diff --git a/files/__main__.py b/files/__main__.py index 7aa87735f..d9dbd4b2d 100644 --- a/files/__main__.py +++ b/files/__main__.py @@ -54,7 +54,6 @@ app.config["SPAM_SIMILAR_COUNT_THRESHOLD"] = int(environ.get("SPAM_SIMILAR_COUNT app.config["SPAM_URL_SIMILARITY_THRESHOLD"] = float(environ.get("SPAM_URL_SIMILARITY_THRESHOLD", 0.5)) app.config["COMMENT_SPAM_SIMILAR_THRESHOLD"] = float(environ.get("COMMENT_SPAM_SIMILAR_THRESHOLD", 0.5)) app.config["COMMENT_SPAM_COUNT_THRESHOLD"] = int(environ.get("COMMENT_SPAM_COUNT_THRESHOLD", 0.5)) -app.config["VIDEO_COIN_REQUIREMENT"] = int(environ.get("VIDEO_COIN_REQUIREMENT", 0)) app.config["READ_ONLY"]=bool(int(environ.get("READ_ONLY", "0"))) app.config["BOT_DISABLE"]=bool(int(environ.get("BOT_DISABLE", False))) app.config["RATELIMIT_KEY_PREFIX"] = "flask_limiting_" diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 529475fab..68a487ea0 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -216,8 +216,8 @@ def sanitize(sanitized, noimages=False): htmlsource += '">' sanitized = sanitized.replace(replacing, htmlsource) - for i in re.finditer('
(https:.*?\.(mp4|webm))
', sanitized): - sanitized = sanitized.replace(i.group(0), f'') + for i in re.finditer('>(https://.*?\.(mp4|webm|mov))
', sanitized): + sanitized = sanitized.replace(f'', f'') for rd in ["https://reddit.com/", "https://new.reddit.com/", "https://www.reddit.com/", "https://redd.it/"]: sanitized = sanitized.replace(rd, "https://old.reddit.com/") diff --git a/files/routes/comments.py b/files/routes/comments.py index fd17f1934..3819571eb 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -10,10 +10,12 @@ from pusher_push_notifications import PushNotifications from flask import * from files.__main__ import app, limiter from files.helpers.sanitize import filter_emojis_only +import requests site = environ.get("DOMAIN").strip() if site == 'pcmemes.net': cc = "SPLASH MOUNTAIN" else: cc = "COUNTRY CLUB" +CATBOX_KEY = environ.get("CATBOX_KEY").strip() beams_client = PushNotifications( instance_id=PUSHER_INSTANCE_ID, @@ -190,13 +192,17 @@ def api_comment(v): if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1": file=request.files["file"] - if not file.content_type.startswith('image/'): return {"error": "That wasn't an image!"}, 400 + if file.content_type.startswith('image/'): + name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' + file.save(name) + url = process_image(name) + elif file.content_type.startswith('video/'): + file.save("video.mp4") + with open("video.mp4", 'rb') as f: + url = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {CATBOX_KEY}'}, files=[('video', f)]).json()['data']['link'] + else: return {"error": f"Image/Video files only"}, 400 - name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' - file.save(name) - url = process_image(name) - - body += f"\n\n![]({url})" + body += f"\n\n{url}" if v.agendaposter and not v.marseyawarded: for k, l in AJ_REPLACEMENTS.items(): body = body.replace(k, l) @@ -720,13 +726,17 @@ def edit_comment(cid, v): if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1": file=request.files["file"] - if not file.content_type.startswith('image/'): return {"error": "That wasn't an image!"}, 400 + if file.content_type.startswith('image/'): + name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' + file.save(name) + url = process_image(name) + elif file.content_type.startswith('video/'): + file.save("video.mp4") + with open("video.mp4", 'rb') as f: + url = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {CATBOX_KEY}'}, files=[('video', f)]).json()['data']['link'] + else: return {"error": f"Image/Video files only"}, 400 - name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' - file.save(name) - url = process_image(name) - - body += f"\n\n![]({url})" + body += f"\n\n{url}" body_md = CustomRenderer().render(mistletoe.Document(body)) body_html = sanitize(body_md) diff --git a/files/routes/posts.py b/files/routes/posts.py index 5e9a49afa..7b89b10d0 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -18,6 +18,7 @@ from PIL import Image as PILimage from .front import frontlist, changeloglist from urllib.parse import ParseResult, urlunparse, urlparse, quote from os import path +import requests site = environ.get("DOMAIN").strip() site_name = environ.get("SITE_NAME").strip() @@ -420,13 +421,17 @@ def edit_post(pid, v): if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1": file=request.files["file"] - if not file.content_type.startswith('image/'): return {"error": "That wasn't an image!"}, 400 + if file.content_type.startswith('image/'): + name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' + file.save(name) + url = process_image(name) + elif file.content_type.startswith('video/'): + file.save("video.mp4") + with open("video.mp4", 'rb') as f: + url = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {CATBOX_KEY}'}, files=[('video', f)]).json()['data']['link'] + else: return {"error": f"Image/Video files only"}, 400 - name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' - file.save(name) - url = process_image(name) - - body += f"\n\n![]({url})" + body += f"\n\n{url}" if body != p.body: for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE): @@ -916,13 +921,19 @@ def submit_post(v): if request.files.get("file2") and request.headers.get("cf-ipcountry") != "T1": file=request.files["file2"] - if not file.content_type.startswith('image/'): return {"error": "That wasn't an image!"}, 400 + if file.content_type.startswith('image/'): + name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' + file.save(name) + url = process_image(name) + elif file.content_type.startswith('video/'): + file.save("video.mp4") + with open("video.mp4", 'rb') as f: + url = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {CATBOX_KEY}'}, files=[('video', f)]).json()['data']['link'] + else: + if request.headers.get("Authorization"): return {"error": f"Image/Video files only"}, 400 + else: return render_template("submit.html", v=v, error=f"Image/Video files only."), 400 - name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' - file.save(name) - url = process_image(name) - - body += f"\n\n![]({url})" + body += f"\n\n{url}" body_html = sanitize(CustomRenderer().render(mistletoe.Document(body))) @@ -1003,20 +1014,6 @@ def submit_post(v): if request.headers.get("Authorization"): return {"error": f"File type not allowed"}, 400 else: return render_template("submit.html", v=v, error=f"File type not allowed.", title=title, body=request.values.get("body", "")), 400 - if file.content_type.startswith('video/') and v.truecoins < app.config["VIDEO_COIN_REQUIREMENT"] and v.admin_level < 1: - if request.headers.get("Authorization"): - return { - "error": f"You need at least {app.config['VIDEO_COIN_REQUIREMENT']} coins to upload videos" - }, 403 - else: - return render_template( - "submit.html", - v=v, - error=f"You need at least {app.config['VIDEO_COIN_REQUIREMENT']} coins to upload videos.", - title=title, - body=request.values.get("body", "") - ), 403 - if file.content_type.startswith('image/'): name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' file.save(name) @@ -1025,7 +1022,7 @@ def submit_post(v): elif file.content_type.startswith('video/'): file.save("video.mp4") with open("video.mp4", 'rb') as f: - new_post.url = requests.post('https://catbox.moe/user/api.php', timeout=5, data={'userhash':CATBOX_KEY, 'reqtype':'fileupload'}, files={'fileToUpload':f}).text + url = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {CATBOX_KEY}'}, files=[('video', f)]).json()['data']['link'] g.db.add(new_post) diff --git a/files/routes/settings.py b/files/routes/settings.py index e8a4caac7..a3270acb2 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -22,6 +22,7 @@ YOUTUBE_KEY = environ.get("YOUTUBE_KEY", "").strip() COINS_NAME = environ.get("COINS_NAME").strip() GUMROAD_TOKEN = environ.get("GUMROAD_TOKEN", "").strip() SITE_NAME = environ.get("SITE_NAME", "").strip() +CATBOX_KEY = environ.get("CATBOX_KEY").strip() tiers={ "(Paypig)": 1, @@ -116,50 +117,6 @@ def settings_profile_post(v): updated = True v.is_nofollow = request.values.get("nofollow", None) == 'true' - elif request.values.get("bio") or request.files.get('file') and request.headers.get("cf-ipcountry") != "T1": - bio = request.values.get("bio")[:1500] - - for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', bio, re.MULTILINE): - if "wikipedia" not in i.group(1): bio = bio.replace(i.group(1), f'![]({i.group(1)})') - - if request.files.get('file'): - file = request.files['file'] - if not file.content_type.startswith('image/'): - if request.headers.get("Authorization"): return {"error": f"Image files only"}, 400 - else: return render_template("settings_profile.html", v=v, error=f"Image files only."), 400 - - name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' - file.save(name) - url = process_image(name) - - bio += f"\n\n![]({url})" - - bio_html = CustomRenderer().render(mistletoe.Document(bio)) - bio_html = sanitize(bio_html) - bans = filter_comment_html(bio_html) - - if bans: - ban = bans[0] - reason = f"Remove the {ban.domain} link from your bio and try again." - if ban.reason: - reason += f" {ban.reason}" - - return {"error": reason}, 401 - - if len(bio_html) > 10000: - return render_template("settings_profile.html", - v=v, - error="Your bio is too long") - - v.bio = bio[:1500] - v.bio_html=bio_html - g.db.add(v) - g.db.commit() - return render_template("settings_profile.html", - v=v, - msg="Your bio has been updated.") - - elif request.values.get("bio") == "": v.bio = None v.bio_html = None @@ -314,15 +271,19 @@ def settings_profile_post(v): if request.files.get('file'): file = request.files['file'] - if not file.content_type.startswith('image/'): - if request.headers.get("Authorization"): return {"error": f"Image files only"}, 400 - else: return render_template("settings_profile.html", v=v, error=f"Image files only."), 400 + if file.content_type.startswith('image/'): + name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' + file.save(name) + url = process_image(name) + elif file.content_type.startswith('video/'): + file.save("video.mp4") + with open("video.mp4", 'rb') as f: + url = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {CATBOX_KEY}'}, files=[('video', f)]).json()['data']['link'] + else: + if request.headers.get("Authorization"): return {"error": f"Image/Video files only"}, 400 + else: return render_template("settings_profile.html", v=v, error=f"Image/Video files only."), 400 - name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' - file.save(name) - url = process_image(name) - - bio += f"\n\n![]({url})" + bio += f"\n\n{url}" bio_html = CustomRenderer().render(mistletoe.Document(bio)) bio_html = sanitize(bio_html) diff --git a/files/templates/CHRISTMAS/comments/CommentEditForm.html b/files/templates/CHRISTMAS/comments/CommentEditForm.html index bfbfcecf5..0e558f412 100644 --- a/files/templates/CHRISTMAS/comments/CommentEditForm.html +++ b/files/templates/CHRISTMAS/comments/CommentEditForm.html @@ -34,7 +34,7 @@