carpathianflorist
/
MarseyWorld
forked from MarseyWorld/MarseyWorld
1
0
Fork 0
Code Pull Requests Activity

give user an error when they give invalid page input

master
Aevann1 2022-11-07 23:34:40 +02:00
parent 4b1b11c038
commit 50bcc81f14
3 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
files/routes/admin.py
View File

@ -379,7 +379,8 @@ def image_posts_listing(v):
@admin_level_required(PERMS['POST_COMMENT_MODERATION']) @admin_level_required(PERMS['POST_COMMENT_MODERATION'])
def reported_posts(v): def reported_posts(v):
page = max(1, int(request.values.get("page", 1))) try: page = max(1, int(request.values.get("page", 1)))
except: abort(400, "Invalid page input!")
listing = g.db.query(Submission).filter_by( listing = g.db.query(Submission).filter_by(
is_approved=None, is_approved=None,
@ -401,7 +402,8 @@ def reported_posts(v):
@admin_level_required(PERMS['POST_COMMENT_MODERATION']) @admin_level_required(PERMS['POST_COMMENT_MODERATION'])
def reported_comments(v): def reported_comments(v):
page = max(1, int(request.values.get("page", 1))) try: page = max(1, int(request.values.get("page", 1)))
except: abort(400, "Invalid page input!")
listing = g.db.query(Comment listing = g.db.query(Comment
).filter_by( ).filter_by(

9
files/routes/search.py
View File

@ -48,7 +48,8 @@ def searchposts(v):
query = request.values.get("q", '').strip() query = request.values.get("q", '').strip()
page = max(1, int(request.values.get("page", 1))) try: page = max(1, int(request.values.get("page", 1)))
except: abort(400, "Invalid page input!")
sort = request.values.get("sort", "new").lower() sort = request.values.get("sort", "new").lower()
t = request.values.get('t', 'all').lower() t = request.values.get('t', 'all').lower()
@ -183,7 +184,7 @@ def searchcomments(v):
query = request.values.get("q", '').strip() query = request.values.get("q", '').strip()
try: page = max(1, int(request.values.get("page", 1))) try: page = max(1, int(request.values.get("page", 1)))
except: page = 1 except: abort(400, "Invalid page input!")
sort = request.values.get("sort", "new").lower() sort = request.values.get("sort", "new").lower()
t = request.values.get('t', 'all').lower() t = request.values.get('t', 'all').lower()
@ -276,7 +277,9 @@ def searchusers(v):
query = request.values.get("q", '').strip() query = request.values.get("q", '').strip()
page = max(1, int(request.values.get("page", 1))) try: page = max(1, int(request.values.get("page", 1)))
except: abort(400, "Invalid page input!")
sort = request.values.get("sort", "new").lower() sort = request.values.get("sort", "new").lower()
t = request.values.get('t', 'all').lower() t = request.values.get('t', 'all').lower()
term=query.lstrip('@') term=query.lstrip('@')

21
files/routes/users.py
View File

@ -34,7 +34,8 @@ def upvoters_downvoters(v, username, uid, cls, vote_cls, vote_dir, template, sta
except: except:
abort(404) abort(404)
page = max(1, int(request.values.get("page", 1))) try: page = max(1, int(request.values.get("page", 1)))
except: abort(400, "Invalid page input!")
listing = g.db.query(cls).join(vote_cls).filter(cls.ghost == False, cls.is_banned == False, cls.deleted_utc == 0, vote_cls.vote_type==vote_dir, cls.author_id==id, vote_cls.user_id==uid).order_by(cls.created_utc.desc()).offset(PAGE_SIZE * (page - 1)).limit(PAGE_SIZE + 1).all() listing = g.db.query(cls).join(vote_cls).filter(cls.ghost == False, cls.is_banned == False, cls.deleted_utc == 0, vote_cls.vote_type==vote_dir, cls.author_id==id, vote_cls.user_id==uid).order_by(cls.created_utc.desc()).offset(PAGE_SIZE * (page - 1)).limit(PAGE_SIZE + 1).all()
@ -84,7 +85,8 @@ def upvoting_downvoting(v, username, uid, cls, vote_cls, vote_dir, template, sta
except: except:
abort(404) abort(404)
page = max(1, int(request.values.get("page", 1))) try: page = max(1, int(request.values.get("page", 1)))
except: abort(400, "Invalid page input!")
listing = g.db.query(cls).join(vote_cls).filter(cls.ghost == False, cls.is_banned == False, cls.deleted_utc == 0, vote_cls.vote_type==vote_dir, vote_cls.user_id==id, cls.author_id==uid).order_by(cls.created_utc.desc()).offset(PAGE_SIZE * (page - 1)).limit(PAGE_SIZE + 1).all() listing = g.db.query(cls).join(vote_cls).filter(cls.ghost == False, cls.is_banned == False, cls.deleted_utc == 0, vote_cls.vote_type==vote_dir, vote_cls.user_id==id, cls.author_id==uid).order_by(cls.created_utc.desc()).offset(PAGE_SIZE * (page - 1)).limit(PAGE_SIZE + 1).all()
@ -129,7 +131,8 @@ def user_voted(v, username, cls, vote_cls, vote_dir, template, standalone):
if not u.is_visible_to(v): abort(403) if not u.is_visible_to(v): abort(403)
if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403) if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
page = max(1, int(request.values.get("page", 1))) try: page = max(1, int(request.values.get("page", 1)))
except: abort(400, "Invalid page input!")
listing = g.db.query(cls).join(vote_cls).filter( listing = g.db.query(cls).join(vote_cls).filter(
cls.ghost == False, cls.ghost == False,
@ -960,19 +963,25 @@ def get_saves_and_subscribes(v, template, relationship_cls, page:int, standalone
@app.get("/@<username>/saved/posts") @app.get("/@<username>/saved/posts")
@auth_required @auth_required
def saved_posts(v, username): def saved_posts(v, username):
page = max(1, int(request.values.get("page", 1))) try: page = max(1, int(request.values.get("page", 1)))
except: abort(400, "Invalid page input!")
return get_saves_and_subscribes(v, "userpage.html", SaveRelationship, page, False) return get_saves_and_subscribes(v, "userpage.html", SaveRelationship, page, False)
@app.get("/@<username>/saved/comments") @app.get("/@<username>/saved/comments")
@auth_required @auth_required
def saved_comments(v, username): def saved_comments(v, username):
page = max(1, int(request.values.get("page", 1))) try: page = max(1, int(request.values.get("page", 1)))
except: abort(400, "Invalid page input!")
return get_saves_and_subscribes(v, "userpage_comments.html", CommentSaveRelationship, page, True) return get_saves_and_subscribes(v, "userpage_comments.html", CommentSaveRelationship, page, True)
@app.get("/@<username>/subscribed/posts") @app.get("/@<username>/subscribed/posts")
@auth_required @auth_required
def subscribed_posts(v, username): def subscribed_posts(v, username):
page = max(1, int(request.values.get("page", 1))) try: page = max(1, int(request.values.get("page", 1)))
except: abort(400, "Invalid page input!")
return get_saves_and_subscribes(v, "userpage.html", Subscription, page, False) return get_saves_and_subscribes(v, "userpage.html", Subscription, page, False)
@app.post("/fp/<fp>") @app.post("/fp/<fp>")