diff --git a/files/helpers/const.py b/files/helpers/const.py index 9d80bec87..008e57139 100644 --- a/files/helpers/const.py +++ b/files/helpers/const.py @@ -669,4 +669,6 @@ marseys_const = [x[0] for x in db.query(Marsey.name).all()] + ['a','b','c','d',' db.close() if SITE == 'PCM': valid_username_regex = re.compile("^[a-zA-Z0-9_\-А-я]{3,25}$") -else: valid_username_regex = re.compile("^[a-zA-Z0-9_\-]{3,25}$") \ No newline at end of file +else: valid_username_regex = re.compile("^[a-zA-Z0-9_\-]{3,25}$") + +valid_password_regex = re.compile("^.{8,100}$", flags=re.A) \ No newline at end of file diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 504b8939a..11b4c7f98 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -11,6 +11,9 @@ from random import random, choice import signal import time +if SITE == 'PCM': mention_regex = re.compile('(^|\s|\n|

)@(([a-zA-Z0-9_\-А-я]){3,25})', flags=re.A) +else: mention_regex = re.compile('(^|\s|\n|

)@(([a-zA-Z0-9_\-]){1,25})', flags=re.A) + allowed_tags = tags = ['b', 'blockquote', 'br', @@ -125,7 +128,7 @@ def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False): sanitized = re.sub('(^|\s|\n|

)\/?(s\/(\w|-){3,25})', r'\1/\2', sanitized, flags=re.A) - for i in re.finditer(valid_username_regex, sanitized): + for i in mention_regex.finditer(sanitized): u = get_user(i.group(2), graceful=True) if u and (not g.v.any_block_exists(u) or g.v.admin_level > 1): diff --git a/files/routes/login.py b/files/routes/login.py index 066db2526..e8a63a14e 100644 --- a/files/routes/login.py +++ b/files/routes/login.py @@ -4,8 +4,6 @@ from files.__main__ import app, limiter from files.helpers.const import * import requests -valid_password_regex = re.compile("^.{8,100}$", flags=re.A) - @app.get("/login") @auth_desired def login_get(v): @@ -270,10 +268,10 @@ def sign_up_post(v): "password") == request.values.get("password_confirm"): return new_signup("Passwords did not match. Please try again.") - if not re.fullmatch(valid_username_regex, username, flags=re.A): + if not valid_username_regex.fullmatch(username, flags=re.A): return new_signup("Invalid username") - if not re.fullmatch(valid_password_regex, request.values.get("password"), flags=re.A): + if not valid_password_regex.fullmatch(request.values.get("password"), flags=re.A): return new_signup("Password must be between 8 and 100 characters.") email = request.values.get("email").strip().lower() diff --git a/files/routes/settings.py b/files/routes/settings.py index cac67e5e6..0da71bbe3 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -14,8 +14,6 @@ from files.helpers.discord import add_role from shutil import copyfile import requests -valid_password_regex = re.compile("^.{8,100}$", flags=re.A) - YOUTUBE_KEY = environ.get("YOUTUBE_KEY", "").strip() GUMROAD_TOKEN = environ.get("GUMROAD_TOKEN", "").strip() IMGUR_KEY = environ.get("IMGUR_KEY").strip() @@ -534,7 +532,7 @@ def settings_security_post(v): if request.values.get("new_password") != request.values.get("cnf_password"): return render_template("settings_security.html", v=v, error="Passwords do not match.") - if not re.fullmatch(valid_password_regex, request.values.get("new_password"), flags=re.A): + if not valid_password_regex.fullmatch(request.values.get("new_password"), flags=re.A): return render_template("settings_security.html", v=v, error="Password must be between 8 and 100 characters.") if not v.verifyPass(request.values.get("old_password")): @@ -861,7 +859,7 @@ def settings_name_change(v): v=v, error="You didn't change anything") - if not re.fullmatch(valid_username_regex, new_name, flags=re.A): + if not valid_username_regex.fullmatch(new_name, flags=re.A): return render_template("settings_profile.html", v=v, error="This isn't a valid username.") diff --git a/files/routes/subs.py b/files/routes/subs.py index a2ab8a9ca..7b1fbd12a 100644 --- a/files/routes/subs.py +++ b/files/routes/subs.py @@ -273,7 +273,7 @@ def create_sub2(v): if not name: abort(400) name = name.strip().lower() - if not re.fullmatch(valid_sub_regex, name, flags=re.A): + if not valid_sub_regex.fullmatch(name, flags=re.A): return render_template("sub/create_sub.html", v=v, error="Sub name not allowed."), 400 sub = g.db.query(Sub).filter_by(name=name).one_or_none()