replace with sanitize_settings_text with much better process_settings_plaintext

master
Aevann 2023-07-30 02:39:22 +03:00
parent dea70c715d
commit 0a3fbaeb88
2 changed files with 32 additions and 28 deletions

View File

@ -297,13 +297,6 @@ def remove_cuniform(sanitized:Optional[str]) -> str:
sanitized = sanitized.replace("", "'")
return sanitized.strip()
def sanitize_settings_text(sanitized:Optional[str], max_length:Optional[int]=None) -> str:
if not sanitized: return ""
sanitized = sanitized.replace('\u200e','').replace('\u200b','').replace("\ufeff", "").replace("\r", "").replace("\n","")
sanitized = sanitized.strip()
if max_length: sanitized = sanitized[:max_length]
return sanitized
def get_youtube_id_and_t(url):
params = parse_qs(urlparse(url).query, keep_blank_values=True)

View File

@ -899,6 +899,22 @@ def settings_song_change(v):
return redirect("/settings/personal?msg=Profile Anthem successfully updated. Wait 5 minutes for the change to take effect.")
def process_settings_plaintext(value, current, length):
value = request.values.get(value, "").strip()
if not value:
return redirect("/settings/personal?error=You didn't enter anything!"), 400
if len(value) > 100:
return redirect("/settings/personal?error=The value you entered exceeds the character limit (100 characters)"), 400
if value == current:
return redirect("/settings/personal?error=You didn't change anything!"), 400
return value
@app.post("/settings/title_change")
@limiter.limit('1/second', scope=rpath)
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
@ -908,21 +924,17 @@ def settings_song_change(v):
def settings_title_change(v):
if v.flairchanged: abort(403)
customtitleplain = sanitize_settings_text(request.values.get("title"), 100)
processed = process_settings_plaintext("title", v.customtitleplain, 100)
if isinstance(processed, tuple):
return processed
if len(customtitleplain) > 100:
return redirect("/settings/personal?error=Flair too long!")
if customtitleplain == v.customtitleplain:
return redirect("/settings/personal?error=You didn't change anything!")
customtitle = filter_emojis_only(customtitleplain)
customtitle = filter_emojis_only(processed)
customtitle = censor_slurs(customtitle, None)
if len(customtitle) > 1000:
return redirect("/settings/personal?error=Flair too long!")
v.customtitleplain = customtitleplain
v.customtitleplain = processed
v.customtitle = customtitle
g.db.add(v)
@ -937,14 +949,11 @@ def settings_title_change(v):
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
@auth_required
def settings_pronouns_change(v):
pronouns = sanitize_settings_text(request.values.get("pronouns"))
if len(pronouns) > 15:
return redirect("/settings/personal?error=Your pronouns exceed the character limit (15 characters)")
if pronouns == v.pronouns:
return redirect("/settings/personal?error=You didn't change anything!")
processed = process_settings_plaintext("pronouns", v.pronouns, 15)
if isinstance(processed, tuple):
return processed
pronouns = processed
if not pronouns_regex.fullmatch(pronouns):
return redirect("/settings/personal?error=The pronouns you entered don't match the required format!")
@ -966,9 +975,11 @@ def settings_pronouns_change(v):
@auth_required
def settings_checkmark_text(v):
if not v.verified: abort(403)
new_name = sanitize_settings_text(request.values.get("checkmark-text"), 100)
if not new_name: abort(400)
if new_name == v.verified: return redirect("/settings/personal?error=You didn't change anything!")
v.verified = new_name
processed = process_settings_plaintext("checkmark-text", v.verified, 100)
if isinstance(processed, tuple):
return processed
v.verified = processed
g.db.add(v)
return redirect("/settings/personal?msg=Checkmark Text successfully updated!")