master
Aevann1 2022-02-26 21:56:58 +02:00
parent 90c496c027
commit 4b9f3992f6
5 changed files with 12 additions and 11 deletions

View File

@ -669,4 +669,6 @@ marseys_const = [x[0] for x in db.query(Marsey.name).all()] + ['a','b','c','d','
db.close()
if SITE == 'PCM': valid_username_regex = re.compile("^[a-zA-Z0-9_\-А-я]{3,25}$")
else: valid_username_regex = re.compile("^[a-zA-Z0-9_\-]{3,25}$")
else: valid_username_regex = re.compile("^[a-zA-Z0-9_\-]{3,25}$")
valid_password_regex = re.compile("^.{8,100}$", flags=re.A)

View File

@ -11,6 +11,9 @@ from random import random, choice
import signal
import time
if SITE == 'PCM': mention_regex = re.compile('(^|\s|\n|<p>)@(([a-zA-Z0-9_\-А-я]){3,25})', flags=re.A)
else: mention_regex = re.compile('(^|\s|\n|<p>)@(([a-zA-Z0-9_\-]){1,25})', flags=re.A)
allowed_tags = tags = ['b',
'blockquote',
'br',
@ -125,7 +128,7 @@ def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False):
sanitized = re.sub('(^|\s|\n|<p>)\/?(s\/(\w|-){3,25})', r'\1<a href="/\2" rel="nofollow noopener noreferrer">/\2</a>', sanitized, flags=re.A)
for i in re.finditer(valid_username_regex, sanitized):
for i in mention_regex.finditer(sanitized):
u = get_user(i.group(2), graceful=True)
if u and (not g.v.any_block_exists(u) or g.v.admin_level > 1):

View File

@ -4,8 +4,6 @@ from files.__main__ import app, limiter
from files.helpers.const import *
import requests
valid_password_regex = re.compile("^.{8,100}$", flags=re.A)
@app.get("/login")
@auth_desired
def login_get(v):
@ -270,10 +268,10 @@ def sign_up_post(v):
"password") == request.values.get("password_confirm"):
return new_signup("Passwords did not match. Please try again.")
if not re.fullmatch(valid_username_regex, username, flags=re.A):
if not valid_username_regex.fullmatch(username, flags=re.A):
return new_signup("Invalid username")
if not re.fullmatch(valid_password_regex, request.values.get("password"), flags=re.A):
if not valid_password_regex.fullmatch(request.values.get("password"), flags=re.A):
return new_signup("Password must be between 8 and 100 characters.")
email = request.values.get("email").strip().lower()

View File

@ -14,8 +14,6 @@ from files.helpers.discord import add_role
from shutil import copyfile
import requests
valid_password_regex = re.compile("^.{8,100}$", flags=re.A)
YOUTUBE_KEY = environ.get("YOUTUBE_KEY", "").strip()
GUMROAD_TOKEN = environ.get("GUMROAD_TOKEN", "").strip()
IMGUR_KEY = environ.get("IMGUR_KEY").strip()
@ -534,7 +532,7 @@ def settings_security_post(v):
if request.values.get("new_password") != request.values.get("cnf_password"):
return render_template("settings_security.html", v=v, error="Passwords do not match.")
if not re.fullmatch(valid_password_regex, request.values.get("new_password"), flags=re.A):
if not valid_password_regex.fullmatch(request.values.get("new_password"), flags=re.A):
return render_template("settings_security.html", v=v, error="Password must be between 8 and 100 characters.")
if not v.verifyPass(request.values.get("old_password")):
@ -861,7 +859,7 @@ def settings_name_change(v):
v=v,
error="You didn't change anything")
if not re.fullmatch(valid_username_regex, new_name, flags=re.A):
if not valid_username_regex.fullmatch(new_name, flags=re.A):
return render_template("settings_profile.html",
v=v,
error="This isn't a valid username.")

View File

@ -273,7 +273,7 @@ def create_sub2(v):
if not name: abort(400)
name = name.strip().lower()
if not re.fullmatch(valid_sub_regex, name, flags=re.A):
if not valid_sub_regex.fullmatch(name, flags=re.A):
return render_template("sub/create_sub.html", v=v, error="Sub name not allowed."), 400
sub = g.db.query(Sub).filter_by(name=name).one_or_none()