forked from MarseyWorld/MarseyWorld
fix weird CSP form action bug
parent
502ae2ebe6
commit
5fa03082ab
|
|
@ -636,30 +636,6 @@ def settings_log_out_others(v):
|
|||
|
||||
return {"message": "All other devices have been logged out!"}
|
||||
|
||||
@app.post("/settings/delete_account")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||
@auth_required
|
||||
def settings_delete_account(v):
|
||||
submitted_password = request.values.get("password", "").strip()
|
||||
if not v.verifyPass(submitted_password):
|
||||
stop(400, "Incorrect password!")
|
||||
|
||||
if not FEATURES['ACCOUNT_DELETION']:
|
||||
return redirect(f"{SITE_FULL_IMAGES}/i/mrburns.webp")
|
||||
|
||||
v.login_nonce += 1
|
||||
g.db.add(v)
|
||||
|
||||
account_deletion = AccountDeletion(user_id=v.id)
|
||||
g.db.add(account_deletion)
|
||||
|
||||
return render_template("message.html",
|
||||
title="Your account will be deleted in 30 days.",
|
||||
message="You can (and should) log back in before then to cancel this. Not that we want you here or anything. Whatever bitch."), 202
|
||||
|
||||
@app.post("/settings/images/profile")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
|
|
@ -1195,3 +1171,30 @@ def settings_age(v):
|
|||
x.ban(reason="Underage (age input)", days=remaining_days, modlog=False, original_user=v)
|
||||
|
||||
return {"message": "Age successfully updated!"}
|
||||
|
||||
|
||||
if FEATURES['ACCOUNT_DELETION']:
|
||||
@app.post("/settings/delete_account")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||
@auth_required
|
||||
def settings_delete_account(v):
|
||||
submitted_password = request.values.get("password", "").strip()
|
||||
if not v.verifyPass(submitted_password):
|
||||
stop(400, "Incorrect password!")
|
||||
|
||||
v.login_nonce += 1
|
||||
g.db.add(v)
|
||||
|
||||
account_deletion = AccountDeletion(user_id=v.id)
|
||||
g.db.add(account_deletion)
|
||||
|
||||
return render_template("message.html",
|
||||
title="Your account will be deleted in 30 days.",
|
||||
message="You can (and should) log back in before then to cancel this. Not that we want you here or anything. Whatever bitch."), 202
|
||||
else:
|
||||
@app.get("/settings/delete_account")
|
||||
def settings_delete_account(v):
|
||||
return redirect(f"{SITE_FULL_IMAGES}/i/mrburns.webp")
|
||||
|
|
@ -137,7 +137,11 @@
|
|||
</div>
|
||||
<div class="footer">
|
||||
<div class="d-flex">
|
||||
<input autocomplete="off" class="btn btn-primary ml-auto" type="submit" value="Request Account Deletion">
|
||||
{% if FEATURES['ACCOUNT_DELETION'] %}
|
||||
<input autocomplete="off" class="btn btn-primary ml-auto" type="submit" value="Request Account Deletion">
|
||||
{% else %}
|
||||
<a class="btn btn-primary ml-auto" href="/settings/delete_account">Request Account Deletion</a>
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
|
|
|||
Loading…
Reference in New Issue