master
Aevann1 2022-01-27 22:15:05 +02:00
parent f805f0dadf
commit 485ae92e83
4 changed files with 5 additions and 6 deletions

View File

@ -85,10 +85,6 @@ mail = Mail(app)
@app.before_request
def before_request():
if not session.get("session_id") and not request.path.startswith("/assets") and not request.path.startswith("/images") and not request.path.startswith("/hostedimages") and not request.path.startswith("/static") and not request.path.startswith("/song"):
session.permanent = True
session["session_id"] = secrets.token_hex(49)
if request.method.lower() != "get" and app.config["READ_ONLY"]:
return {"error":f"{app.config['SITE_NAME']} is currently in read-only mode."}, 500

View File

@ -226,7 +226,7 @@ def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False):
sanitized = re.sub(f'(?<!"):{emoji}:', f'<img loading="lazy" data-bs-toggle="tooltip" alt=":{emoji}:" title=":{emoji}:" delay="0" class="{classes}" src="/static/assets/images/emojis/{emoji}.webp">', sanitized, flags=re.I)
if comment: marseys_used.add(emoji)
sanitized = sanitized.replace("https://www.", "https://").replace("https://youtu.be/", "https://youtube.com/watch?v=").replace("https://music.youtube.com/watch?v=", "https://youtube.com/watch?v=").replace("https://open.spotify.com/", "https://open.spotify.com/embed/").replace("https://streamable.com/", "https://streamable.com/e/").replace("https://youtube.com/shorts/", "https://youtube.com/watch?v=").replace("https://mobile.twitter", "https://twitter").replace("https://m.facebook", "https://facebook").replace("m.wikipedia.org", "wikipedia.org").replace("https://m.youtube", "https://youtube")
sanitized = sanitized.replace("https://youtu.be/", "https://youtube.com/watch?v=").replace("https://music.youtube.com/watch?v=", "https://youtube.com/watch?v=").replace("https://open.spotify.com/", "https://open.spotify.com/embed/").replace("https://streamable.com/", "https://streamable.com/e/").replace("https://youtube.com/shorts/", "https://youtube.com/watch?v=").replace("https://mobile.twitter", "https://twitter").replace("https://m.facebook", "https://facebook").replace("m.wikipedia.org", "wikipedia.org").replace("https://m.youtube", "https://youtube")
if "https://youtube.com/watch?v=" in sanitized: sanitized = sanitized.replace("?t=", "&t=")

View File

@ -129,7 +129,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
return render_template(template, v=v, p=post, sort=sort, comment_info=comment_info, render_replies=True)
@app.post("/comment")
@limiter.limit("1/second;6/minute;200/hour;1000/day")
@limiter.limit("1/second;20/minute;200/hour;1000/day")
@auth_required
def api_comment(v):
if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403

View File

@ -134,6 +134,9 @@ def notifications(v):
@limiter.limit("3/second;30/minute;400/hour;2000/day")
@auth_desired
def front_all(v):
if not session.get("session_id"):
session.permanent = True
session["session_id"] = secrets.token_hex(49)
if not v and request.path == "/" and not request.headers.get("Authorization"):
return redirect(f"{SITE_FULL}/logged_out{request.full_path}")