commit 98c10b876cf86ce058b7fb955cf1ec0bfb9996c6. * pass v to media functions rather than using g * fix * dfdfdfdfd * cleanup, py type checking is dumb so don't use it where it causes issues * Fix some merge bugs, add DEFAULT_RATELIMIT to main. * Fix imports on sqlalchemy expressions. * `from random import random` is an error. * Fix replies db param. * errors: fix missing import * fix rare 500: only send to GIFT_NOTIF_ID if it exists, and send them the right text * Fix signup formkey. * fix 2 500s * propagate db to submissions * fix replies * dfdfdfdf * Fix verifiedcolor. * is_manual * can't use getters outside of an app context * don't attempt to do gumroad on sites where it's not enabled * don't attempt to do gumraod on sites's where it's unnecessary * Revert "don't attempt to do gumroad on sites where it's not enabled" This reverts commit 6f8a6331878655492dfaf1907b27f8be513c14d3. * fix 500 * validate media type Co-authored-by: TLSM <duolsm@outlook.com>
2022-11-15 09:19:08 +00:00
from bs4 import BeautifulSoup
2022-05-04 23:09:46 +00:00
from mistletoe import markdown
2023-02-25 22:06:49 +00:00
[DO NOT MERGE] import detanglation (#442) * move Base definition to files.classes.__init__.py * fix ImportError * move userpage listing to users.py * don't import the app from classes * consts: set default values to avoid crashes consts: warn if the secret key is the default config value * card view: sneed (user db schema) * cloudflare: use DEFAULT_CONFIG_VALUE * const: set default values * decouple media.py from __main__ * pass database to avoid imports * import cleanup and import request not in const, but in the requests mega import * move asset_submissions site check to __init__ * asset submissions feature flag * flag * g.is_tor * don't import request where it's not needed * i think this is fine * mail: move to own routes and helper * wrappers * required wrappers move * unfuck wrappers a bit * move snappy quotes and marseys to stateful consts * marsify * :pepodrool: * fix missing import * import cache * ...and settings.py * and static.py * static needs cache * route * lmao all of the jinja shit was in feeds.py amazing * classes should only import what they need from flask * import Response * hdjbjdhbhjf * ... * dfdfdfdf * make get a non-required import * isort imports (mostly) * but actually * configs * reload config on import * fgfgfgfg * config * config * initialize snappy and test * cookie of doom debug * edfjnkf * xikscdfd * debug config * set session cookie domain, i think this fixes the can't login bug * sdfbgnhvfdsghbnjfbdvvfghnn * hrsfxgf * dump the entire config on a request * kyskyskyskyskyskyskyskyskys * duifhdskfjdfd * dfdfdfdfdfdfdfdfdfdfdfdf * dfdfdfdf * imoprt all of the consts beacuse fuck it * 😭 * dfdfdfdfdfdfsdasdf * print the entire session * rffdfdfjkfksj * fgbhffh * not the secret keys * minor bug fixes * be helpful in the warning * gfgfgfg * move warning lower * isort main imports (i hope this doesn't fuck something up) * test * session cookie domain redux * dfdfdfd * try only importing Flask * formkeys fix * y * :pepodrool: * route helper * remove before flight * dfdfdfdfdf * isort classes * isort helpers * move check_for_alts to routehelpers and also sort imports and get rid of unused ones * that previous commit but actkally * readd the cache in a dozen places they were implicitly imported * use g.is_tor instead of request.headers. bla bla bla * upgrade streamers to their own route file * get rid of unused imports in __main__ * fgfgf * don't pull in the entire ORM where we don't need it * features * explicit imports for the get helper * explicit imports for the get helper redux * testing allroutes * remove unused import * decouple flask from classes * syntax fix also remember these have side fx for some reason (why?) * move side effects out of the class * posts * testing on devrama * settings * reloading * settingssdsdsds * streamer features * site settings * testing settings on devrama * import * fix modlog * remove debug stuff * revert commit 67275b21ab6e2f2520819e84d10bfc1c746a15b6 * archiveorg to _archiveorg * skhudkfkjfd * fix cron for PCM * fix bugs that snekky wants me to * Fix call to realbody passing db, standardize kwarg * test * import check_for_alts from the right place * cloudflare * testing on devrama * fix cron i think * shadow properly * tasks * Remove print which will surely be annoying in prod. * v and create new session * use files.classes * make errors import little and fix rare 500 in /allow_nsfw * Revert "use files.classes" This reverts commit 98c10b876cf86ce058b7fb955cf1ec0bfb9996c6. * pass v to media functions rather than using g * fix * dfdfdfdfd * cleanup, py type checking is dumb so don't use it where it causes issues * Fix some merge bugs, add DEFAULT_RATELIMIT to main. * Fix imports on sqlalchemy expressions. * `from random import random` is an error. * Fix replies db param. * errors: fix missing import * fix rare 500: only send to GIFT_NOTIF_ID if it exists, and send them the right text * Fix signup formkey. * fix 2 500s * propagate db to submissions * fix replies * dfdfdfdf * Fix verifiedcolor. * is_manual * can't use getters outside of an app context * don't attempt to do gumroad on sites where it's not enabled * don't attempt to do gumraod on sites's where it's unnecessary * Revert "don't attempt to do gumroad on sites where it's not enabled" This reverts commit 6f8a6331878655492dfaf1907b27f8be513c14d3. * fix 500 * validate media type Co-authored-by: TLSM <duolsm@outlook.com>
2022-11-15 09:19:08 +00:00
from files.classes.domains import BannedDomain
2023-02-07 03:31:49 +00:00
from files.classes.mod_logs import ModAction
from files.classes.notifications import Notification
2023-02-25 22:06:49 +00:00
from files.classes.group import Group
2023-08-11 13:34:56 +00:00
from files.classes.follows import Follow
[DO NOT MERGE] import detanglation (#442) * move Base definition to files.classes.__init__.py * fix ImportError * move userpage listing to users.py * don't import the app from classes * consts: set default values to avoid crashes consts: warn if the secret key is the default config value * card view: sneed (user db schema) * cloudflare: use DEFAULT_CONFIG_VALUE * const: set default values * decouple media.py from __main__ * pass database to avoid imports * import cleanup and import request not in const, but in the requests mega import * move asset_submissions site check to __init__ * asset submissions feature flag * flag * g.is_tor * don't import request where it's not needed * i think this is fine * mail: move to own routes and helper * wrappers * required wrappers move * unfuck wrappers a bit * move snappy quotes and marseys to stateful consts * marsify * :pepodrool: * fix missing import * import cache * ...and settings.py * and static.py * static needs cache * route * lmao all of the jinja shit was in feeds.py amazing * classes should only import what they need from flask * import Response * hdjbjdhbhjf * ... * dfdfdfdf * make get a non-required import * isort imports (mostly) * but actually * configs * reload config on import * fgfgfgfg * config * config * initialize snappy and test * cookie of doom debug * edfjnkf * xikscdfd * debug config * set session cookie domain, i think this fixes the can't login bug * sdfbgnhvfdsghbnjfbdvvfghnn * hrsfxgf * dump the entire config on a request * kyskyskyskyskyskyskyskyskys * duifhdskfjdfd * dfdfdfdfdfdfdfdfdfdfdfdf * dfdfdfdf * imoprt all of the consts beacuse fuck it * 😭 * dfdfdfdfdfdfsdasdf * print the entire session * rffdfdfjkfksj * fgbhffh * not the secret keys * minor bug fixes * be helpful in the warning * gfgfgfg * move warning lower * isort main imports (i hope this doesn't fuck something up) * test * session cookie domain redux * dfdfdfd * try only importing Flask * formkeys fix * y * :pepodrool: * route helper * remove before flight * dfdfdfdfdf * isort classes * isort helpers * move check_for_alts to routehelpers and also sort imports and get rid of unused ones * that previous commit but actkally * readd the cache in a dozen places they were implicitly imported * use g.is_tor instead of request.headers. bla bla bla * upgrade streamers to their own route file * get rid of unused imports in __main__ * fgfgf * don't pull in the entire ORM where we don't need it * features * explicit imports for the get helper * explicit imports for the get helper redux * testing allroutes * remove unused import * decouple flask from classes * syntax fix also remember these have side fx for some reason (why?) * move side effects out of the class * posts * testing on devrama * settings * reloading * settingssdsdsds * streamer features * site settings * testing settings on devrama * import * fix modlog * remove debug stuff * revert commit 67275b21ab6e2f2520819e84d10bfc1c746a15b6 * archiveorg to _archiveorg * skhudkfkjfd * fix cron for PCM * fix bugs that snekky wants me to * Fix call to realbody passing db, standardize kwarg * test * import check_for_alts from the right place * cloudflare * testing on devrama * fix cron i think * shadow properly * tasks * Remove print which will surely be annoying in prod. * v and create new session * use files.classes * make errors import little and fix rare 500 in /allow_nsfw * Revert "use files.classes" This reverts commit 98c10b876cf86ce058b7fb955cf1ec0bfb9996c6. * pass v to media functions rather than using g * fix * dfdfdfdfd * cleanup, py type checking is dumb so don't use it where it causes issues * Fix some merge bugs, add DEFAULT_RATELIMIT to main. * Fix imports on sqlalchemy expressions. * `from random import random` is an error. * Fix replies db param. * errors: fix missing import * fix rare 500: only send to GIFT_NOTIF_ID if it exists, and send them the right text * Fix signup formkey. * fix 2 500s * propagate db to submissions * fix replies * dfdfdfdf * Fix verifiedcolor. * is_manual * can't use getters outside of an app context * don't attempt to do gumroad on sites where it's not enabled * don't attempt to do gumraod on sites's where it's unnecessary * Revert "don't attempt to do gumroad on sites where it's not enabled" This reverts commit 6f8a6331878655492dfaf1907b27f8be513c14d3. * fix 500 * validate media type Co-authored-by: TLSM <duolsm@outlook.com>
2022-11-15 09:19:08 +00:00
from files.helpers.config.const import *
[DO NOT MERGE] import detanglation (#442) * move Base definition to files.classes.__init__.py * fix ImportError * move userpage listing to users.py * don't import the app from classes * consts: set default values to avoid crashes consts: warn if the secret key is the default config value * card view: sneed (user db schema) * cloudflare: use DEFAULT_CONFIG_VALUE * const: set default values * decouple media.py from __main__ * pass database to avoid imports * import cleanup and import request not in const, but in the requests mega import * move asset_submissions site check to __init__ * asset submissions feature flag * flag * g.is_tor * don't import request where it's not needed * i think this is fine * mail: move to own routes and helper * wrappers * required wrappers move * unfuck wrappers a bit * move snappy quotes and marseys to stateful consts * marsify * :pepodrool: * fix missing import * import cache * ...and settings.py * and static.py * static needs cache * route * lmao all of the jinja shit was in feeds.py amazing * classes should only import what they need from flask * import Response * hdjbjdhbhjf * ... * dfdfdfdf * make get a non-required import * isort imports (mostly) * but actually * configs * reload config on import * fgfgfgfg * config * config * initialize snappy and test * cookie of doom debug * edfjnkf * xikscdfd * debug config * set session cookie domain, i think this fixes the can't login bug * sdfbgnhvfdsghbnjfbdvvfghnn * hrsfxgf * dump the entire config on a request * kyskyskyskyskyskyskyskyskys * duifhdskfjdfd * dfdfdfdfdfdfdfdfdfdfdfdf * dfdfdfdf * imoprt all of the consts beacuse fuck it * 😭 * dfdfdfdfdfdfsdasdf * print the entire session * rffdfdfjkfksj * fgbhffh * not the secret keys * minor bug fixes * be helpful in the warning * gfgfgfg * move warning lower * isort main imports (i hope this doesn't fuck something up) * test * session cookie domain redux * dfdfdfd * try only importing Flask * formkeys fix * y * :pepodrool: * route helper * remove before flight * dfdfdfdfdf * isort classes * isort helpers * move check_for_alts to routehelpers and also sort imports and get rid of unused ones * that previous commit but actkally * readd the cache in a dozen places they were implicitly imported * use g.is_tor instead of request.headers. bla bla bla * upgrade streamers to their own route file * get rid of unused imports in __main__ * fgfgf * don't pull in the entire ORM where we don't need it * features * explicit imports for the get helper * explicit imports for the get helper redux * testing allroutes * remove unused import * decouple flask from classes * syntax fix also remember these have side fx for some reason (why?) * move side effects out of the class * posts * testing on devrama * settings * reloading * settingssdsdsds * streamer features * site settings * testing settings on devrama * import * fix modlog * remove debug stuff * revert commit 67275b21ab6e2f2520819e84d10bfc1c746a15b6 * archiveorg to _archiveorg * skhudkfkjfd * fix cron for PCM * fix bugs that snekky wants me to * Fix call to realbody passing db, standardize kwarg * test * import check_for_alts from the right place * cloudflare * testing on devrama * fix cron i think * shadow properly * tasks * Remove print which will surely be annoying in prod. * v and create new session * use files.classes * make errors import little and fix rare 500 in /allow_nsfw * Revert "use files.classes" This reverts commit 98c10b876cf86ce058b7fb955cf1ec0bfb9996c6. * pass v to media functions rather than using g * fix * dfdfdfdfd * cleanup, py type checking is dumb so don't use it where it causes issues * Fix some merge bugs, add DEFAULT_RATELIMIT to main. * Fix imports on sqlalchemy expressions. * `from random import random` is an error. * Fix replies db param. * errors: fix missing import * fix rare 500: only send to GIFT_NOTIF_ID if it exists, and send them the right text * Fix signup formkey. * fix 2 500s * propagate db to submissions * fix replies * dfdfdfdf * Fix verifiedcolor. * is_manual * can't use getters outside of an app context * don't attempt to do gumroad on sites where it's not enabled * don't attempt to do gumraod on sites's where it's unnecessary * Revert "don't attempt to do gumroad on sites where it's not enabled" This reverts commit 6f8a6331878655492dfaf1907b27f8be513c14d3. * fix 500 * validate media type Co-authored-by: TLSM <duolsm@outlook.com>
2022-11-15 09:19:08 +00:00
from files.helpers.const_stateful import *
from files.helpers.regex import *
2023-03-09 22:32:31 +00:00
from files.helpers.get import *
from files.helpers.marsify import *
from files.helpers.owoify import *
from files.helpers.sharpen import *
from files.helpers.queenify import *
2022-05-04 23:09:46 +00:00
2023-10-28 19:21:24 +00:00
allowed_tags = ('a','audio','b','big','blink','blockquote','br','center','code','del','details','em','g','h1','h2','h3','h4','h5','h6','hr','i','img','li','lite-youtube','marquee','ol','p','pre','rp','rt','ruby','small','span','spoiler','strike','strong','sub','summary','sup','table','tbody','td','th','thead','tr','u','ul','video')
2022-05-04 23:09:46 +00:00
2023-09-18 16:28:08 +00:00
allowed_styles = ['background-color', 'color', 'filter', 'font-weight', 'text-align', 'transform']
2022-05-25 00:27:41 +00:00
2022-05-04 23:09:46 +00:00
def allowed_attributes(tag, name, value):
2023-09-18 16:28:08 +00:00
if name == 'style':
return True
2022-05-04 23:09:46 +00:00
if tag == 'marquee':
if name in {'direction', 'behavior', 'scrollamount'}: return True
2022-05-04 23:09:46 +00:00
if name in {'height', 'width'}:
try: value = int(value.replace('px', ''))
except: return False
if 0 < value <= 250: return True
2022-05-04 23:09:46 +00:00
if tag == 'a':
if name == 'href' and '\\' not in value and 'xn--' not in value:
return True
2022-10-29 21:46:30 +00:00
if name == 'rel' and value == 'nofollow noopener': return True
if name == 'target' and value == '_blank': return True
2022-05-04 23:09:46 +00:00
if tag == 'img':
if name in {'src','data-src'}: return is_safe_url(value)
2022-05-04 23:09:46 +00:00
if name == 'loading' and value == 'lazy': return True
if name == 'data-bs-toggle' and value == 'tooltip': return True
2023-08-05 16:06:03 +00:00
if name in {'g','b','glow','party'} and not value: return True
if name in {'alt','title'}: return True
2023-03-12 13:13:28 +00:00
if name == 'class' and value == 'img': return True
if name == 'data-user-submitted' and not value: return True
2022-05-04 23:09:46 +00:00
if tag == 'lite-youtube':
if name == 'params' and value.startswith('autoplay=1&modestbranding=1'): return True
if name == 'videoid': return True
if tag == 'video':
if name == 'controls' and value == '': return True
if name == 'preload' and value == 'none': return True
2022-05-25 18:29:22 +00:00
if name == 'src': return is_safe_url(value)
2022-05-04 23:09:46 +00:00
if tag == 'audio':
2022-05-25 18:29:22 +00:00
if name == 'src': return is_safe_url(value)
if name == 'controls' and value == '': return True
if name == 'preload' and value == 'none': return True
2022-05-04 23:09:46 +00:00
if tag == 'p':
2023-08-29 11:05:10 +00:00
if name == 'class' and value in {'mb-0','resizable','yt','text-center'}: return True
2022-05-04 23:09:46 +00:00
if tag == 'span':
if name == 'data-bs-toggle' and value == 'tooltip': return True
if name == 'title': return True
if name == 'alt': return True
if name == 'cide' and not value: return True
if name == 'bounce' and not value: return True
2022-05-04 23:09:46 +00:00
if tag == 'table':
if name == 'class' and value == 'table': return True
2023-01-01 11:36:20 +00:00
2022-12-10 19:12:14 +00:00
return False
2022-05-04 23:09:46 +00:00
2023-05-03 14:12:12 +00:00
def create_comment_duplicated(text_html):
new_comment = Comment(author_id=AUTOJANNY_ID,
parent_post=None,
2023-05-03 14:12:12 +00:00
body_html=text_html,
distinguish_level=6,
is_bot=True)
g.db.add(new_comment)
g.db.flush()
new_comment.top_comment_id = new_comment.id
return new_comment.id
def send_repeatable_notification_duplicated(uid, text):
2023-05-12 22:29:34 +00:00
if uid in BOT_IDs: return
2023-05-03 14:12:12 +00:00
text_html = sanitize(text)
existing_comments = g.db.query(Comment.id).filter_by(author_id=AUTOJANNY_ID, parent_post=None, body_html=text_html, is_bot=True).order_by(Comment.id).all()
2023-05-03 14:12:12 +00:00
for c in existing_comments:
existing_notif = g.db.query(Notification.user_id).filter_by(user_id=uid, comment_id=c.id).one_or_none()
if not existing_notif:
notif = Notification(comment_id=c.id, user_id=uid)
g.db.add(notif)
return
cid = create_comment_duplicated(text_html)
notif = Notification(comment_id=cid, user_id=uid)
g.db.add(notif)
def execute_blackjack(v, target, body, kind):
2023-02-07 03:31:49 +00:00
if not blackjack or not body: return False
execute = False
for x in blackjack.split(','):
if all(i in body.lower() for i in x.split()):
execute = True
if not execute: return False
2023-05-03 15:38:45 +00:00
v.shadowbanned = AUTOJANNY_ID
ma = ModAction(
kind="shadowban",
user_id=AUTOJANNY_ID,
target_user_id=v.id,
_note=f'reason: "Blackjack: {kind}"'
2023-05-03 15:38:45 +00:00
)
g.db.add(ma)
v.ban_reason = f"Blackjack: {kind}"
2023-05-03 15:38:45 +00:00
g.db.add(v)
2023-02-07 03:31:49 +00:00
2023-03-16 06:27:58 +00:00
notified_ids = [x[0] for x in g.db.query(User.id).filter(User.admin_level >= PERMS['BLACKJACK_NOTIFICATIONS'])]
extra_info = kind
2023-02-07 03:31:49 +00:00
if target:
if kind == 'post':
2023-02-07 03:31:49 +00:00
extra_info = target.permalink
elif kind == 'report':
2023-02-07 03:31:49 +00:00
extra_info = f"reports on {target.permalink}"
elif kind in {'comment', 'message'}:
2023-02-07 03:31:49 +00:00
for id in notified_ids:
n = Notification(comment_id=target.id, user_id=id)
2023-03-16 06:27:58 +00:00
g.db.add(n)
2023-03-09 22:32:31 +00:00
2023-02-07 03:31:49 +00:00
extra_info = None
if extra_info:
for id in notified_ids:
2023-05-03 14:12:12 +00:00
send_repeatable_notification_duplicated(id, f"Blackjack by @{v.username}: {extra_info}")
2023-02-07 03:31:49 +00:00
return True
2022-05-04 23:09:46 +00:00
2023-10-06 18:56:56 +00:00
def find_all_emoji_endings(emoji):
2023-08-20 01:06:52 +00:00
endings = []
if path.isfile(f'files/assets/images/emojis/{emoji}.webp'):
return endings, emoji
is_non_ending_found = False
while not is_non_ending_found:
2023-09-29 07:15:29 +00:00
if emoji.endswith('pat'):
if 'pat' in endings:
is_non_ending_found = True
continue
endings.append('pat')
2023-09-29 07:15:29 +00:00
emoji = emoji[:-3]
continue
2023-09-07 15:26:31 +00:00
2023-09-29 07:15:29 +00:00
if emoji.endswith('talking'):
if 'talking' in endings:
is_non_ending_found = True
continue
endings.append('talking')
2023-09-29 07:15:29 +00:00
emoji = emoji[:-7]
continue
2023-09-29 07:15:29 +00:00
if emoji.endswith('genocide'):
if 'genocide' in endings:
is_non_ending_found = True
continue
endings.append('genocide')
2023-09-29 07:15:29 +00:00
emoji = emoji[:-8]
continue
2023-09-07 15:26:31 +00:00
2023-09-29 07:15:29 +00:00
if emoji.endswith('love'):
2023-08-17 15:37:30 +00:00
if 'love' in endings:
is_non_ending_found = True
continue
2023-08-17 15:37:30 +00:00
endings.append('love')
2023-09-29 07:15:29 +00:00
emoji = emoji[:-4]
continue
is_non_ending_found = True
2023-09-07 15:26:31 +00:00
2023-09-29 07:15:29 +00:00
if emoji.endswith('random'):
kind = emoji.split('random')[0].title()
if kind == 'Donkeykong': kind = 'Donkey Kong'
elif kind == 'Marseyflag': kind = 'Marsey Flags'
elif kind == 'Marseyalphabet': kind = 'Marsey Alphabet'
if kind in EMOJI_KINDS:
2023-10-05 10:19:50 +00:00
emoji = g.db.query(Emoji.name).filter_by(kind=kind, nsfw=False).order_by(func.random()).first()[0]
2023-09-29 07:15:29 +00:00
return endings, emoji
def render_emoji(html, regexp, golden, emojis_used, b=False, is_title=False):
2022-05-04 23:09:46 +00:00
emojis = list(regexp.finditer(html))
captured = set()
for i in emojis:
if i.group(0) in captured: continue
captured.add(i.group(0))
emoji = i.group(1).lower()
attrs = ''
if b: attrs += ' b'
if is_title: emoji = emoji.replace('#','')
2023-09-29 01:29:14 +00:00
if golden and len(emojis) <= 20 and ('marsey' in emoji or emoji in MARSEYS_CONST2):
2023-08-05 16:06:03 +00:00
if random.random() < 0.005:
attrs += ' ' + random.choice(('g', 'glow', 'party'))
2022-05-04 23:09:46 +00:00
old = emoji
emoji = emoji.replace('!','').replace('#','')
2023-07-26 23:41:52 +00:00
2023-06-07 05:29:43 +00:00
emoji_partial_pat = '<img alt=":{0}:" loading="lazy" src="{1}"{2}>'
emoji_partial = '<img alt=":{0}:" data-bs-toggle="tooltip" loading="lazy" src="{1}" title=":{0}:"{2}>'
2022-05-04 23:09:46 +00:00
emoji_html = None
2023-10-06 18:56:56 +00:00
ending_modifiers, emoji = find_all_emoji_endings(emoji)
is_talking = 'talking' in ending_modifiers
is_patted = 'pat' in ending_modifiers
is_talking_first = ending_modifiers.index('pat') > ending_modifiers.index('talking') if is_talking and is_patted else False
2023-08-17 15:37:30 +00:00
is_loved = 'love' in ending_modifiers
is_genocided = 'genocide' in ending_modifiers
is_user = emoji.startswith('@')
end_modifier_length = 3 if is_patted else 0
end_modifier_length = end_modifier_length + 7 if is_talking else end_modifier_length
2023-08-04 18:07:36 +00:00
hand_html = f'<img loading="lazy" src="{SITE_FULL_IMAGES}/i/hand.webp">' if is_patted and emoji != 'marseyunpettable' else ''
talking_html = f'<img loading="lazy" src="{SITE_FULL_IMAGES}/i/talking.webp">' if is_talking else ''
2023-09-07 15:26:31 +00:00
loved_html = f'<img loading="lazy" src="{SITE_FULL_IMAGES}/i/love-foreground.webp" alt=":{old}:" {attrs}><img loading="lazy" alt=":{old}:" src="{SITE_FULL_IMAGES}/i/love-background.webp" {attrs}>'
genocide_attr = ' cide' if is_genocided else ''
2023-09-07 15:26:31 +00:00
modifier_html = ''
2023-12-31 01:09:05 +00:00
if is_talking and is_patted:
2023-09-07 15:26:31 +00:00
modifier_html = f'{talking_html}{hand_html}' if is_talking_first else f'{hand_html}{talking_html}'
2023-12-31 01:09:05 +00:00
elif is_patted:
modifier_html = hand_html
2023-12-31 01:09:05 +00:00
elif is_talking:
modifier_html = talking_html
2023-09-07 15:26:31 +00:00
2023-12-31 01:09:05 +00:00
if is_loved:
modifier_html = f'{modifier_html}{loved_html}'
if (is_patted and emoji != 'marseyunpettable') or is_talking or is_genocided or is_loved:
if path.isfile(f"files/assets/images/emojis/{emoji}.webp"):
emoji_html = f'<span alt=":{old}:" data-bs-toggle="tooltip" title=":{old}:"{genocide_attr}>{modifier_html}{emoji_partial_pat.format(old, f"{SITE_FULL_IMAGES}/e/{emoji}.webp", attrs)}</span>'
elif is_user:
if u := get_user(emoji[1:], graceful=True):
emoji_html = f'<span alt=":{old}:" data-bs-toggle="tooltip" title=":{old}:"{genocide_attr}>{modifier_html}{emoji_partial_pat.format(old, f"/pp/{u.id}", attrs)}</span>'
2022-05-04 23:09:46 +00:00
elif path.isfile(f'files/assets/images/emojis/{emoji}.webp'):
emoji_html = emoji_partial.format(old, f'{SITE_FULL_IMAGES}/e/{emoji}.webp', attrs)
2022-05-04 23:09:46 +00:00
if emoji_html:
emojis_used.add(emoji)
2023-06-24 16:03:05 +00:00
html = re.sub(f'(?<!"){i.group(0)}(?![^<]*<\/(code|pre)>)', emoji_html, html)
2022-05-04 23:09:46 +00:00
return html
2023-07-30 00:42:06 +00:00
def with_sigalrm_timeout(timeout):
'Use SIGALRM to raise an exception if the function executes for longer than timeout seconds'
2022-05-04 23:09:46 +00:00
# while trying to test this using time.sleep I discovered that gunicorn does in fact do some
# async so if we timeout on that (or on a db op) then the process is crashed without returning
# a proper 500 error. Oh well.
def sig_handler(signum, frame):
print("Timeout!", flush=True)
raise Exception("Timeout")
2022-05-04 23:09:46 +00:00
def inner(func):
@functools.wraps(func)
def wrapped(*args, **kwargs):
signal.signal(signal.SIGALRM, sig_handler)
signal.alarm(timeout)
try:
return func(*args, **kwargs)
finally:
signal.alarm(0)
return wrapped
return inner
2023-07-30 00:42:06 +00:00
def remove_cuniform(sanitized):
2023-05-20 11:09:40 +00:00
if not sanitized: return ""
sanitized = sanitized.replace('\u200e','').replace('\u200b','').replace('\u202e','').replace("\ufeff", "").replace("\u033f","").replace("\u0589", ":")
2023-05-20 11:09:40 +00:00
sanitized = sanitized.replace("𒐪","").replace("𒐫","").replace("","")
sanitized = sanitized.replace("\r\n", "\n")
2023-07-29 19:16:31 +00:00
sanitized = sanitized.replace("", "'")
return sanitized.strip()
def get_youtube_id_and_t(url):
2023-01-23 02:06:56 +00:00
params = parse_qs(urlparse(url).query, keep_blank_values=True)
2023-01-28 10:42:45 +00:00
id = params.get('v')
if not id: return (None, None)
2023-01-28 10:42:45 +00:00
id = id[0]
2023-01-23 02:06:56 +00:00
t = None
split = id.split('?t=')
if len(split) == 2:
id = split[0]
t = split[1]
id = id.split('?')[0]
2023-08-01 07:38:58 +00:00
return (id, t)
def handle_youtube_links(url):
url = url.replace('&amp;','&')
params = parse_qs(urlparse(url).query, keep_blank_values=True)
html = None
id, t = get_youtube_id_and_t(url)
if not id: return None
2023-01-23 02:06:56 +00:00
if yt_id_regex.fullmatch(id):
if not t:
t = params.get('t', params.get('start', [0]))[0]
2023-01-25 11:16:59 +00:00
if isinstance(t, str):
2023-03-12 19:07:23 +00:00
t = t.replace('s','').replace('S','')
2023-01-25 11:16:59 +00:00
split = t.split('m')
if len(split) == 2:
2023-01-25 11:16:59 +00:00
minutes = int(split[0])
if split[1]: seconds = int(split[1])
else: seconds = 0
2023-01-25 11:16:59 +00:00
t = minutes*60 + seconds
2023-01-23 02:06:56 +00:00
html = f'<lite-youtube videoid="{id}" params="autoplay=1&modestbranding=1'
if t:
html += f'&start={int(t)}'
html += '"></lite-youtube>'
return html
@with_sigalrm_timeout(10)
2023-10-15 13:15:39 +00:00
def sanitize(sanitized, golden=True, limit_pings=0, showmore=False, count_emojis=False, snappy=False, chat=False, blackjack=None, commenters_ping_post_id=None, obj=None, author=None):
def error(error):
if chat:
return error, 403
else:
abort(403, error)
sanitized = html_comment_regex.sub('', sanitized)
sanitized = remove_cuniform(sanitized)
2023-03-26 12:57:03 +00:00
if not sanitized: return ''
v = getattr(g, 'v', None)
if blackjack and execute_blackjack(v, None, sanitized, blackjack):
return '<p>g</p>'
2023-02-07 03:31:49 +00:00
if obj and not obj.is_effortpost:
if author.owoify:
2023-10-13 18:56:48 +00:00
sanitized = owoify(sanitized, author.chud_phrase)
if author.marsify:
2023-10-13 18:49:21 +00:00
sanitized = marsify(sanitized, author.chud_phrase)
2023-10-11 20:53:12 +00:00
if obj and obj.sharpened:
sanitized = sharpen(sanitized, author.chud_phrase)
2023-10-11 20:53:12 +00:00
2022-05-27 18:28:54 +00:00
if '```' not in sanitized and '<pre>' not in sanitized:
2022-05-08 09:06:01 +00:00
sanitized = linefeeds_regex.sub(r'\1\n\n\2', sanitized)
2022-05-04 23:09:46 +00:00
2022-06-19 15:22:06 +00:00
sanitized = greentext_regex.sub(r'\1<g>\>\2</g>', sanitized)
sanitized = image_sub_regex.sub(r'![](\1)', sanitized)
2022-05-04 23:09:46 +00:00
sanitized = image_check_regex.sub(r'\1', sanitized)
sanitized = link_fix_regex.sub(r'\1https://\2', sanitized)
2022-05-07 05:28:51 +00:00
2022-07-20 00:07:38 +00:00
if FEATURES['MARKUP_COMMANDS']:
sanitized = command_regex.sub(command_regex_matcher, sanitized)
2022-07-11 12:14:18 +00:00
2023-02-01 15:59:10 +00:00
sanitized = numbered_list_regex.sub(r'\1\. ', sanitized)
2022-06-28 05:52:29 +00:00
sanitized = strikethrough_regex.sub(r'\1<del>\2</del>', sanitized)
sanitized = sanitized.replace('_', '')
2023-03-12 09:30:22 +00:00
sanitized = markdown(sanitized)
sanitized = sanitized.replace('', '_').replace('%E2%96%94', '_')
2023-03-12 09:30:22 +00:00
if obj and obj.queened:
sanitized = queenify_html(sanitized)
2023-07-21 14:44:33 +00:00
sanitized = sanitized.replace('<a href="/%21', '<a href="/!')
2023-09-08 17:56:23 +00:00
sanitized = reddit_mention_regex.sub(r'<a href="https://old.reddit.com/\1" rel="nofollow noopener" target="_blank">/\1</a>', sanitized)
2023-09-21 19:37:29 +00:00
sanitized = hole_mention_regex.sub(r'<a href="/\1">/\1</a>', sanitized)
2023-03-12 14:54:03 +00:00
names = set(m.group(1) for m in mention_regex.finditer(sanitized))
2023-08-31 10:46:07 +00:00
if limit_pings and len(names) > limit_pings and v.admin_level < PERMS['POST_COMMENT_INFINITE_PINGS']:
error("Max ping limit is 5 for comments and 50 for posts!")
users_list = get_users(names, graceful=True)
users_dict = {}
for u in users_list:
users_dict[u.username.lower()] = u
if u.original_username:
users_dict[u.original_username.lower()] = u
2023-11-25 21:57:15 +00:00
if u.extra_username:
users_dict[u.extra_username.lower()] = u
2023-05-13 04:53:14 +00:00
if u.prelock_username:
users_dict[u.prelock_username.lower()] = u
def replacer(m):
2023-03-12 14:54:03 +00:00
u = users_dict.get(m.group(1).lower())
if not u or (v and u.id in v.all_twoway_blocks) or (v and u.has_muted(v)):
return m.group(0)
2023-07-22 18:12:04 +00:00
return f'<a href="/id/{u.id}"><img loading="lazy" src="/pp/{u.id}">@{u.username}</a>'
sanitized = mention_regex.sub(replacer, sanitized)
2022-05-04 23:09:46 +00:00
2023-02-25 22:06:49 +00:00
if FEATURES['PING_GROUPS']:
2023-04-25 06:59:20 +00:00
def group_replacer(m):
2023-10-15 15:34:51 +00:00
name = m.group(1)
2023-04-25 06:59:20 +00:00
if name.lower() == 'everyone':
2023-04-25 06:59:20 +00:00
return f'<a href="/users">!{name}</a>'
elif name.lower() == 'jannies':
2023-07-21 14:27:45 +00:00
return f'<a href="/admins">!{name}</a>'
elif name.lower() == 'holejannies' and get_obj_hole(obj):
return f'<a href="/h/{obj.hole}/mods">!{name}</a>'
elif name.lower() == 'commenters' and commenters_ping_post_id:
return f'<a href="/!commenters/{commenters_ping_post_id}/{int(time.time())}">!{name}</a>'
elif name.lower() == 'followers':
return f'<a href="/id/{v.id}/followers">!{name}</a>'
2023-10-15 15:34:51 +00:00
elif g.db.get(Group, name.lower()):
return f'<a href="/!{name.lower()}">!{name}</a>'
2023-03-01 05:32:19 +00:00
else:
2023-04-25 06:59:20 +00:00
return m.group(0)
sanitized = group_mention_regex.sub(group_replacer, sanitized)
2023-02-25 22:06:49 +00:00
2022-05-04 23:09:46 +00:00
soup = BeautifulSoup(sanitized, 'lxml')
for tag in soup.find_all("img"):
if tag.get("src") and not tag["src"].startswith('/pp/') and not (snappy and tag["src"].startswith(f'{SITE_FULL_IMAGES}/e/')):
if not is_safe_url(tag["src"]):
a = soup.new_tag("a", href=tag["src"], rel="nofollow noopener", target="_blank")
a.string = tag["src"]
tag.replace_with(a)
continue
2023-09-07 15:26:31 +00:00
del tag["g"]
del tag["glow"]
del tag["party"]
2022-05-04 23:09:46 +00:00
tag["loading"] = "lazy"
tag["data-src"] = tag["src"]
2023-03-19 16:28:19 +00:00
tag["src"] = f"{SITE_FULL_IMAGES}/i/l.webp"
2023-03-12 13:02:31 +00:00
tag['alt'] = tag["data-src"]
2023-03-12 13:13:28 +00:00
tag['class'] = "img"
2022-07-02 00:25:58 +00:00
if tag.parent.name != 'a':
a = soup.new_tag("a", href=tag["data-src"])
if not is_site_url(a["href"]):
2022-10-29 21:46:30 +00:00
a["rel"] = "nofollow noopener"
a["target"] = "_blank"
2022-07-02 00:25:58 +00:00
tag = tag.replace_with(a)
a.append(tag)
2022-06-27 01:00:45 +00:00
tag["data-src"] = tag["data-src"]
tag["data-user-submitted"] = ""
2023-01-01 11:30:33 +00:00
2023-06-07 05:29:43 +00:00
sanitized = str(soup).replace('<html><body>','').replace('</body></html>','').replace('/>','>')
2022-05-04 23:09:46 +00:00
sanitized = spoiler_regex.sub(r'<spoiler>\1</spoiler>', sanitized)
emojis_used = set()
2022-05-04 23:09:46 +00:00
if not (author and author.hieroglyphs):
emojis = list(emoji_regex.finditer(sanitized))
if len(emojis) > 20: golden = False
2022-05-04 23:09:46 +00:00
captured = []
for i in emojis:
if i.group(0) in captured: continue
captured.append(i.group(0))
old = i.group(0)
if 'marseylong1' in old or 'marseylong2' in old or 'marseylongcockandballs' in old or 'marseyllama1' in old or 'marseyllama2' in old:
new = old.lower().replace(">", " class='mb-0'>")
else: new = old.lower()
2022-05-04 23:09:46 +00:00
new = render_emoji(new, emoji_regex2, golden, emojis_used, True)
2022-05-04 23:09:46 +00:00
sanitized = sanitized.replace(old, new)
2022-05-04 23:09:46 +00:00
emojis = list(emoji_regex2.finditer(sanitized))
2022-09-16 16:30:34 +00:00
if len(emojis) > 20: golden = False
2022-05-04 23:09:46 +00:00
sanitized = render_emoji(sanitized, emoji_regex2, golden, emojis_used)
2022-05-04 23:09:46 +00:00
sanitized = sanitized.replace('&amp;','&')
2022-05-04 23:09:46 +00:00
sanitized = video_sub_regex.sub(r'<p class="resizable"><video controls preload="none" src="\1"></video></p>', sanitized)
sanitized = audio_sub_regex.sub(r'<audio controls preload="none" src="\1"></audio>', sanitized)
2022-05-04 23:09:46 +00:00
if count_emojis:
2023-08-05 19:26:42 +00:00
for emoji in g.db.query(Emoji).filter(Emoji.submitter_id==None, Emoji.name.in_(emojis_used)):
emoji.count += 1
g.db.add(emoji)
2022-05-04 23:09:46 +00:00
2023-11-16 15:47:52 +00:00
if FEATURES['NSFW_MARKING'] and obj:
2023-09-29 07:15:29 +00:00
for emoji in emojis_used:
2023-12-25 01:18:48 +00:00
if emoji in NSFW_EMOJIS:
2023-10-05 10:19:50 +00:00
obj.nsfw = True
2023-09-29 07:15:29 +00:00
break
2022-05-15 08:45:57 +00:00
sanitized = sanitized.replace('<p></p>', '')
2022-05-04 23:09:46 +00:00
allowed_css_properties = allowed_styles.copy()
if v and v.chud:
2023-09-07 15:26:31 +00:00
allowed_css_properties.remove('filter')
css_sanitizer = CSSSanitizer(allowed_css_properties=allowed_css_properties)
2022-05-04 23:09:46 +00:00
sanitized = bleach.Cleaner(tags=allowed_tags,
attributes=allowed_attributes,
protocols=['http', 'https'],
2022-05-25 00:27:41 +00:00
css_sanitizer=css_sanitizer,
filters=[partial(LinkifyFilter, skip_tags=["pre"],
parse_email=False, url_re=sanitize_url_regex)]
2022-05-04 23:09:46 +00:00
).clean(sanitized)
#doing this here cuz of the linkifyfilter right above it (therefore unifying all link processing logic)
2022-05-04 23:09:46 +00:00
soup = BeautifulSoup(sanitized, 'lxml')
2023-09-24 19:25:12 +00:00
has_transform = bool(soup.select('[style*=transform i]'))
2022-05-04 23:09:46 +00:00
links = soup.find_all("a")
if v and v.admin_level >= PERMS["IGNORE_DOMAIN_BAN"]:
2023-06-02 13:48:58 +00:00
banned_domains = []
else:
2023-08-11 13:15:34 +00:00
banned_domains = [x.domain for x in g.db.query(BannedDomain.domain)]
2022-05-04 23:09:46 +00:00
for link in links:
#remove empty links
if not link.contents or not str(link.contents[0]).strip():
link.extract()
continue
2022-05-04 23:09:46 +00:00
href = link.get("href")
if not href: continue
link["href"] = normalize_url(href)
if link.string == href:
link.string = link["href"]
href = link["href"]
2023-08-05 18:51:05 +00:00
def unlinkfy():
link.string = href
del link["href"]
#\ in href right after / makes most browsers ditch site hostname and allows for a host injection bypassing the check, see <a href="/\google.com">cool</a>
if "\\" in href:
unlinkfy()
continue
#don't allow something like this https://rdrama.net/post/78376/reminder-of-the-fact-that-our/2150032#context
2023-05-13 23:03:34 +00:00
domain = tldextract.extract(href).registered_domain
if domain and not allowed_domain_regex.fullmatch(domain):
unlinkfy()
continue
#check for banned domain
combined = (domain + urlparse(href).path).lower()
if any((combined.startswith(x) for x in banned_domains)):
unlinkfy()
continue
#don't allow something like this [@Aevann2](https://iplogger.org/1fRKk7)
if str(link.string).startswith('@') and not href.startswith('/'):
unlinkfy()
continue
#don't allow something like this [!jannies](https://iplogger.org/1fRKk7)
if str(link.string).startswith('!') and not href.startswith('/'):
unlinkfy()
continue
#don't allow something like this [https://rԁrama.net/leaderboard](https://iplogger.org/1fRKk7)
2023-10-15 13:15:39 +00:00
if not snappy:
string_domain = tldextract.extract(str(link.string)).registered_domain
if string_domain and string_domain != tldextract.extract(href).registered_domain:
link.string = href
#insert target="_blank" and ref="nofollower noopener" for external link
if not href.startswith('/') and not href.startswith(f'{SITE_FULL}/'):
link["target"] = "_blank"
link["rel"] = "nofollow noopener"
if has_transform:
del link["href"]
2023-06-07 05:29:43 +00:00
sanitized = str(soup).replace('<html><body>','').replace('</body></html>','').replace('/>','>')
2022-05-04 23:09:46 +00:00
captured = []
for i in youtube_regex.finditer(sanitized):
if i.group(0) in captured: continue
captured.append(i.group(0))
html = handle_youtube_links(i.group(1))
if html:
2023-08-29 11:05:10 +00:00
if not chat:
html = f'<p class="resizable yt">{html}</p>'
sanitized = sanitized.replace(i.group(0), html)
2023-02-07 03:31:49 +00:00
if '<pre>' not in sanitized and blackjack != "rules":
2022-06-30 23:01:10 +00:00
sanitized = sanitized.replace('\n','')
2022-06-29 00:55:44 +00:00
2023-03-11 07:36:41 +00:00
if showmore:
# Insert a show more button if the text is too long or has too many paragraphs
CHARLIMIT = 3000
pos = 0
for _ in range(20):
pos = sanitized.find('</p>', pos + 4)
if pos < 0:
break
if (pos < 0 and len(sanitized) > CHARLIMIT) or pos > CHARLIMIT:
pos = CHARLIMIT - 500
if pos >= 0:
2023-03-10 23:30:42 +00:00
sanitized = (sanitized[:pos] + showmore_regex.sub(r'\1<p><button class="showmore">SHOW MORE</button></p><d class="d-none">\2</d>', sanitized[pos:], count=1))
2022-05-04 23:09:46 +00:00
if "style" in sanitized and "filter" in sanitized:
if sanitized.count("blur(") + sanitized.count("drop-shadow(") > 5:
2023-10-07 19:16:40 +00:00
error("Max 5 usages of 'blur' and 'drop-shadow'!")
2022-07-02 10:12:52 +00:00
return sanitized.strip()
2022-05-04 23:09:46 +00:00
def allowed_attributes_emojis(tag, name, value):
if tag == 'img':
2023-07-22 18:28:54 +00:00
if name == 'src':
if '\\' in value: return False
if value.startswith('/') : return True
2023-07-22 18:29:27 +00:00
if value.startswith(f'{SITE_FULL_IMAGES}/') : return True
2022-05-04 23:09:46 +00:00
if name == 'loading' and value == 'lazy': return True
if name == 'data-bs-toggle' and value == 'tooltip': return True
2023-08-05 16:06:03 +00:00
if name in {'g','glow','party'} and not value: return True
if name in {'alt','title'}: return True
2022-05-17 19:58:41 +00:00
if tag == 'span':
if name == 'data-bs-toggle' and value == 'tooltip': return True
if name == 'title': return True
if name == 'alt': return True
if name == 'cide' and not value: return True
2022-05-04 23:09:46 +00:00
return False
@with_sigalrm_timeout(2)
def filter_emojis_only(title, golden=True, count_emojis=False, obj=None, author=None):
2022-05-04 23:09:46 +00:00
2023-05-20 11:09:40 +00:00
title = title.replace("\n", "").replace("\r", "").replace("\t", "").replace('<','&lt;').replace('>','&gt;')
title = remove_cuniform(title)
2022-05-04 23:09:46 +00:00
if obj and not obj.is_effortpost:
if author.owoify:
2023-10-13 18:56:48 +00:00
title = owoify(title, author.chud_phrase)
if author.marsify:
2023-10-13 18:49:21 +00:00
title = marsify(title, author.chud_phrase)
2023-10-11 20:53:12 +00:00
if obj and obj.sharpened:
title = sharpen(title, author.chud_phrase)
emojis_used = set()
title = render_emoji(title, emoji_regex2, golden, emojis_used, is_title=True)
if count_emojis:
2023-08-05 19:26:42 +00:00
for emoji in g.db.query(Emoji).filter(Emoji.submitter_id==None, Emoji.name.in_(emojis_used)):
emoji.count += 1
g.db.add(emoji)
2022-05-04 23:09:46 +00:00
2023-11-16 15:47:52 +00:00
if FEATURES['NSFW_MARKING'] and obj:
2023-09-29 07:15:29 +00:00
for emoji in emojis_used:
2023-12-25 01:18:48 +00:00
if emoji in NSFW_EMOJIS:
2023-10-05 10:19:50 +00:00
obj.nsfw = True
2023-09-29 07:15:29 +00:00
break
2022-06-28 05:41:21 +00:00
title = strikethrough_regex.sub(r'\1<del>\2</del>', title)
2022-05-04 23:09:46 +00:00
2023-03-19 17:53:33 +00:00
title = bleach.clean(title, tags=['img','del','span'], attributes=allowed_attributes_emojis, protocols=['http','https']).replace('\n','')
if len(title) > POST_TITLE_HTML_LENGTH_LIMIT:
abort(400, "Rendered title is too long!")
2023-09-07 15:26:31 +00:00
title = title.strip()
return title
2023-08-05 18:51:05 +00:00
def is_whitelisted(domain, k):
if domain not in {'youtube.com','reddit.com','twitter.com','msn.com','wsj.com','tiktok.com','forbes.com','dailymail.co.uk','facebook.com','spotify.com','nytimes.com','businessinsider.com','instagram.com','yahoo.com','thedailybeast.com','nypost.com','newsweek.com','bloomberg.com','quora.com','nbcnews.com','reuters.com','tmz.com','cnbc.com','marketwatch.com','thetimes.co.uk','sfchronicle.com','washingtonpost.com','cbsnews.com','foxnews.com','bbc.com','bbc.co.uk','ifunny.co','independent.co.uk'}:
2023-08-09 15:48:38 +00:00
return True
2023-08-05 18:51:05 +00:00
if 'sort' in k.lower() or 'query' in k.lower():
return True
if k in {
'q', #generic
'after','context','page','token','url', #reddit.com
'f', #twitter.com
'fbid','story_fbid','u', #facebook.com
'id', #facebook.com, #msn.com
'v','lb','list','time_continue', #youtube.com
}:
2023-08-05 20:39:35 +00:00
return True
if k == 't' and domain != 'twitter.com':
2023-08-05 18:51:05 +00:00
return True
return False
2022-06-10 20:02:15 +00:00
def normalize_url(url):
if 'wikipedia.org/wiki/' not in url:
url = unquote(url)
url = url.replace("reddit.com/user/", "reddit.com/u/")
2023-10-10 19:12:19 +00:00
url = reddit_domain_regex.sub(r'\1https://old.reddit.com/\5', url)
2022-06-10 20:02:15 +00:00
url = url.replace("https://music.youtube.com", "https://youtube.com") \
.replace("https://www.youtube.com", "https://youtube.com") \
.replace("https://m.youtube.com", "https://youtube.com") \
.replace("https://mobile.twitter.com", "https://twitter.com") \
2023-08-14 07:07:31 +00:00
.replace("https://x.com", "https://twitter.com") \
2023-08-14 07:09:27 +00:00
.replace("https://www.twitter.com", "https://twitter.com") \
2023-11-15 07:59:17 +00:00
.replace("https://fxtwitter.com", "https://twitter.com") \
2023-08-14 07:09:27 +00:00
.replace("https://nitter.net/", "https://twitter.com/") \
.replace("https://nitter.42l.fr/", "https://twitter.com/") \
2023-08-20 02:03:31 +00:00
.replace("https://nitter.net/", "https://twitter.com/") \
.replace("https://m.facebook.com", "https://facebook.com") \
2023-08-22 23:16:07 +00:00
.replace("https://en.m.wikipedia.org", "https://en.wikipedia.org") \
.replace("https://www.instagram.com", "https://instagram.com") \
.replace("https://www.tiktok.com", "https://tiktok.com") \
2022-09-29 05:36:10 +00:00
.replace("https://imgur.com/", "https://i.imgur.com/") \
.replace("/giphy.gif", "/giphy.webp") \
2023-08-22 23:37:39 +00:00
.replace('https://www.google.com/amp/s/', 'https://') \
.replace('https://amp.', 'https://') \
.replace('https://cnn.com/cnn/', 'https://edition.cnn.com/') \
2023-08-22 23:37:39 +00:00
.replace('/amp/', '/') \
.replace('https://letmegooglethat.com/?q=', 'https://google.com/search?q=') \
.replace('https://lmgtfy.app/?q=', 'https://google.com/search?q=') \
2023-10-05 13:23:15 +00:00
.replace(DONATE_LINK, f'{SITE_FULL}/donate') \
2023-08-22 23:37:39 +00:00
if url.endswith('.amp'):
url = url.split('.amp')[0]
2022-06-11 12:21:59 +00:00
url = giphy_regex.sub(r'\1.webp', url)
if not url.startswith('/') and not url.startswith('https://rdrama.net') and not url.startswith('https://watchpeopledie.tv'):
2023-08-31 13:18:52 +00:00
try: parsed_url = urlparse(url)
except:
print(url, flush=True)
abort(500)
netloc = parsed_url.netloc
path = parsed_url.path.rstrip('/')
2023-08-05 18:51:05 +00:00
qd = parse_qs(parsed_url.query, keep_blank_values=True)
filtered = {}
if netloc == 'youtu.be' or (netloc == 'youtube.com' and any(path.startswith(x) for x in {'/shorts/', '/live/', '/v/'})):
netloc = 'youtube.com'
filtered['v'] = path.split('/')[-1]
path = '/watch'
domain = tldextract.extract(netloc).registered_domain
filtered |= {k: val for k, val in qd.items() if not val[0] or is_whitelisted(domain, k)}
if netloc == 'old.reddit.com' and reddit_comment_link_regex.fullmatch(url):
2023-09-08 22:47:46 +00:00
filtered['context'] = 8
2023-08-05 18:51:05 +00:00
new_url = ParseResult(scheme="https",
netloc=netloc,
path=path,
2023-08-05 18:51:05 +00:00
params=parsed_url.params,
query=urlencode(filtered, doseq=True),
fragment=parsed_url.fragment)
url = urlunparse(new_url)
url = url.rstrip('/')
2023-08-05 18:51:05 +00:00
url = imgur_regex.sub(r'\1_d.webp?maxwidth=9999&fidelity=grand', url)
if 'wikipedia.org/wiki/' not in url:
url = unquote(url)
return url.rstrip('=')
def normalize_url_gevent(url):
2023-12-18 20:21:31 +00:00
req = requests.get(url, headers=HEADERS, timeout=2, proxies=proxies)
return normalize_url(req.url)
def validate_css(css):
if '@import' in css:
return False, "CSS @import statements are not allowed!"
2023-02-18 20:00:39 +00:00
if '/*' in css:
2023-03-11 21:55:40 +00:00
return False, "CSS comments are not allowed!"
2023-02-18 19:49:11 +00:00
2023-09-07 13:04:10 +00:00
for i in css_url_regex.finditer(css):
url = i.group(1)
if not is_safe_url(url):
domain = tldextract.extract(url).registered_domain
return False, f"The domain '{domain}' is not allowed here!"
return True, ""
2023-03-22 21:39:25 +00:00
2023-06-23 13:06:45 +00:00
def torture_chud(string, username):
if not string: return string
2023-06-23 13:06:45 +00:00
for k, l in CHUD_REPLACEMENTS.items():
string = string.replace(k, l)
string = torture_regex.sub(rf'\1@{username}\3', string)
string = torture_regex2.sub(rf'\1@{username} is\3', string)
string = torture_regex3.sub(rf"\1@{username}'s\3", string)
return string
def complies_with_chud(obj):
#check for cases where u should leave
if not obj.chudded: return True
2023-10-13 19:04:45 +00:00
if obj.author.hieroglyphs: return True
if isinstance(obj, Post):
if obj.id in ADMIGGER_THREADS: return True
2023-10-07 17:55:50 +00:00
if obj.hole == "chudrama": return True
elif obj.parent_post:
if obj.parent_post in ADMIGGER_THREADS: return True
2023-10-07 17:55:50 +00:00
if obj.post.hole == "chudrama": return True
#perserve old body_html to be used in checking for chud phrase
old_body_html = obj.body_html
#torture body_html
if obj.body_html and '<p>&amp;&amp;' not in obj.body_html and '<p>$$' not in obj.body_html and '<p>##' not in obj.body_html:
2023-03-26 12:27:40 +00:00
soup = BeautifulSoup(obj.body_html, 'lxml')
tags = soup.html.body.find_all(lambda tag: tag.name not in {'blockquote','codeblock','pre'} and tag.string, recursive=False)
for tag in tags:
tag.string.replace_with(torture_chud(tag.string, obj.author.username))
2023-03-26 12:27:40 +00:00
obj.body_html = str(soup).replace('<html><body>','').replace('</body></html>','')
2023-03-23 15:41:57 +00:00
2023-06-23 11:07:47 +00:00
#torture title_html and check for chud_phrase in plain title and leave if it's there
2023-06-07 23:26:32 +00:00
if isinstance(obj, Post):
obj.title_html = torture_chud(obj.title_html, obj.author.username)
if not obj.author.chud or obj.author.chud_phrase in obj.title.lower():
return True
#check for chud_phrase in body_html
if old_body_html:
excluded_tags = {'del','sub','sup','marquee','spoiler','lite-youtube','video','audio'}
soup = BeautifulSoup(old_body_html, 'lxml')
tags = soup.html.body.find_all(lambda tag: tag.name not in excluded_tags and not tag.attrs, recursive=False)
for tag in tags:
for text in tag.find_all(text=True, recursive=False):
if not obj.author.chud or obj.author.chud_phrase in text.lower():
return True
2023-03-22 21:39:25 +00:00
return False