forked from MarseyWorld/MarseyWorld
fix poor, fix 500, sanitize fun stuff
parent
0c42a8d269
commit
54fecd99e5
|
@ -43,6 +43,8 @@ def remove_background(v):
|
||||||
def settings_personal_post(v):
|
def settings_personal_post(v):
|
||||||
updated = False
|
updated = False
|
||||||
|
|
||||||
|
# begin common selectors #
|
||||||
|
|
||||||
def update_flag(column_name:str, request_name:str):
|
def update_flag(column_name:str, request_name:str):
|
||||||
if not request.values.get(request_name, ''): return False
|
if not request.values.get(request_name, ''): return False
|
||||||
request_flag = request.values.get(request_name, '') == 'true'
|
request_flag = request.values.get(request_name, '') == 'true'
|
||||||
|
@ -68,9 +70,21 @@ def settings_personal_post(v):
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
if request.values.get("background", v.background) != v.background:
|
def set_selector_option(column_name:str, api_name:str, valid_values:Iterable[str], error_msg:str="value"):
|
||||||
updated = True
|
opt = request.values.get(api_name)
|
||||||
|
if opt: opt = opt.strip()
|
||||||
|
if not opt: return False
|
||||||
|
if opt in valid_values:
|
||||||
|
setattr(v, column_name, opt)
|
||||||
|
return True
|
||||||
|
abort(400, f"'{opt}' is not a valid {error_msg}")
|
||||||
|
|
||||||
|
# end common selectors #
|
||||||
|
|
||||||
|
background = request.values.get("background", v.background)
|
||||||
|
if background != v.background and not ".." in background and background.endswith(".webp") and len(background) < 20 and os.path.isfile(background):
|
||||||
v.background = request.values.get("background")
|
v.background = request.values.get("background")
|
||||||
|
updated = True
|
||||||
elif request.values.get("reddit", v.reddit) != v.reddit:
|
elif request.values.get("reddit", v.reddit) != v.reddit:
|
||||||
reddit = request.values.get("reddit")
|
reddit = request.values.get("reddit")
|
||||||
if reddit in {'old.reddit.com', 'reddit.com', 'i.reddit.com', 'teddit.net', 'libredd.it', 'unddit.com'}:
|
if reddit in {'old.reddit.com', 'reddit.com', 'i.reddit.com', 'teddit.net', 'libredd.it', 'unddit.com'}:
|
||||||
|
@ -78,6 +92,7 @@ def settings_personal_post(v):
|
||||||
v.reddit = reddit
|
v.reddit = reddit
|
||||||
elif request.values.get("poor", v.poor) != v.poor:
|
elif request.values.get("poor", v.poor) != v.poor:
|
||||||
updated = True
|
updated = True
|
||||||
|
v.poor = request.values.get("poor", v.poor) == 'true'
|
||||||
session['poor'] = v.poor
|
session['poor'] = v.poor
|
||||||
|
|
||||||
slur_filter_updated = updated or update_potentially_permanent_flag("slurreplacer", "slurreplacer", "slur replacer", 192)
|
slur_filter_updated = updated or update_potentially_permanent_flag("slurreplacer", "slurreplacer", "slur replacer", 192)
|
||||||
|
@ -164,7 +179,6 @@ def settings_personal_post(v):
|
||||||
v=v,
|
v=v,
|
||||||
error="Your friends list is too long")
|
error="Your friends list is too long")
|
||||||
|
|
||||||
|
|
||||||
notify_users = NOTIFY_USERS(friends, v)
|
notify_users = NOTIFY_USERS(friends, v)
|
||||||
|
|
||||||
if notify_users:
|
if notify_users:
|
||||||
|
@ -190,9 +204,7 @@ def settings_personal_post(v):
|
||||||
v=v,
|
v=v,
|
||||||
error="Your enemies list is too long")
|
error="Your enemies list is too long")
|
||||||
|
|
||||||
|
|
||||||
notify_users = NOTIFY_USERS(enemies, v)
|
notify_users = NOTIFY_USERS(enemies, v)
|
||||||
|
|
||||||
if notify_users:
|
if notify_users:
|
||||||
cid = notif_comment(f"@{v.username} has added you to their enemies list!")
|
cid = notif_comment(f"@{v.username} has added you to their enemies list!")
|
||||||
for x in notify_users:
|
for x in notify_users:
|
||||||
|
@ -237,29 +249,12 @@ def settings_personal_post(v):
|
||||||
cache.delete_memoized(frontlist)
|
cache.delete_memoized(frontlist)
|
||||||
else: abort(400)
|
else: abort(400)
|
||||||
|
|
||||||
defaultsortingcomments = request.values.get("defaultsortingcomments")
|
updated = updated or set_selector_option("defaultsortingcomments", "defaultsortingcomments", COMMENT_SORTS, "comment sort")
|
||||||
if defaultsortingcomments:
|
updated = updated or set_selector_option("defaultsorting", "defaultsorting", SORTS, "post sort")
|
||||||
if defaultsortingcomments in COMMENT_SORTS:
|
updated = updated or set_selector_option("defaulttime", "defaulttime", TIME_FILTERS, "time filter")
|
||||||
v.defaultsortingcomments = defaultsortingcomments
|
|
||||||
updated = True
|
|
||||||
else: abort(400, f"{defaultsortingcomments} is not a valid comment sort")
|
|
||||||
|
|
||||||
defaultsorting = request.values.get("defaultsorting")
|
|
||||||
if defaultsorting:
|
|
||||||
if defaultsorting in SORTS:
|
|
||||||
v.defaultsorting = defaultsorting
|
|
||||||
updated = True
|
|
||||||
else: abort(400, f"{defaultsorting} is not a valid post sort")
|
|
||||||
|
|
||||||
defaulttime = request.values.get("defaulttime")
|
|
||||||
if defaulttime:
|
|
||||||
if defaulttime in TIME_FILTERS:
|
|
||||||
v.defaulttime = defaulttime
|
|
||||||
updated = True
|
|
||||||
else: abort(400, f"{defaulttime} is not a valid time filter")
|
|
||||||
|
|
||||||
theme = request.values.get("theme")
|
theme = request.values.get("theme")
|
||||||
if theme:
|
if not updated and theme:
|
||||||
if theme in THEMES:
|
if theme in THEMES:
|
||||||
if theme == "transparent" and not v.background:
|
if theme == "transparent" and not v.background:
|
||||||
abort(409, "You need to set a background to use the transparent theme")
|
abort(409, "You need to set a background to use the transparent theme")
|
||||||
|
@ -269,7 +264,7 @@ def settings_personal_post(v):
|
||||||
else: abort(400, f"{theme} is not a valid theme")
|
else: abort(400, f"{theme} is not a valid theme")
|
||||||
|
|
||||||
house = request.values.get("house")
|
house = request.values.get("house")
|
||||||
if house and house in HOUSES and FEATURES['HOUSES']:
|
if not updated and house and house in HOUSES and FEATURES['HOUSES']:
|
||||||
if v.bite: abort(403)
|
if v.bite: abort(403)
|
||||||
if v.house:
|
if v.house:
|
||||||
if v.house.replace(' Founder', '') == house: abort(409, f"You're already in House {house}")
|
if v.house.replace(' Founder', '') == house: abort(409, f"You're already in House {house}")
|
||||||
|
|
Loading…
Reference in New Issue