carpathianflorist
/
MarseyWorld
forked from MarseyWorld/MarseyWorld
1
0
Fork 0
Code Pull Requests Activity

fsddsf

master
Aevann1 2021-09-19 15:11:34 +02:00
parent 6fb3fd33da
commit 731351e5a2
22 changed files with 219 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
files/mail/mail.py
View File

@ -67,10 +67,10 @@ def api_verify_email(v):
@auth_desired
def activate(v):
email = request.args.get("email", "")
id = request.args.get("id", "")
timestamp = int(request.args.get("time", "0"))
token = request.args.get("token", "")
email = request.values.get("email", "")
id = request.values.get("id", "")
timestamp = int(request.values.get("time", "0"))
token = request.values.get("token", "")
if int(time.time()) - timestamp > 3600:
return render_template("message.html", v=v, title="Verification link expired.",

74
files/routes/admin.py
View File

@ -209,7 +209,7 @@ def get_rules(v):
@validate_formkey
def post_rules(v):
text = request.form.get('rules', '')
text = request.values.get('rules', '')
with open(f'./{SITE_NAME} rules.html', 'w+') as f:
f.write(text)
@ -240,7 +240,7 @@ def agendaposters(v):
@admin_level_required(3)
def image_posts_listing(v):
try: page = int(request.args.get('page', 1))
try: page = int(request.values.get('page', 1))
except: page = 1
posts = g.db.query(Submission).order_by(Submission.id.desc())
@ -258,7 +258,7 @@ def image_posts_listing(v):
@admin_level_required(3)
def reported_posts(v):
page = max(1, int(request.args.get("page", 1)))
page = max(1, int(request.values.get("page", 1)))
posts = g.db.query(Submission).options(lazyload('*')).filter_by(
is_approved=0,
@ -279,7 +279,7 @@ def reported_posts(v):
@admin_level_required(3)
def reported_comments(v):
page = max(1, int(request.args.get("page", 1)))
page = max(1, int(request.values.get("page", 1)))
posts = g.db.query(Comment
).filter_by(
@ -333,9 +333,9 @@ def badge_grant_get(v):
v=v,
badge_types=badge_types,
error=errors.get(
request.args.get("error"),
None) if request.args.get('error') else None,
msg="Badge successfully assigned" if request.args.get(
request.values.get("error"),
None) if request.values.get('error') else None,
msg="Badge successfully assigned" if request.values.get(
"msg") else None
)
@ -345,10 +345,10 @@ def badge_grant_get(v):
@validate_formkey
def badge_grant_post(v):
user = get_user(request.form.get("username").strip(), graceful=True)
user = get_user(request.values.get("username").strip(), graceful=True)
if not user: return redirect("/badge_grant?error=no_user")
try: badge_id = int(request.form.get("badge_id"))
try: badge_id = int(request.values.get("badge_id"))
except: abort(400)
if user.has_badge(badge_id):
@ -359,10 +359,10 @@ def badge_grant_post(v):
user_id=user.id,
)
desc = request.form.get("description")
desc = request.values.get("description")
if desc: new_badge.description = desc
url = request.form.get("url")
url = request.values.get("url")
if url: new_badge.url = url
g.db.add(new_badge)
@ -443,7 +443,7 @@ def badge_grant_post(v):
@admin_level_required(2)
def users_list(v):
page = int(request.args.get("page", 1))
page = int(request.values.get("page", 1))
users = g.db.query(User).options(lazyload('*')).filter_by(is_banned=0
).order_by(User.created_utc.desc()
@ -465,11 +465,11 @@ def users_list(v):
@admin_level_required(4)
def alt_votes_get(v):
if not request.args.get("u1") or not request.args.get("u2"):
if not request.values.get("u1") or not request.values.get("u2"):
return render_template("admin/alt_votes.html", v=v)
u1 = request.args.get("u1")
u2 = request.args.get("u2")
u1 = request.values.get("u1")
u2 = request.values.get("u2")
if not u1 or not u2:
return redirect("/admin/alt_votes")
@ -575,8 +575,8 @@ def alt_votes_get(v):
@validate_formkey
def admin_link_accounts(v):
u1 = int(request.form.get("u1"))
u2 = int(request.form.get("u2"))
u1 = int(request.values.get("u1"))
u2 = int(request.values.get("u2"))
new_alt = Alt(
user1=u1,
@ -594,7 +594,7 @@ def admin_link_accounts(v):
@admin_level_required(3)
def admin_removed(v):
page = int(request.args.get("page", 1))
page = int(request.values.get("page", 1))
ids = g.db.query(Submission.id).options(lazyload('*')).options(lazyload('*')).filter_by(is_banned=True).order_by(
Submission.id.desc()).offset(25 * (page - 1)).limit(26).all()
@ -619,7 +619,7 @@ def admin_removed(v):
@admin_level_required(5)
def admin_image_purge(v):
name = request.form.get("url")
name = request.values.get("url")
image = g.db.query(Image).options(lazyload('*')).filter(Image.text == name).first()
if image:
requests.delete(f'https://api.imgur.com/3/image/{image.deletehash}', headers = {"Authorization": f"Client-ID {IMGUR_KEY}"})
@ -673,8 +673,8 @@ def admin_image_ban(v):
new_bp=BadPic(
phash=h,
ban_reason=request.form.get("ban_reason"),
ban_time=int(request.form.get("ban_length",0))
ban_reason=request.values.get("ban_reason"),
ban_time=int(request.values.get("ban_length",0))
)
g.db.add(new_bp)
@ -689,7 +689,7 @@ def admin_image_ban(v):
def agendaposter(user_id, v):
user = g.db.query(User).options(lazyload('*')).filter_by(id=user_id).first()
expiry = request.form.get("days", 0)
expiry = request.values.get("days", 0)
if expiry:
expiry = int(expiry)
expiry = g.timestamp + expiry*60*60*24
@ -710,7 +710,7 @@ def agendaposter(user_id, v):
if not user.agendaposter: kind = "unagendaposter"
else:
kind = "agendaposter"
note = f"for {request.form.get('days')} days" if expiry else "never expires"
note = f"for {request.values.get('days')} days" if expiry else "never expires"
ma = ModAction(
kind=kind,
@ -814,14 +814,14 @@ def admin_title_change(user_id, v):
if user.admin_level != 0: abort(403)
new_name=request.form.get("title").strip()
new_name=request.values.get("title").strip()
user.customtitleplain=new_name
new_name = sanitize(new_name)
user=g.db.query(User).with_for_update().options(lazyload('*')).options(lazyload('*')).filter_by(id=user.id).first()
user.customtitle=new_name
user.flairchanged = bool(request.form.get("locked"))
user.flairchanged = bool(request.values.get("locked"))
g.db.add(user)
if user.flairchanged: kind = "set_flair_locked"
@ -849,9 +849,9 @@ def ban_user(user_id, v):
# check for number of days for suspension
if 'form' in request.values:
days = int(request.form.get("days")) if request.form.get('days') else 0
reason = sanitize(request.form.get("reason", ""))
message = request.form.get("reason", "")
days = int(request.values.get("days")) if request.values.get('days') else 0
reason = sanitize(request.values.get("reason", ""))
message = request.values.get("reason", "")
else:
days = int(request.values.get("days")) if request.values.get('days') else 0
reason = sanitize(request.values.get("reason", ""))
@ -876,7 +876,7 @@ def ban_user(user_id, v):
user.ban(admin=v, reason=reason)
if request.form.get("alts", ""):
if request.values.get("alts", ""):
for x in user.alts:
if x.admin_level > 0: break
x.ban(admin=v, reason=reason)
@ -894,7 +894,7 @@ def ban_user(user_id, v):
)
g.db.add(ma)
if 'reason' in request.args:
if 'reason' in request.values:
if reason.startswith("/post/"):
post = reason.split("/post/")[1]
post = get_post(post)
@ -924,7 +924,7 @@ def unban_user(user_id, v):
user.unban()
if request.form.get("alts", ""):
if request.values.get("alts", ""):
for x in user.alts:
if x.admin_level == 0:
x.unban()
@ -960,7 +960,7 @@ def ban_post(post_id, v):
post.is_pinned = False
post.removed_by = v.id
ban_reason=request.form.get("reason", "")
ban_reason=request.values.get("reason", "")
ban_reason = ban_reason.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
ban_reason = CustomRenderer().render(mistletoe.Document(ban_reason))
ban_reason = sanitize(ban_reason)
@ -1169,10 +1169,10 @@ def admin_banned_domains(v):
@validate_formkey
def admin_toggle_ban_domain(v):
domain=request.form.get("domain", "").strip()
domain=request.values.get("domain", "").strip()
if not domain: abort(400)
reason=request.form.get("reason", "").strip()
reason=request.values.get("reason", "").strip()
d = g.db.query(BannedDomain).options(lazyload('*')).filter_by(domain=domain).first()
if d: g.db.delete(d)
@ -1190,7 +1190,7 @@ def admin_toggle_ban_domain(v):
@validate_formkey
def admin_nuke_user(v):
user=get_user(request.form.get("user"))
user=get_user(request.values.get("user"))
for post in g.db.query(Submission).options(lazyload('*')).filter_by(author_id=user.id).all():
if post.is_banned:
@ -1222,7 +1222,7 @@ def admin_nuke_user(v):
@validate_formkey
def admin_nunuke_user(v):
user=get_user(request.form.get("user"))
user=get_user(request.values.get("user"))
for post in g.db.query(Submission).options(lazyload('*')).filter_by(author_id=user.id).all():
if not post.is_banned:
@ -1253,7 +1253,7 @@ def admin_nunuke_user(v):
@auth_required
def chart(v):
days = int(request.args.get("days", 25))
days = int(request.values.get("days", 25))
now = time.gmtime()
midnight_this_morning = time.struct_time((now.tm_year,

12
files/routes/awards.py
View File

@ -191,7 +191,7 @@ def award_post(pid, v):
if v.is_suspended and v.unban_utc == 0:
return {"error": "forbidden."}, 403
kind = request.form.get("kind", "")
kind = request.values.get("kind", "")
if kind not in AWARDS:
return {"error": "That award doesn't exist."}, 404
@ -233,7 +233,7 @@ def award_post(pid, v):
msg = f"@{v.username} has given your [post]({post.permalink}) the {AWARDS[kind]['title']} Award!"
note = request.form.get("note", "")
note = request.values.get("note", "")
if note:
msg += f"\n\n> {note}"
@ -255,7 +255,7 @@ def award_comment(cid, v):
if v.is_suspended and v.unban_utc == 0:
return {"error": "forbidden"}, 403
kind = request.form.get("kind", "")
kind = request.values.get("kind", "")
if kind not in AWARDS:
return {"error": "That award doesn't exist."}, 404
@ -296,7 +296,7 @@ def award_comment(cid, v):
msg = f"@{v.username} has given your [comment]({c.permalink}) the {AWARDS[kind]['title']} Award!"
note = request.form.get("note", "")
note = request.values.get("note", "")
if note:
msg += f"\n\n> {note}"
@ -328,14 +328,14 @@ def admin_userawards_post(v):
if v.admin_level < 6:
abort(403)
u = get_user(request.form.get("username", '1'), graceful=False, v=v)
u = get_user(request.values.get("username", '1'), graceful=False, v=v)
notify_awards = {}
latest = g.db.query(AwardRelationship).order_by(AwardRelationship.id.desc()).first()
thing = latest.id
for key, value in request.form.items():
for key, value in request.values.items():
if key not in AWARDS:
continue

16
files/routes/comments.py
View File

@ -61,7 +61,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
post._preloaded_comments = [comment]
# context improver
try: context = int(request.args.get("context", 0))
try: context = int(request.values.get("context", 0))
except: context = 0
comment_info = comment
c = comment
@ -77,7 +77,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
if v: defaultsortingcomments = v.defaultsortingcomments
else: defaultsortingcomments = "top"
sort=request.args.get("sort", defaultsortingcomments)
sort=request.values.get("sort", defaultsortingcomments)
post.replies=[top_comment]
@ -133,8 +133,8 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
@validate_formkey
def api_comment(v):
parent_submission = request.form.get("submission")
parent_fullname = request.form.get("parent_fullname")
parent_submission = request.values.get("submission")
parent_fullname = request.values.get("parent_fullname")
# get parent item info
parent_id = parent_fullname.split("_")[1]
@ -156,7 +156,7 @@ def api_comment(v):
abort(400)
#process and sanitize
body = request.form.get("body", "")[:10000]
body = request.values.get("body", "")[:10000]
body = body.strip()
if not body and not request.files.get('file'): return {"error":"You need to actually write something!"}, 400
@ -271,7 +271,7 @@ def api_comment(v):
parent_submission=parent_submission,
parent_comment_id=parent_comment_id,
level=level,
over_18=parent_post.over_18 or request.form.get("over_18","")=="true",
over_18=parent_post.over_18 or request.values.get("over_18","")=="true",
is_bot=is_bot,
app_id=v.client.application.id if v.client else None
)
@ -288,7 +288,7 @@ def api_comment(v):
url = upload_ibb(file=file)
body = request.form.get("body") + f"\n![]({url})"
body = request.values.get("body") + f"\n![]({url})"
body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
body_md = CustomRenderer().render(mistletoe.Document(body))
body_html = sanitize(body_md)
@ -605,7 +605,7 @@ def edit_comment(cid, v):
if c.is_banned or c.deleted_utc > 0: abort(403)
body = request.form.get("body", "")[:10000]
body = request.values.get("body", "")[:10000]
for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE):
if "wikipedia" not in i.group(1): body = body.replace(i.group(1), f'![]({i.group(1)})')
body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")

4
files/routes/discord.py
View File

@ -34,7 +34,7 @@ def discord_redirect(v):
#validate state
now=int(time.time())
state=request.args.get('state','').split('.')
state=request.values.get('state','').split('.')
timestamp=state[0]
@ -47,7 +47,7 @@ def discord_redirect(v):
abort(400)
#get discord token
code = request.args.get("code","")
code = request.values.get("code","")
if not code:
abort(400)

4
files/routes/errors.py
View File

@ -21,7 +21,7 @@ def error_400(e, v):
def error_401(e):
path = request.path
qs = urlencode(dict(request.args))
qs = urlencode(dict(request.values))
argval = quote(f"{path}?{qs}", safe='')
output = f"/login?redirect={argval}"
@ -70,7 +70,7 @@ def error_500(e, v):
def allow_nsfw():
session["over_18"] = int(time.time()) + 3600
return redirect(request.form.get("redir", "/"))
return redirect(request.values.get("redir", "/"))
@app.get("/error/<error>")

2
files/routes/feeds.py
View File

@ -10,7 +10,7 @@ from files.__main__ import app
@app.get('/rss/<sort>/<t>')
def feeds_user(sort='hot', t='all'):
page = int(request.args.get("page", 1))
page = int(request.values.get("page", 1))
ids, next_exists = frontlist(
sort=sort,

34
files/routes/front.py
View File

@ -13,11 +13,11 @@ def slash_post():
@app.get("/notifications")
@auth_required
def notifications(v):
try: page = int(request.args.get('page', 1))
try: page = int(request.values.get('page', 1))
except: page = 1
messages = request.args.get('messages', False)
modmail = request.args.get('modmail', False)
posts = request.args.get('posts', False)
messages = request.values.get('messages', False)
modmail = request.values.get('modmail', False)
posts = request.values.get('posts', False)
if modmail and v.admin_level == 6:
comments = g.db.query(Comment).filter(Comment.sentto==0).order_by(Comment.created_utc.desc()).offset(25*(page-1)).limit(26).all()
next_exists = (len(comments) > 25)
@ -230,7 +230,7 @@ def front_all(v):
if v and "logged_out" in request.full_path: v = None
try: page = int(request.args.get("page") or 1)
try: page = int(request.values.get("page") or 1)
except: abort(400)
# prevent invalid paging
@ -243,15 +243,15 @@ def front_all(v):
defaultsorting = "hot"
defaulttime = defaulttimefilter
sort=request.args.get("sort", defaultsorting)
t=request.args.get('t', defaulttime)
sort=request.values.get("sort", defaultsorting)
t=request.values.get('t', defaulttime)
ids, next_exists = frontlist(sort=sort,
page=page,
t=t,
v=v,
gt=int(request.args.get("utc_greater_than", 0)),
lt=int(request.args.get("utc_less_than", 0)),
gt=int(request.values.get("utc_greater_than", 0)),
lt=int(request.values.get("utc_less_than", 0)),
filter_words=v.filter_words if v else [],
)
@ -339,18 +339,18 @@ def changeloglist(v=None, sort="new", page=1 ,t="all", **kwargs):
def changelog(v):
page = int(request.args.get("page") or 1)
page = int(request.values.get("page") or 1)
page = max(page, 1)
sort=request.args.get("sort", "new")
t=request.args.get('t', "all")
sort=request.values.get("sort", "new")
t=request.values.get('t', "all")
ids = changeloglist(sort=sort,
page=page,
t=t,
v=v,
gt=int(request.args.get("utc_greater_than", 0)),
lt=int(request.args.get("utc_less_than", 0)),
gt=int(request.values.get("utc_greater_than", 0)),
lt=int(request.values.get("utc_less_than", 0)),
)
# check existence of next page
@ -440,10 +440,10 @@ def comment_idlist(page=1, v=None, nsfw=False, sort="new", t="all", **kwargs):
def all_comments(v):
page = int(request.args.get("page", 1))
page = int(request.values.get("page", 1))
sort=request.args.get("sort", "new")
t=request.args.get("t", defaulttimefilter)
sort=request.values.get("sort", "new")
t=request.values.get("t", defaulttimefilter)
idlist = comment_idlist(v=v,
page=page,

4
files/routes/giphy.py
View File

@ -11,8 +11,8 @@ GIPHY_KEY = environ.get('GIPHY_KEY').rstrip()
@app.route("/giphy<path>", methods=["GET"])
def giphy(path=None):
searchTerm = request.args.get("searchTerm", "")
limit = int(request.args.get("limit", 48))
searchTerm = request.values.get("searchTerm", "")
limit = int(request.values.get("limit", 48))
if searchTerm and limit:
url = f"https://api.giphy.com/v1/gifs/search?q={searchTerm}&api_key={GIPHY_KEY}&limit={limit}"
elif searchTerm and not limit:

84
files/routes/login.py
View File

@ -11,7 +11,7 @@ valid_password_regex = re.compile("^.{8,100}$")
@auth_desired
def login_get(v):
redir = request.args.get("redirect", "/").replace("/logged_out", "")
redir = request.values.get("redirect", "/").replace("/logged_out", "")
if v:
return redirect(redir)
@ -78,7 +78,7 @@ def check_for_alts(current_id):
@limiter.limit("6/minute")
def login_post():
username = request.form.get("username")
username = request.values.get("username")
if not username: abort(400)
if "@" in username:
@ -93,9 +93,9 @@ def login_post():
# test password
if request.form.get("password"):
if request.values.get("password"):
if not account.verifyPass(request.form.get("password")):
if not account.verifyPass(request.values.get("password")):
time.sleep(random.uniform(0, 2))
return render_template("login.html", failed=True)
@ -106,21 +106,21 @@ def login_post():
v=account,
time=now,
hash=hash,
redirect=request.form.get("redirect", "/")
redirect=request.values.get("redirect", "/")
)
elif request.form.get("2fa_token", "x"):
elif request.values.get("2fa_token", "x"):
now = int(time.time())
if now - int(request.form.get("time")) > 600:
if now - int(request.values.get("time")) > 600:
return redirect('/login')
formhash = request.form.get("hash")
if not validate_hash(f"{account.id}+{request.form.get('time')}+2fachallenge",
formhash = request.values.get("hash")
if not validate_hash(f"{account.id}+{request.values.get('time')}+2fachallenge",
formhash
):
return redirect("/login")
if not account.validate_2fa(request.form.get("2fa_token", "").strip()):
if not account.validate_2fa(request.values.get("2fa_token", "").strip()):
hash = generate_hash(f"{account.id}+{time}+2fachallenge")
return render_template("login_2fa.html",
v=account,
@ -145,7 +145,7 @@ def login_post():
# check for previous page
redir = request.form.get("redirect", "/").replace("/logged_out", "")
redir = request.values.get("redirect", "/").replace("/logged_out", "")
g.db.commit()
@ -184,7 +184,7 @@ def sign_up_get(v):
abort(403)
# check for referral in link
ref = request.args.get("ref", None)
ref = request.values.get("ref", None)
if ref:
ref_user = g.db.query(User).options(lazyload('*')).filter(User.username.ilike(ref)).first()
@ -207,9 +207,9 @@ def sign_up_get(v):
digestmod='md5'
).hexdigest()
redir = request.args.get("redirect", "/").replace("/logged_out", "")
redir = request.values.get("redirect", "/").replace("/logged_out", "")
error = request.args.get("error", None)
error = request.values.get("error", None)
return render_template("sign_up.html",
formkey=formkey,
@ -235,8 +235,8 @@ def sign_up_post(v):
if not agent:
abort(403)
form_timestamp = request.form.get("now", '0')
form_formkey = request.form.get("formkey", "none")
form_timestamp = request.values.get("now", '0')
form_formkey = request.values.get("formkey", "none")
submitted_token = session.get("signup_token", "")
if not submitted_token:
@ -251,16 +251,16 @@ def sign_up_post(v):
now = int(time.time())
username = request.form.get("username").strip()
username = request.values.get("username").strip()
# define function that takes an error message and generates a new signup
# form
def new_signup(error):
args = {"error": error}
if request.form.get("referred_by"):
if request.values.get("referred_by"):
user = g.db.query(User).options(lazyload('*')).filter_by(
id=request.form.get("referred_by")).first()
id=request.values.get("referred_by")).first()
if user:
args["ref"] = user.username
@ -275,19 +275,19 @@ def sign_up_post(v):
return new_signup("There was a problem. Please try again.")
# check for matched passwords
if not request.form.get(
"password") == request.form.get("password_confirm"):
if not request.values.get(
"password") == request.values.get("password_confirm"):
return new_signup("Passwords did not match. Please try again.")
# check username/pass conditions
if not re.fullmatch(valid_username_regex, username):
return new_signup("Invalid username")
if not re.fullmatch(valid_password_regex, request.form.get("password")):
if not re.fullmatch(valid_password_regex, request.values.get("password")):
return new_signup("Password must be between 8 and 100 characters.")
# Check for existing accounts
email = request.form.get("email")
email = request.values.get("email")
email = email.strip()
if not email: email = None
@ -303,7 +303,7 @@ def sign_up_post(v):
# check bot
if app.config.get("HCAPTCHA_SITEKEY"):
token = request.form.get("h-captcha-response")
token = request.values.get("h-captcha-response")
if not token:
return new_signup("Unable to verify captcha [1].")
@ -322,7 +322,7 @@ def sign_up_post(v):
session.pop("signup_token")
# get referral
ref_id = int(request.form.get("referred_by", 0))
ref_id = int(request.values.get("referred_by", 0))
# upgrade user badge
if ref_id:
@ -352,7 +352,7 @@ def sign_up_post(v):
username=username,
original_username = username,
admin_level = admin_level,
password=request.form.get("password"),
password=request.values.get("password"),
email=email,
created_utc=int(time.time()),
referred_by=ref_id or None,
@ -392,8 +392,8 @@ def get_forgot():
@app.post("/forgot")
def post_forgot():
username = request.form.get("username").lstrip('@')
email = request.form.get("email",'').strip()
username = request.values.get("username").lstrip('@')
email = request.values.get("email",'').strip()
email=email.replace("_","\_")
@ -430,9 +430,9 @@ def post_forgot():
@app.get("/reset")
def get_reset():
user_id = request.args.get("id")
timestamp = int(request.args.get("time",0))
token = request.args.get("token")
user_id = request.values.get("id")
timestamp = int(request.values.get("time",0))
token = request.values.get("token")
now = int(time.time())
@ -464,12 +464,12 @@ def post_reset(v):
if v:
return redirect('/')
user_id = request.form.get("user_id")
timestamp = int(request.form.get("time"))
token = request.form.get("token")
user_id = request.values.get("user_id")
timestamp = int(request.values.get("time"))
token = request.values.get("token")
password = request.form.get("password")
confirm_password = request.form.get("confirm_password")
password = request.values.get("password")
confirm_password = request.values.get("confirm_password")
now = int(time.time())
@ -514,7 +514,7 @@ def lost_2fa(v):
@limiter.limit("6/minute")
def request_2fa_disable():
username=request.form.get("username")
username=request.values.get("username")
user=get_user(username, graceful=True)
if not user or not user.email or not user.mfa_secret:
return render_template("message.html",
@ -522,7 +522,7 @@ def request_2fa_disable():
message="If username, password, and email match, we will send you an email.")
email=request.form.get("email")
email=request.values.get("email")
if email != user.email and email.endswith("@gmail.com"):
email=email.split('@')[0]
email=email.split('+')[0]
@ -534,7 +534,7 @@ def request_2fa_disable():
message="If username, password, and email match, we will send you an email.")
password =request.form.get("password")
password =request.values.get("password")
if not user.verifyPass(password):
return render_template("message.html",
title="Removal request received",
@ -561,15 +561,15 @@ def request_2fa_disable():
def reset_2fa():
now=int(time.time())
t=int(request.args.get("t"))
t=int(request.values.get("t"))
if now > t+3600*24:
return render_template("message.html",
title="Expired Link",
error="That link has expired.")
token=request.args.get("token")
uid=request.args.get("id")
token=request.values.get("token")
uid=request.values.get("id")
user=get_account(uid)

22
files/routes/oauth.py
View File

@ -9,7 +9,7 @@ from files.__main__ import app
@app.get("/authorize")
@auth_required
def authorize_prompt(v):
client_id = request.args.get("client_id")
client_id = request.values.get("client_id")
application = g.db.query(OauthApp).options(lazyload('*')).filter_by(client_id=client_id).first()
if not application: return {"oauth_error": "Invalid `client_id`"}, 401
return render_template("oauth.html", v=v, application=application)
@ -20,7 +20,7 @@ def authorize_prompt(v):
@validate_formkey
def authorize(v):
client_id = request.form.get("client_id")
client_id = request.values.get("client_id")
application = g.db.query(OauthApp).options(lazyload('*')).filter_by(client_id=client_id).first()
if not application: return {"oauth_error": "Invalid `client_id`"}, 401
access_token = secrets.token_urlsafe(128)[:128]
@ -42,15 +42,15 @@ def authorize(v):
def request_api_keys(v):
new_app = OauthApp(
app_name=request.form.get('name'),
redirect_uri=request.form.get('redirect_uri'),
app_name=request.values.get('name'),
redirect_uri=request.values.get('redirect_uri'),
author_id=v.id,
description=request.form.get("description")[:256]
description=request.values.get("description")[:256]
)
g.db.add(new_app)
send_admin(NOTIFICATIONS_ACCOUNT, f"{v.username} has requested API keys for `{request.form.get('name')}`. You can approve or deny the request [here](/admin/apps).")
send_admin(NOTIFICATIONS_ACCOUNT, f"{v.username} has requested API keys for `{request.values.get('name')}`. You can approve or deny the request [here](/admin/apps).")
g.db.commit()
@ -83,9 +83,9 @@ def edit_oauth_app(v, aid):
aid = int(aid)
app = g.db.query(OauthApp).options(lazyload('*')).filter_by(id=aid).first()
app.redirect_uri = request.form.get('redirect_uri')
app.app_name = request.form.get('name')
app.description = request.form.get("description")[:256]
app.redirect_uri = request.values.get('redirect_uri')
app.app_name = request.values.get('name')
app.description = request.values.get("description")[:256]
g.db.add(app)
@ -168,7 +168,7 @@ def admin_app_id(v, aid):
OauthApp.author)).filter_by(
id=aid).first()
pids=oauth.idlist(page=int(request.args.get("page",1)),
pids=oauth.idlist(page=int(request.values.get("page",1)),
)
next_exists=len(pids)==101
@ -194,7 +194,7 @@ def admin_app_id_comments(v, aid):
OauthApp.author)).filter_by(
id=aid).first()
cids=oauth.comments_idlist(page=int(request.args.get("page",1)),
cids=oauth.comments_idlist(page=int(request.values.get("page",1)),
)
next_exists=len(cids)==101

48
files/routes/posts.py
View File

@ -91,7 +91,7 @@ def post_id(pid, anything=None, v=None):
if v: defaultsortingcomments = v.defaultsortingcomments
else: defaultsortingcomments = "top"
sort=request.args.get("sort", defaultsortingcomments)
sort=request.values.get("sort", defaultsortingcomments)
try: pid = int(pid)
except:
@ -242,8 +242,8 @@ def edit_post(pid, v):
if not p.author_id == v.id: abort(403)
title = request.form.get("title")
body = request.form.get("body", "")
title = request.values.get("title")
body = request.values.get("body", "")
if title != p.title:
p.title = title
@ -397,7 +397,7 @@ def edit_post(pid, v):
@auth_required
def get_post_title(v):
url = request.args.get("url", None)
url = request.values.get("url", None)
if not url:
return abort(400)
@ -601,8 +601,8 @@ def thumbs(new_post):
@validate_formkey
def submit_post(v):
title = request.form.get("title", "")
url = request.form.get("url", "")
title = request.values.get("title", "")
url = request.values.get("url", "")
if url:
if "/i.imgur.com/" in url: url = url.replace(".png", ".webp").replace(".jpg", ".webp").replace(".jpeg", ".webp")
@ -633,24 +633,24 @@ def submit_post(v):
if not title:
if request.headers.get("Authorization"): return {"error": "Please enter a better title"}, 400
else: return render_template("submit.html", v=v, error="Please enter a better title.", title=title, url=url, body=request.form.get("body", "")), 400
else: return render_template("submit.html", v=v, error="Please enter a better title.", title=title, url=url, body=request.values.get("body", "")), 400
elif len(title) > 500:
if request.headers.get("Authorization"): return {"error": "500 character limit for titles"}, 400
else: render_template("submit.html", v=v, error="500 character limit for titles.", title=title[:500], url=url, body=request.form.get("body", "")), 400
else: render_template("submit.html", v=v, error="500 character limit for titles.", title=title[:500], url=url, body=request.values.get("body", "")), 400
parsed_url = urlparse(url)
if not (parsed_url.scheme and parsed_url.netloc) and not request.form.get(
if not (parsed_url.scheme and parsed_url.netloc) and not request.values.get(
"body") and not request.files.get("file", None):
if request.headers.get("Authorization"): return {"error": "`url` or `body` parameter required."}, 400
else: return render_template("submit.html", v=v, error="Please enter a url or some text.", title=title, url=url, body=request.form.get("body", "")), 400
else: return render_template("submit.html", v=v, error="Please enter a url or some text.", title=title, url=url, body=request.values.get("body", "")), 400
# Force https for submitted urls
if request.form.get("url"):
if request.values.get("url"):
new_url = ParseResult(scheme="https",
netloc=parsed_url.netloc,
path=parsed_url.path,
@ -661,7 +661,7 @@ def submit_post(v):
else:
url = ""
body = request.form.get("body", "")
body = request.values.get("body", "")
# check for duplicate
dup = g.db.query(Submission).join(Submission.submission_aux).options(lazyload('*')).filter(
@ -691,7 +691,7 @@ def submit_post(v):
v.ban(reason="Sexualizing minors")
if request.headers.get("Authorization"): return {"error":"ToS violation"}, 400
else: return render_template("submit.html", v=v, error="ToS Violation", title=title, url=url, body=request.form.get("body", "")), 400
else: return render_template("submit.html", v=v, error="ToS Violation", title=title, url=url, body=request.values.get("body", "")), 400
if "twitter.com" in domain:
try: embed = requests.get("https://publish.twitter.com/oembed", params={"url":url, "omit_script":"t"}).json()["html"]
@ -794,12 +794,12 @@ def submit_post(v):
if len(str(body)) > 10000:
if request.headers.get("Authorization"): return {"error":"10000 character limit for text body."}, 400
else: return render_template("submit.html", v=v, error="10000 character limit for text body.", title=title, url=url, body=request.form.get("body", "")), 400
else: return render_template("submit.html", v=v, error="10000 character limit for text body.", title=title, url=url, body=request.values.get("body", "")), 400
if len(url) > 2048:
if request.headers.get("Authorization"): return {"error":"2048 character limit for URLs."}, 400
else: return render_template("submit.html", v=v, error="2048 character limit for URLs.", title=title, url=url,body=request.form.get("body", "")), 400
else: return render_template("submit.html", v=v, error="2048 character limit for URLs.", title=title, url=url,body=request.values.get("body", "")), 400
# render text
for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE):
@ -822,7 +822,7 @@ def submit_post(v):
abort(403)
if request.headers.get("Authorization"): return {"error": reason}, 403
else: return render_template("submit.html", v=v, error=reason, title=title, url=url, body=request.form.get("body", "")), 403
else: return render_template("submit.html", v=v, error=reason, title=title, url=url, body=request.values.get("body", "")), 403
# check spam
soup = BeautifulSoup(body_html, features="html.parser")
@ -853,19 +853,19 @@ def submit_post(v):
return redirect('/notifications')
else:
if request.headers.get("Authorization"): return {"error": f"The link `{badlink.link}` is not allowed. Reason: {badlink.reason}"}, 400
else: return render_template("submit.html", v=v, error=f"The link `{badlink.link}` is not allowed. Reason: {badlink.reason}.", title=title, url=url, body=request.form.get("body", "")), 400
else: return render_template("submit.html", v=v, error=f"The link `{badlink.link}` is not allowed. Reason: {badlink.reason}.", title=title, url=url, body=request.values.get("body", "")), 400
# check for embeddable video
domain = parsed_url.netloc
if v.paid_dues: club = bool(request.form.get("club",""))
if v.paid_dues: club = bool(request.values.get("club",""))
else: club = False
new_post = Submission(
private=bool(request.form.get("private","")),
private=bool(request.values.get("private","")),
club=club,
author_id=v.id,
over_18=bool(request.form.get("over_18","")),
over_18=bool(request.values.get("over_18","")),
app_id=v.client.application.id if v.client else None,
is_bot = request.headers.get("X-User-Type","").lower()=="bot"
)
@ -905,11 +905,11 @@ def submit_post(v):
file = request.files['file']
#if not file.content_type.startswith('image/'):
# if request.headers.get("Authorization"): return {"error": f"Image files only"}, 400
# else: return render_template("submit.html", v=v, error=f"Image files only.", title=title, body=request.form.get("body", "")), 400
# else: return render_template("submit.html", v=v, error=f"Image files only.", title=title, body=request.values.get("body", "")), 400
if not file.content_type.startswith(('image/', 'video/')):
if request.headers.get("Authorization"): return {"error": f"File type not allowed"}, 400
else: return render_template("submit.html", v=v, error=f"File type not allowed.", title=title, body=request.form.get("body", "")), 400
else: return render_template("submit.html", v=v, error=f"File type not allowed.", title=title, body=request.values.get("body", "")), 400
if file.content_type.startswith('video/') and v.coins < app.config["VIDEO_COIN_REQUIREMENT"] and v.admin_level < 1:
if request.headers.get("Authorization"):
@ -922,7 +922,7 @@ def submit_post(v):
v=v,
error=f"You need at least {app.config['VIDEO_COIN_REQUIREMENT']} coins to upload videos.",
title=title,
body=request.form.get("body", "")
body=request.values.get("body", "")
), 403
if file.content_type.startswith('image/'):
@ -946,7 +946,7 @@ def submit_post(v):
v=v,
error=str(e),
title=title,
body=request.form.get("body", "")
body=request.values.get("body", "")
), 400
g.db.add(new_post)

4
files/routes/reporting.py
View File

@ -16,7 +16,7 @@ def api_flag_post(pid, v):
if existing: return "", 409
reason = request.form.get("reason", "").strip()[:100]
reason = request.values.get("reason", "").strip()[:100]
if "<" in reason: return {"error": f"Reasons can't contain <"}
for i in re.finditer(':(.{1,30}?):', reason):
@ -47,7 +47,7 @@ def api_flag_comment(cid, v):
user_id=v.id, comment_id=comment.id).first()
if existing: return "", 409
reason = request.form.get("reason", "").strip()[:100]
reason = request.values.get("reason", "").strip()[:100]
if "<" in reason: return {"error": f"Reasons can't contain <"}
for i in re.finditer(':(.{1,30}?):', reason):

24
files/routes/search.py
View File

@ -203,12 +203,12 @@ def searchcommentlisting(criteria, v=None, page=1, t="None", sort="top"):
def searchposts(v):
query = request.args.get("q", '').strip()
query = request.values.get("q", '').strip()
page = max(1, int(request.args.get("page", 1)))
page = max(1, int(request.values.get("page", 1)))
sort = request.args.get("sort", "top").lower()
t = request.args.get('t', 'all').lower()
sort = request.values.get("sort", "top").lower()
t = request.values.get('t', 'all').lower()
criteria=searchparse(query)
total, ids = searchlisting(criteria, v=v, page=page, t=t, sort=sort)
@ -244,13 +244,13 @@ def searchposts(v):
def searchcomments(v):
query = request.args.get("q", '').strip()
query = request.values.get("q", '').strip()
try: page = max(1, int(request.args.get("page", 1)))
try: page = max(1, int(request.values.get("page", 1)))
except: page = 1
sort = request.args.get("sort", "top").lower()
t = request.args.get('t', 'all').lower()
sort = request.values.get("sort", "top").lower()
t = request.values.get('t', 'all').lower()
criteria=searchparse(query)
total, ids = searchcommentlisting(criteria, v=v, page=page, t=t, sort=sort)
@ -269,11 +269,11 @@ def searchcomments(v):
def searchusers(v):
query = request.args.get("q", '').strip()
query = request.values.get("q", '').strip()
page = max(1, int(request.args.get("page", 1)))
sort = request.args.get("sort", "top").lower()
t = request.args.get('t', 'all').lower()
page = max(1, int(request.values.get("page", 1)))
sort = request.values.get("sort", "top").lower()
t = request.values.get('t', 'all').lower()
term=query.lstrip('@')
term=term.replace('\\','')
term=term.replace('_','\_')

50
files/routes/settings.py
View File

@ -267,7 +267,7 @@ def changelogsub(v):
@auth_required
@validate_formkey
def namecolor(v):
color = str(request.form.get("color", "")).strip()
color = str(request.values.get("color", "")).strip()
if color.startswith('#'): color = color[1:]
if len(color) != 6: return render_template("settings_security.html", v=v, error="Invalid color code")
v.namecolor = color
@ -279,7 +279,7 @@ def namecolor(v):
@auth_required
@validate_formkey
def themecolor(v):
themecolor = str(request.form.get("themecolor", "")).strip()
themecolor = str(request.values.get("themecolor", "")).strip()
if themecolor.startswith('#'): themecolor = themecolor[1:]
if len(themecolor) != 6: return render_template("settings_security.html", v=v, error="Invalid color code")
v.themecolor = themecolor
@ -368,7 +368,7 @@ def gumroad(v):
@auth_required
@validate_formkey
def titlecolor(v):
titlecolor = str(request.form.get("titlecolor", "")).strip()
titlecolor = str(request.values.get("titlecolor", "")).strip()
if titlecolor.startswith('#'): titlecolor = titlecolor[1:]
if len(titlecolor) != 6: return render_template("settings_security.html", v=v, error="Invalid color code")
v.titlecolor = titlecolor
@ -381,22 +381,22 @@ def titlecolor(v):
@auth_required
@validate_formkey
def settings_security_post(v):
if request.form.get("new_password"):
if request.form.get(
"new_password") != request.form.get("cnf_password"):
if request.values.get("new_password"):
if request.values.get(
"new_password") != request.values.get("cnf_password"):
return redirect("/settings/security?error=" +
escape("Passwords do not match."))
if not re.match(valid_password_regex, request.form.get("new_password")):
if not re.match(valid_password_regex, request.values.get("new_password")):
#print(f"signup fail - {username } - invalid password")
return redirect("/settings/security?error=" +
escape("Password must be between 8 and 100 characters."))
if not v.verifyPass(request.form.get("old_password")):
if not v.verifyPass(request.values.get("old_password")):
return render_template(
"settings_security.html", v=v, error="Incorrect password")
v.passhash = v.hash_password(request.form.get("new_password"))
v.passhash = v.hash_password(request.values.get("new_password"))
g.db.add(v)
@ -405,13 +405,13 @@ def settings_security_post(v):
return redirect("/settings/security?msg=" +
escape("Your password has been changed."))
if request.form.get("new_email"):
if request.values.get("new_email"):
if not v.verifyPass(request.form.get('password')):
if not v.verifyPass(request.values.get('password')):
return redirect("/settings/security?error=" +
escape("Invalid password."))
new_email = request.form.get("new_email","").strip()
new_email = request.values.get("new_email","").strip()
if new_email == v.email:
return redirect("/settings/security?error=That email is already yours!")
@ -441,15 +441,15 @@ def settings_security_post(v):
return redirect("/settings/security?msg=" + escape(
"Check your email and click the verification link to complete the email change."))
if request.form.get("2fa_token", ""):
if request.values.get("2fa_token", ""):
if not v.verifyPass(request.form.get('password')):
if not v.verifyPass(request.values.get('password')):
return redirect("/settings/security?error=" +
escape("Invalid password or token."))
secret = request.form.get("2fa_secret")
secret = request.values.get("2fa_secret")
x = pyotp.TOTP(secret)
if not x.verify(request.form.get("2fa_token"), valid_window=1):
if not x.verify(request.values.get("2fa_token"), valid_window=1):
return redirect("/settings/security?error=" +
escape("Invalid password or token."))
@ -461,13 +461,13 @@ def settings_security_post(v):
return redirect("/settings/security?msg=" +
escape("Two-factor authentication enabled."))
if request.form.get("2fa_remove", ""):
if request.values.get("2fa_remove", ""):
if not v.verifyPass(request.form.get('password')):
if not v.verifyPass(request.values.get('password')):
return redirect("/settings/security?error=" +
escape("Invalid password or token."))
token = request.form.get("2fa_remove")
token = request.values.get("2fa_remove")
if not v.validate_2fa(token):
return redirect("/settings/security?error=" +
@ -486,7 +486,7 @@ def settings_security_post(v):
@validate_formkey
def settings_log_out_others(v):
submitted_password = request.form.get("password", "")
submitted_password = request.values.get("password", "")
if not v.verifyPass(submitted_password):
return render_template("settings_security.html",
@ -596,7 +596,7 @@ def settings_css_get(v):
@app.post("/settings/css")
@auth_required
def settings_css(v):
css = request.form.get("css").replace('\\', '')[:50000]
css = request.values.get("css").replace('\\', '')[:50000]
if not v.agendaposter:
v.css = css
@ -618,7 +618,7 @@ def settings_profilecss_get(v):
@auth_required
def settings_profilecss(v):
if v.coins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a patron to set profile css."
profilecss = request.form.get("profilecss").replace('\\', '')[:50000]
profilecss = request.values.get("profilecss").replace('\\', '')[:50000]
v.profilecss = profilecss
g.db.add(v)
g.db.commit()
@ -727,7 +727,7 @@ def settings_content_get(v):
@validate_formkey
def settings_name_change(v):
new_name=request.form.get("name").strip()
new_name=request.values.get("name").strip()
#make sure name is different
if new_name==v.username:
@ -775,7 +775,7 @@ def settings_name_change(v):
@auth_required
@validate_formkey
def settings_song_change(v):
song=request.form.get("song").strip()
song=request.values.get("song").strip()
if song == "" and v.song and path.isfile(f"/songs/{v.song}.mp3") and g.db.query(User).options(lazyload('*')).filter_by(song=v.song).count() == 1:
os.remove(f"/songs/{v.song}.mp3")
@ -860,7 +860,7 @@ def settings_title_change(v):
if v.flairchanged: abort(403)
new_name=request.form.get("title").strip()[:100].replace("𒐪","")
new_name=request.values.get("title").strip()[:100].replace("𒐪","")
#make sure name is different
if new_name==v.customtitle:

8
files/routes/static.py
View File

@ -97,7 +97,7 @@ def admins(v):
# @auth_desired
# def log(v):
# page=int(request.args.get("page",1))
# page=int(request.values.get("page",1))
# if v and v.admin_level == 6: actions = g.db.query(ModAction).order_by(ModAction.id.desc()).offset(25 * (page - 1)).limit(26).all()
# else: actions=g.db.query(ModAction).options(lazyload('*')).filter(ModAction.kind!="shadowban", ModAction.kind!="unshadowban", ModAction.kind!="club", ModAction.kind!="unclub").order_by(ModAction.id.desc()).offset(25*(page-1)).limit(26).all()
@ -150,7 +150,7 @@ def contact(v):
@app.post("/contact")
@auth_desired
def submit_contact(v):
message = f'This message has been sent automatically to all admins via https://{site}/contact, user email is "{v.email}"\n\nMessage:\n\n' + request.form.get("message", "")
message = f'This message has been sent automatically to all admins via https://{site}/contact, user email is "{v.email}"\n\nMessage:\n\n' + request.values.get("message", "")
send_admin(v.id, message)
g.db.commit()
return render_template("contact.html", v=v, msg="Your message has been sent.")
@ -254,8 +254,8 @@ def settings_security(v):
return render_template("settings_security.html",
v=v,
mfa_secret=pyotp.random_base32() if not v.mfa_secret else None,
error=request.args.get("error") or None,
msg=request.args.get("msg") or None
error=request.values.get("error") or None,
msg=request.values.get("msg") or None
)
@app.post("/dismiss_mobile_tip")

24
files/routes/users.py
View File

@ -120,7 +120,7 @@ def transfer_coins(v, username):
if receiver is None: return {"error": "That user doesn't exist."}, 404
if receiver.id != v.id:
amount = request.form.get("amount", "")
amount = request.values.get("amount", "")
amount = int(amount) if amount.isdigit() else None
if amount is None or amount <= 0: return {"error": f"Invalid amount of {app.config['COINS_NAME']}."}, 400
@ -210,7 +210,7 @@ def message2(v, username):
user = get_user(username, v=v)
if user.is_blocking: return {"error": "You're blocking this user."}, 403
if user.is_blocked: return {"error": "This user is blocking you."}, 403
message = request.form.get("message", "")[:1000].strip()
message = request.values.get("message", "")[:1000].strip()
message = message.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
@ -248,8 +248,8 @@ def message2(v, username):
@auth_required
def messagereply(v):
message = request.form.get("body", "")[:1000].strip()
id = int(request.form.get("parent_id"))
message = request.values.get("body", "")[:1000].strip()
id = int(request.values.get("parent_id"))
parent = get_comment(id, v=v)
user = parent.author
message = message.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
@ -421,9 +421,9 @@ def u_username(username, v=None):
else: return render_template("userpage_blocked.html", u=u, v=v)
sort = request.args.get("sort", "new")
t = request.args.get("t", "all")
page = int(request.args.get("page", "1"))
sort = request.values.get("sort", "new")
t = request.values.get("t", "all")
page = int(request.values.get("page", "1"))
page = max(page, 1)
ids = u.userpagelisting(v=v, page=page, sort=sort, t=t)
@ -520,9 +520,9 @@ def u_username_comments(username, v=None):
v=v)
page = int(request.args.get("page", "1"))
sort=request.args.get("sort","new")
t=request.args.get("t","all")
page = int(request.values.get("page", "1"))
sort=request.values.get("sort","new")
t=request.values.get("t","all")
comments = u.comments.options(lazyload('*')).filter(Comment.parent_submission != None)
@ -649,7 +649,7 @@ def user_profile_uid(id):
@auth_required
def saved_posts(v, username):
page=int(request.args.get("page",1))
page=int(request.values.get("page",1))
ids=v.saved_idlist(page=page)
@ -673,7 +673,7 @@ def saved_posts(v, username):
@auth_required
def saved_comments(v, username):
page=int(request.args.get("page",1))
page=int(request.values.get("page",1))
ids=v.saved_comment_idlist(page=page)

2
files/routes/votes.py
View File

@ -10,7 +10,7 @@ from files.__main__ import app
def admin_vote_info_get(v):
link = request.args.get("link")
link = request.values.get("link")
if not link: return render_template("votes.html", v=v)
try:

8
files/templates/contact.html
View File

@ -8,22 +8,22 @@
{% block content %}
{% if request.args.get('error') or error %}
{% if request.values.get('error') or error %}
<div class="alert alert-danger alert-dismissible fade show my-3" role="alert">
<i class="fas fa-exclamation-circle my-auto"></i>
<span>
{{error if error else request.args.get('error')}}
{{error if error else request.values.get('error')}}
</span>
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true"><i class="far fa-times"></i></span>
</button>
</div>
{% endif %}
{% if request.args.get('msg') or msg %}
{% if request.values.get('msg') or msg %}
<div class="alert alert-success alert-dismissible fade show my-3" role="alert">
<i class="fas fa-check-circle my-auto" aria-hidden="true"></i>
<span>
{{msg if msg else request.args.get('msg')}}
{{msg if msg else request.values.get('msg')}}
</span>
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true"><i class="far fa-times"></i></span>

2
files/templates/header.html
View File

@ -22,7 +22,7 @@
</div>
<div class="flex-grow-1 d-fl d-none d-md-block">
<form class="form-inline search flex-nowrap mx-0 mx-lg-auto" action="/search/posts/" method="get">
<input class="form-control w-100" type="search" placeholder="Search" aria-label="Search" name="q" value="{{request.args.get('q', '')}}">
<input class="form-control w-100" type="search" placeholder="Search" aria-label="Search" name="q" value="{{request.values.get('q', '')}}">
<span class="input-group-append">
<span class="input-group-text border-0 bg-transparent" style="margin-left: -2.5rem;">
<i class="fa fa-search" aria-hidden="true"></i>

2
files/templates/sign_up_failed_ref.html
View File

@ -76,7 +76,7 @@
<h1 class="h4 font-weight-normal text-center">Whoops! You can't refer yourself!</h1>
<p class="text-center text-muted mb-md-5">Send this link to a friend instead :)</p>
<label>Referral code</label>
<input type="text" class="form-control copy-link" readonly value="/signup?ref={{request.args.get('ref')}}" data-clipboard-text="/signup?ref={{request.args.get('ref')}}">
<input type="text" class="form-control copy-link" readonly value="/signup?ref={{request.values.get('ref')}}" data-clipboard-text="/signup?ref={{request.values.get('ref')}}">
<div class="text-center mt-5 mb-3">
Already have an account? <a href="/login" class="font-weight-bold text-small toggle-login">Log in.</a>

2
files/templates/submit.html
View File

@ -305,7 +305,7 @@
<div id="urlblock">
<label for="URL" class="mt-3">URL</label>
<input class="form-control" id="post-URL" aria-describedby="URLHelp" type="url" name="url" placeholder="Optional if you have text." value="{{request.args.get('url','')}}" required oninput="checkForRequired();autoSuggestTitle();hide_image()">
<input class="form-control" id="post-URL" aria-describedby="URLHelp" type="url" name="url" placeholder="Optional if you have text." value="{{request.values.get('url','')}}" required oninput="checkForRequired();autoSuggestTitle();hide_image()">
<small class="form-text text-muted">To post an image, use a direct image link such as i.imgur.com</small>
</div>