diff --git a/files/mail/mail.py b/files/mail/mail.py index ac5f5291b..6ab92ed6a 100644 --- a/files/mail/mail.py +++ b/files/mail/mail.py @@ -67,10 +67,10 @@ def api_verify_email(v): @auth_desired def activate(v): - email = request.args.get("email", "") - id = request.args.get("id", "") - timestamp = int(request.args.get("time", "0")) - token = request.args.get("token", "") + email = request.values.get("email", "") + id = request.values.get("id", "") + timestamp = int(request.values.get("time", "0")) + token = request.values.get("token", "") if int(time.time()) - timestamp > 3600: return render_template("message.html", v=v, title="Verification link expired.", diff --git a/files/routes/admin.py b/files/routes/admin.py index f9571b922..ad812e2e4 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -209,7 +209,7 @@ def get_rules(v): @validate_formkey def post_rules(v): - text = request.form.get('rules', '') + text = request.values.get('rules', '') with open(f'./{SITE_NAME} rules.html', 'w+') as f: f.write(text) @@ -240,7 +240,7 @@ def agendaposters(v): @admin_level_required(3) def image_posts_listing(v): - try: page = int(request.args.get('page', 1)) + try: page = int(request.values.get('page', 1)) except: page = 1 posts = g.db.query(Submission).order_by(Submission.id.desc()) @@ -258,7 +258,7 @@ def image_posts_listing(v): @admin_level_required(3) def reported_posts(v): - page = max(1, int(request.args.get("page", 1))) + page = max(1, int(request.values.get("page", 1))) posts = g.db.query(Submission).options(lazyload('*')).filter_by( is_approved=0, @@ -279,7 +279,7 @@ def reported_posts(v): @admin_level_required(3) def reported_comments(v): - page = max(1, int(request.args.get("page", 1))) + page = max(1, int(request.values.get("page", 1))) posts = g.db.query(Comment ).filter_by( @@ -333,9 +333,9 @@ def badge_grant_get(v): v=v, badge_types=badge_types, error=errors.get( - request.args.get("error"), - None) if request.args.get('error') else None, - msg="Badge successfully assigned" if request.args.get( + request.values.get("error"), + None) if request.values.get('error') else None, + msg="Badge successfully assigned" if request.values.get( "msg") else None ) @@ -345,10 +345,10 @@ def badge_grant_get(v): @validate_formkey def badge_grant_post(v): - user = get_user(request.form.get("username").strip(), graceful=True) + user = get_user(request.values.get("username").strip(), graceful=True) if not user: return redirect("/badge_grant?error=no_user") - try: badge_id = int(request.form.get("badge_id")) + try: badge_id = int(request.values.get("badge_id")) except: abort(400) if user.has_badge(badge_id): @@ -359,10 +359,10 @@ def badge_grant_post(v): user_id=user.id, ) - desc = request.form.get("description") + desc = request.values.get("description") if desc: new_badge.description = desc - url = request.form.get("url") + url = request.values.get("url") if url: new_badge.url = url g.db.add(new_badge) @@ -443,7 +443,7 @@ def badge_grant_post(v): @admin_level_required(2) def users_list(v): - page = int(request.args.get("page", 1)) + page = int(request.values.get("page", 1)) users = g.db.query(User).options(lazyload('*')).filter_by(is_banned=0 ).order_by(User.created_utc.desc() @@ -465,11 +465,11 @@ def users_list(v): @admin_level_required(4) def alt_votes_get(v): - if not request.args.get("u1") or not request.args.get("u2"): + if not request.values.get("u1") or not request.values.get("u2"): return render_template("admin/alt_votes.html", v=v) - u1 = request.args.get("u1") - u2 = request.args.get("u2") + u1 = request.values.get("u1") + u2 = request.values.get("u2") if not u1 or not u2: return redirect("/admin/alt_votes") @@ -575,8 +575,8 @@ def alt_votes_get(v): @validate_formkey def admin_link_accounts(v): - u1 = int(request.form.get("u1")) - u2 = int(request.form.get("u2")) + u1 = int(request.values.get("u1")) + u2 = int(request.values.get("u2")) new_alt = Alt( user1=u1, @@ -594,7 +594,7 @@ def admin_link_accounts(v): @admin_level_required(3) def admin_removed(v): - page = int(request.args.get("page", 1)) + page = int(request.values.get("page", 1)) ids = g.db.query(Submission.id).options(lazyload('*')).options(lazyload('*')).filter_by(is_banned=True).order_by( Submission.id.desc()).offset(25 * (page - 1)).limit(26).all() @@ -619,7 +619,7 @@ def admin_removed(v): @admin_level_required(5) def admin_image_purge(v): - name = request.form.get("url") + name = request.values.get("url") image = g.db.query(Image).options(lazyload('*')).filter(Image.text == name).first() if image: requests.delete(f'https://api.imgur.com/3/image/{image.deletehash}', headers = {"Authorization": f"Client-ID {IMGUR_KEY}"}) @@ -673,8 +673,8 @@ def admin_image_ban(v): new_bp=BadPic( phash=h, - ban_reason=request.form.get("ban_reason"), - ban_time=int(request.form.get("ban_length",0)) + ban_reason=request.values.get("ban_reason"), + ban_time=int(request.values.get("ban_length",0)) ) g.db.add(new_bp) @@ -689,7 +689,7 @@ def admin_image_ban(v): def agendaposter(user_id, v): user = g.db.query(User).options(lazyload('*')).filter_by(id=user_id).first() - expiry = request.form.get("days", 0) + expiry = request.values.get("days", 0) if expiry: expiry = int(expiry) expiry = g.timestamp + expiry*60*60*24 @@ -710,7 +710,7 @@ def agendaposter(user_id, v): if not user.agendaposter: kind = "unagendaposter" else: kind = "agendaposter" - note = f"for {request.form.get('days')} days" if expiry else "never expires" + note = f"for {request.values.get('days')} days" if expiry else "never expires" ma = ModAction( kind=kind, @@ -814,14 +814,14 @@ def admin_title_change(user_id, v): if user.admin_level != 0: abort(403) - new_name=request.form.get("title").strip() + new_name=request.values.get("title").strip() user.customtitleplain=new_name new_name = sanitize(new_name) user=g.db.query(User).with_for_update().options(lazyload('*')).options(lazyload('*')).filter_by(id=user.id).first() user.customtitle=new_name - user.flairchanged = bool(request.form.get("locked")) + user.flairchanged = bool(request.values.get("locked")) g.db.add(user) if user.flairchanged: kind = "set_flair_locked" @@ -849,9 +849,9 @@ def ban_user(user_id, v): # check for number of days for suspension if 'form' in request.values: - days = int(request.form.get("days")) if request.form.get('days') else 0 - reason = sanitize(request.form.get("reason", "")) - message = request.form.get("reason", "") + days = int(request.values.get("days")) if request.values.get('days') else 0 + reason = sanitize(request.values.get("reason", "")) + message = request.values.get("reason", "") else: days = int(request.values.get("days")) if request.values.get('days') else 0 reason = sanitize(request.values.get("reason", "")) @@ -876,7 +876,7 @@ def ban_user(user_id, v): user.ban(admin=v, reason=reason) - if request.form.get("alts", ""): + if request.values.get("alts", ""): for x in user.alts: if x.admin_level > 0: break x.ban(admin=v, reason=reason) @@ -894,7 +894,7 @@ def ban_user(user_id, v): ) g.db.add(ma) - if 'reason' in request.args: + if 'reason' in request.values: if reason.startswith("/post/"): post = reason.split("/post/")[1] post = get_post(post) @@ -924,7 +924,7 @@ def unban_user(user_id, v): user.unban() - if request.form.get("alts", ""): + if request.values.get("alts", ""): for x in user.alts: if x.admin_level == 0: x.unban() @@ -960,7 +960,7 @@ def ban_post(post_id, v): post.is_pinned = False post.removed_by = v.id - ban_reason=request.form.get("reason", "") + ban_reason=request.values.get("reason", "") ban_reason = ban_reason.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") ban_reason = CustomRenderer().render(mistletoe.Document(ban_reason)) ban_reason = sanitize(ban_reason) @@ -1169,10 +1169,10 @@ def admin_banned_domains(v): @validate_formkey def admin_toggle_ban_domain(v): - domain=request.form.get("domain", "").strip() + domain=request.values.get("domain", "").strip() if not domain: abort(400) - reason=request.form.get("reason", "").strip() + reason=request.values.get("reason", "").strip() d = g.db.query(BannedDomain).options(lazyload('*')).filter_by(domain=domain).first() if d: g.db.delete(d) @@ -1190,7 +1190,7 @@ def admin_toggle_ban_domain(v): @validate_formkey def admin_nuke_user(v): - user=get_user(request.form.get("user")) + user=get_user(request.values.get("user")) for post in g.db.query(Submission).options(lazyload('*')).filter_by(author_id=user.id).all(): if post.is_banned: @@ -1222,7 +1222,7 @@ def admin_nuke_user(v): @validate_formkey def admin_nunuke_user(v): - user=get_user(request.form.get("user")) + user=get_user(request.values.get("user")) for post in g.db.query(Submission).options(lazyload('*')).filter_by(author_id=user.id).all(): if not post.is_banned: @@ -1253,7 +1253,7 @@ def admin_nunuke_user(v): @auth_required def chart(v): - days = int(request.args.get("days", 25)) + days = int(request.values.get("days", 25)) now = time.gmtime() midnight_this_morning = time.struct_time((now.tm_year, diff --git a/files/routes/awards.py b/files/routes/awards.py index 7befead97..2f7c224e6 100644 --- a/files/routes/awards.py +++ b/files/routes/awards.py @@ -191,7 +191,7 @@ def award_post(pid, v): if v.is_suspended and v.unban_utc == 0: return {"error": "forbidden."}, 403 - kind = request.form.get("kind", "") + kind = request.values.get("kind", "") if kind not in AWARDS: return {"error": "That award doesn't exist."}, 404 @@ -233,7 +233,7 @@ def award_post(pid, v): msg = f"@{v.username} has given your [post]({post.permalink}) the {AWARDS[kind]['title']} Award!" - note = request.form.get("note", "") + note = request.values.get("note", "") if note: msg += f"\n\n> {note}" @@ -255,7 +255,7 @@ def award_comment(cid, v): if v.is_suspended and v.unban_utc == 0: return {"error": "forbidden"}, 403 - kind = request.form.get("kind", "") + kind = request.values.get("kind", "") if kind not in AWARDS: return {"error": "That award doesn't exist."}, 404 @@ -296,7 +296,7 @@ def award_comment(cid, v): msg = f"@{v.username} has given your [comment]({c.permalink}) the {AWARDS[kind]['title']} Award!" - note = request.form.get("note", "") + note = request.values.get("note", "") if note: msg += f"\n\n> {note}" @@ -328,14 +328,14 @@ def admin_userawards_post(v): if v.admin_level < 6: abort(403) - u = get_user(request.form.get("username", '1'), graceful=False, v=v) + u = get_user(request.values.get("username", '1'), graceful=False, v=v) notify_awards = {} latest = g.db.query(AwardRelationship).order_by(AwardRelationship.id.desc()).first() thing = latest.id - for key, value in request.form.items(): + for key, value in request.values.items(): if key not in AWARDS: continue diff --git a/files/routes/comments.py b/files/routes/comments.py index 0ec6889b9..512ab9581 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -61,7 +61,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None): post._preloaded_comments = [comment] # context improver - try: context = int(request.args.get("context", 0)) + try: context = int(request.values.get("context", 0)) except: context = 0 comment_info = comment c = comment @@ -77,7 +77,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None): if v: defaultsortingcomments = v.defaultsortingcomments else: defaultsortingcomments = "top" - sort=request.args.get("sort", defaultsortingcomments) + sort=request.values.get("sort", defaultsortingcomments) post.replies=[top_comment] @@ -133,8 +133,8 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None): @validate_formkey def api_comment(v): - parent_submission = request.form.get("submission") - parent_fullname = request.form.get("parent_fullname") + parent_submission = request.values.get("submission") + parent_fullname = request.values.get("parent_fullname") # get parent item info parent_id = parent_fullname.split("_")[1] @@ -156,7 +156,7 @@ def api_comment(v): abort(400) #process and sanitize - body = request.form.get("body", "")[:10000] + body = request.values.get("body", "")[:10000] body = body.strip() if not body and not request.files.get('file'): return {"error":"You need to actually write something!"}, 400 @@ -271,7 +271,7 @@ def api_comment(v): parent_submission=parent_submission, parent_comment_id=parent_comment_id, level=level, - over_18=parent_post.over_18 or request.form.get("over_18","")=="true", + over_18=parent_post.over_18 or request.values.get("over_18","")=="true", is_bot=is_bot, app_id=v.client.application.id if v.client else None ) @@ -288,7 +288,7 @@ def api_comment(v): url = upload_ibb(file=file) - body = request.form.get("body") + f"\n![]({url})" + body = request.values.get("body") + f"\n![]({url})" body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") body_md = CustomRenderer().render(mistletoe.Document(body)) body_html = sanitize(body_md) @@ -605,7 +605,7 @@ def edit_comment(cid, v): if c.is_banned or c.deleted_utc > 0: abort(403) - body = request.form.get("body", "")[:10000] + body = request.values.get("body", "")[:10000] for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE): if "wikipedia" not in i.group(1): body = body.replace(i.group(1), f'![]({i.group(1)})') body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") diff --git a/files/routes/discord.py b/files/routes/discord.py index 3a0f20071..af9d7fc26 100644 --- a/files/routes/discord.py +++ b/files/routes/discord.py @@ -34,7 +34,7 @@ def discord_redirect(v): #validate state now=int(time.time()) - state=request.args.get('state','').split('.') + state=request.values.get('state','').split('.') timestamp=state[0] @@ -47,7 +47,7 @@ def discord_redirect(v): abort(400) #get discord token - code = request.args.get("code","") + code = request.values.get("code","") if not code: abort(400) diff --git a/files/routes/errors.py b/files/routes/errors.py index 811f3edf9..3e6241dd2 100644 --- a/files/routes/errors.py +++ b/files/routes/errors.py @@ -21,7 +21,7 @@ def error_400(e, v): def error_401(e): path = request.path - qs = urlencode(dict(request.args)) + qs = urlencode(dict(request.values)) argval = quote(f"{path}?{qs}", safe='') output = f"/login?redirect={argval}" @@ -70,7 +70,7 @@ def error_500(e, v): def allow_nsfw(): session["over_18"] = int(time.time()) + 3600 - return redirect(request.form.get("redir", "/")) + return redirect(request.values.get("redir", "/")) @app.get("/error/") diff --git a/files/routes/feeds.py b/files/routes/feeds.py index 80158cadd..6a1fb8137 100644 --- a/files/routes/feeds.py +++ b/files/routes/feeds.py @@ -10,7 +10,7 @@ from files.__main__ import app @app.get('/rss//') def feeds_user(sort='hot', t='all'): - page = int(request.args.get("page", 1)) + page = int(request.values.get("page", 1)) ids, next_exists = frontlist( sort=sort, diff --git a/files/routes/front.py b/files/routes/front.py index 270599b10..303c32909 100644 --- a/files/routes/front.py +++ b/files/routes/front.py @@ -13,11 +13,11 @@ def slash_post(): @app.get("/notifications") @auth_required def notifications(v): - try: page = int(request.args.get('page', 1)) + try: page = int(request.values.get('page', 1)) except: page = 1 - messages = request.args.get('messages', False) - modmail = request.args.get('modmail', False) - posts = request.args.get('posts', False) + messages = request.values.get('messages', False) + modmail = request.values.get('modmail', False) + posts = request.values.get('posts', False) if modmail and v.admin_level == 6: comments = g.db.query(Comment).filter(Comment.sentto==0).order_by(Comment.created_utc.desc()).offset(25*(page-1)).limit(26).all() next_exists = (len(comments) > 25) @@ -230,7 +230,7 @@ def front_all(v): if v and "logged_out" in request.full_path: v = None - try: page = int(request.args.get("page") or 1) + try: page = int(request.values.get("page") or 1) except: abort(400) # prevent invalid paging @@ -243,15 +243,15 @@ def front_all(v): defaultsorting = "hot" defaulttime = defaulttimefilter - sort=request.args.get("sort", defaultsorting) - t=request.args.get('t', defaulttime) + sort=request.values.get("sort", defaultsorting) + t=request.values.get('t', defaulttime) ids, next_exists = frontlist(sort=sort, page=page, t=t, v=v, - gt=int(request.args.get("utc_greater_than", 0)), - lt=int(request.args.get("utc_less_than", 0)), + gt=int(request.values.get("utc_greater_than", 0)), + lt=int(request.values.get("utc_less_than", 0)), filter_words=v.filter_words if v else [], ) @@ -339,18 +339,18 @@ def changeloglist(v=None, sort="new", page=1 ,t="all", **kwargs): def changelog(v): - page = int(request.args.get("page") or 1) + page = int(request.values.get("page") or 1) page = max(page, 1) - sort=request.args.get("sort", "new") - t=request.args.get('t', "all") + sort=request.values.get("sort", "new") + t=request.values.get('t', "all") ids = changeloglist(sort=sort, page=page, t=t, v=v, - gt=int(request.args.get("utc_greater_than", 0)), - lt=int(request.args.get("utc_less_than", 0)), + gt=int(request.values.get("utc_greater_than", 0)), + lt=int(request.values.get("utc_less_than", 0)), ) # check existence of next page @@ -440,10 +440,10 @@ def comment_idlist(page=1, v=None, nsfw=False, sort="new", t="all", **kwargs): def all_comments(v): - page = int(request.args.get("page", 1)) + page = int(request.values.get("page", 1)) - sort=request.args.get("sort", "new") - t=request.args.get("t", defaulttimefilter) + sort=request.values.get("sort", "new") + t=request.values.get("t", defaulttimefilter) idlist = comment_idlist(v=v, page=page, diff --git a/files/routes/giphy.py b/files/routes/giphy.py index 91df32246..bf460974c 100644 --- a/files/routes/giphy.py +++ b/files/routes/giphy.py @@ -11,8 +11,8 @@ GIPHY_KEY = environ.get('GIPHY_KEY').rstrip() @app.route("/giphy", methods=["GET"]) def giphy(path=None): - searchTerm = request.args.get("searchTerm", "") - limit = int(request.args.get("limit", 48)) + searchTerm = request.values.get("searchTerm", "") + limit = int(request.values.get("limit", 48)) if searchTerm and limit: url = f"https://api.giphy.com/v1/gifs/search?q={searchTerm}&api_key={GIPHY_KEY}&limit={limit}" elif searchTerm and not limit: diff --git a/files/routes/login.py b/files/routes/login.py index 827fbb6ca..b7e4f7bb8 100644 --- a/files/routes/login.py +++ b/files/routes/login.py @@ -11,7 +11,7 @@ valid_password_regex = re.compile("^.{8,100}$") @auth_desired def login_get(v): - redir = request.args.get("redirect", "/").replace("/logged_out", "") + redir = request.values.get("redirect", "/").replace("/logged_out", "") if v: return redirect(redir) @@ -78,7 +78,7 @@ def check_for_alts(current_id): @limiter.limit("6/minute") def login_post(): - username = request.form.get("username") + username = request.values.get("username") if not username: abort(400) if "@" in username: @@ -93,9 +93,9 @@ def login_post(): # test password - if request.form.get("password"): + if request.values.get("password"): - if not account.verifyPass(request.form.get("password")): + if not account.verifyPass(request.values.get("password")): time.sleep(random.uniform(0, 2)) return render_template("login.html", failed=True) @@ -106,21 +106,21 @@ def login_post(): v=account, time=now, hash=hash, - redirect=request.form.get("redirect", "/") + redirect=request.values.get("redirect", "/") ) - elif request.form.get("2fa_token", "x"): + elif request.values.get("2fa_token", "x"): now = int(time.time()) - if now - int(request.form.get("time")) > 600: + if now - int(request.values.get("time")) > 600: return redirect('/login') - formhash = request.form.get("hash") - if not validate_hash(f"{account.id}+{request.form.get('time')}+2fachallenge", + formhash = request.values.get("hash") + if not validate_hash(f"{account.id}+{request.values.get('time')}+2fachallenge", formhash ): return redirect("/login") - if not account.validate_2fa(request.form.get("2fa_token", "").strip()): + if not account.validate_2fa(request.values.get("2fa_token", "").strip()): hash = generate_hash(f"{account.id}+{time}+2fachallenge") return render_template("login_2fa.html", v=account, @@ -145,7 +145,7 @@ def login_post(): # check for previous page - redir = request.form.get("redirect", "/").replace("/logged_out", "") + redir = request.values.get("redirect", "/").replace("/logged_out", "") g.db.commit() @@ -184,7 +184,7 @@ def sign_up_get(v): abort(403) # check for referral in link - ref = request.args.get("ref", None) + ref = request.values.get("ref", None) if ref: ref_user = g.db.query(User).options(lazyload('*')).filter(User.username.ilike(ref)).first() @@ -207,9 +207,9 @@ def sign_up_get(v): digestmod='md5' ).hexdigest() - redir = request.args.get("redirect", "/").replace("/logged_out", "") + redir = request.values.get("redirect", "/").replace("/logged_out", "") - error = request.args.get("error", None) + error = request.values.get("error", None) return render_template("sign_up.html", formkey=formkey, @@ -235,8 +235,8 @@ def sign_up_post(v): if not agent: abort(403) - form_timestamp = request.form.get("now", '0') - form_formkey = request.form.get("formkey", "none") + form_timestamp = request.values.get("now", '0') + form_formkey = request.values.get("formkey", "none") submitted_token = session.get("signup_token", "") if not submitted_token: @@ -251,16 +251,16 @@ def sign_up_post(v): now = int(time.time()) - username = request.form.get("username").strip() + username = request.values.get("username").strip() # define function that takes an error message and generates a new signup # form def new_signup(error): args = {"error": error} - if request.form.get("referred_by"): + if request.values.get("referred_by"): user = g.db.query(User).options(lazyload('*')).filter_by( - id=request.form.get("referred_by")).first() + id=request.values.get("referred_by")).first() if user: args["ref"] = user.username @@ -275,19 +275,19 @@ def sign_up_post(v): return new_signup("There was a problem. Please try again.") # check for matched passwords - if not request.form.get( - "password") == request.form.get("password_confirm"): + if not request.values.get( + "password") == request.values.get("password_confirm"): return new_signup("Passwords did not match. Please try again.") # check username/pass conditions if not re.fullmatch(valid_username_regex, username): return new_signup("Invalid username") - if not re.fullmatch(valid_password_regex, request.form.get("password")): + if not re.fullmatch(valid_password_regex, request.values.get("password")): return new_signup("Password must be between 8 and 100 characters.") # Check for existing accounts - email = request.form.get("email") + email = request.values.get("email") email = email.strip() if not email: email = None @@ -303,7 +303,7 @@ def sign_up_post(v): # check bot if app.config.get("HCAPTCHA_SITEKEY"): - token = request.form.get("h-captcha-response") + token = request.values.get("h-captcha-response") if not token: return new_signup("Unable to verify captcha [1].") @@ -322,7 +322,7 @@ def sign_up_post(v): session.pop("signup_token") # get referral - ref_id = int(request.form.get("referred_by", 0)) + ref_id = int(request.values.get("referred_by", 0)) # upgrade user badge if ref_id: @@ -352,7 +352,7 @@ def sign_up_post(v): username=username, original_username = username, admin_level = admin_level, - password=request.form.get("password"), + password=request.values.get("password"), email=email, created_utc=int(time.time()), referred_by=ref_id or None, @@ -392,8 +392,8 @@ def get_forgot(): @app.post("/forgot") def post_forgot(): - username = request.form.get("username").lstrip('@') - email = request.form.get("email",'').strip() + username = request.values.get("username").lstrip('@') + email = request.values.get("email",'').strip() email=email.replace("_","\_") @@ -430,9 +430,9 @@ def post_forgot(): @app.get("/reset") def get_reset(): - user_id = request.args.get("id") - timestamp = int(request.args.get("time",0)) - token = request.args.get("token") + user_id = request.values.get("id") + timestamp = int(request.values.get("time",0)) + token = request.values.get("token") now = int(time.time()) @@ -464,12 +464,12 @@ def post_reset(v): if v: return redirect('/') - user_id = request.form.get("user_id") - timestamp = int(request.form.get("time")) - token = request.form.get("token") + user_id = request.values.get("user_id") + timestamp = int(request.values.get("time")) + token = request.values.get("token") - password = request.form.get("password") - confirm_password = request.form.get("confirm_password") + password = request.values.get("password") + confirm_password = request.values.get("confirm_password") now = int(time.time()) @@ -514,7 +514,7 @@ def lost_2fa(v): @limiter.limit("6/minute") def request_2fa_disable(): - username=request.form.get("username") + username=request.values.get("username") user=get_user(username, graceful=True) if not user or not user.email or not user.mfa_secret: return render_template("message.html", @@ -522,7 +522,7 @@ def request_2fa_disable(): message="If username, password, and email match, we will send you an email.") - email=request.form.get("email") + email=request.values.get("email") if email != user.email and email.endswith("@gmail.com"): email=email.split('@')[0] email=email.split('+')[0] @@ -534,7 +534,7 @@ def request_2fa_disable(): message="If username, password, and email match, we will send you an email.") - password =request.form.get("password") + password =request.values.get("password") if not user.verifyPass(password): return render_template("message.html", title="Removal request received", @@ -561,15 +561,15 @@ def request_2fa_disable(): def reset_2fa(): now=int(time.time()) - t=int(request.args.get("t")) + t=int(request.values.get("t")) if now > t+3600*24: return render_template("message.html", title="Expired Link", error="That link has expired.") - token=request.args.get("token") - uid=request.args.get("id") + token=request.values.get("token") + uid=request.values.get("id") user=get_account(uid) diff --git a/files/routes/oauth.py b/files/routes/oauth.py index 7704da789..f80e98a52 100644 --- a/files/routes/oauth.py +++ b/files/routes/oauth.py @@ -9,7 +9,7 @@ from files.__main__ import app @app.get("/authorize") @auth_required def authorize_prompt(v): - client_id = request.args.get("client_id") + client_id = request.values.get("client_id") application = g.db.query(OauthApp).options(lazyload('*')).filter_by(client_id=client_id).first() if not application: return {"oauth_error": "Invalid `client_id`"}, 401 return render_template("oauth.html", v=v, application=application) @@ -20,7 +20,7 @@ def authorize_prompt(v): @validate_formkey def authorize(v): - client_id = request.form.get("client_id") + client_id = request.values.get("client_id") application = g.db.query(OauthApp).options(lazyload('*')).filter_by(client_id=client_id).first() if not application: return {"oauth_error": "Invalid `client_id`"}, 401 access_token = secrets.token_urlsafe(128)[:128] @@ -42,15 +42,15 @@ def authorize(v): def request_api_keys(v): new_app = OauthApp( - app_name=request.form.get('name'), - redirect_uri=request.form.get('redirect_uri'), + app_name=request.values.get('name'), + redirect_uri=request.values.get('redirect_uri'), author_id=v.id, - description=request.form.get("description")[:256] + description=request.values.get("description")[:256] ) g.db.add(new_app) - send_admin(NOTIFICATIONS_ACCOUNT, f"{v.username} has requested API keys for `{request.form.get('name')}`. You can approve or deny the request [here](/admin/apps).") + send_admin(NOTIFICATIONS_ACCOUNT, f"{v.username} has requested API keys for `{request.values.get('name')}`. You can approve or deny the request [here](/admin/apps).") g.db.commit() @@ -83,9 +83,9 @@ def edit_oauth_app(v, aid): aid = int(aid) app = g.db.query(OauthApp).options(lazyload('*')).filter_by(id=aid).first() - app.redirect_uri = request.form.get('redirect_uri') - app.app_name = request.form.get('name') - app.description = request.form.get("description")[:256] + app.redirect_uri = request.values.get('redirect_uri') + app.app_name = request.values.get('name') + app.description = request.values.get("description")[:256] g.db.add(app) @@ -168,7 +168,7 @@ def admin_app_id(v, aid): OauthApp.author)).filter_by( id=aid).first() - pids=oauth.idlist(page=int(request.args.get("page",1)), + pids=oauth.idlist(page=int(request.values.get("page",1)), ) next_exists=len(pids)==101 @@ -194,7 +194,7 @@ def admin_app_id_comments(v, aid): OauthApp.author)).filter_by( id=aid).first() - cids=oauth.comments_idlist(page=int(request.args.get("page",1)), + cids=oauth.comments_idlist(page=int(request.values.get("page",1)), ) next_exists=len(cids)==101 diff --git a/files/routes/posts.py b/files/routes/posts.py index 346a5e4dc..b592df802 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -91,7 +91,7 @@ def post_id(pid, anything=None, v=None): if v: defaultsortingcomments = v.defaultsortingcomments else: defaultsortingcomments = "top" - sort=request.args.get("sort", defaultsortingcomments) + sort=request.values.get("sort", defaultsortingcomments) try: pid = int(pid) except: @@ -242,8 +242,8 @@ def edit_post(pid, v): if not p.author_id == v.id: abort(403) - title = request.form.get("title") - body = request.form.get("body", "") + title = request.values.get("title") + body = request.values.get("body", "") if title != p.title: p.title = title @@ -397,7 +397,7 @@ def edit_post(pid, v): @auth_required def get_post_title(v): - url = request.args.get("url", None) + url = request.values.get("url", None) if not url: return abort(400) @@ -601,8 +601,8 @@ def thumbs(new_post): @validate_formkey def submit_post(v): - title = request.form.get("title", "") - url = request.form.get("url", "") + title = request.values.get("title", "") + url = request.values.get("url", "") if url: if "/i.imgur.com/" in url: url = url.replace(".png", ".webp").replace(".jpg", ".webp").replace(".jpeg", ".webp") @@ -633,24 +633,24 @@ def submit_post(v): if not title: if request.headers.get("Authorization"): return {"error": "Please enter a better title"}, 400 - else: return render_template("submit.html", v=v, error="Please enter a better title.", title=title, url=url, body=request.form.get("body", "")), 400 + else: return render_template("submit.html", v=v, error="Please enter a better title.", title=title, url=url, body=request.values.get("body", "")), 400 elif len(title) > 500: if request.headers.get("Authorization"): return {"error": "500 character limit for titles"}, 400 - else: render_template("submit.html", v=v, error="500 character limit for titles.", title=title[:500], url=url, body=request.form.get("body", "")), 400 + else: render_template("submit.html", v=v, error="500 character limit for titles.", title=title[:500], url=url, body=request.values.get("body", "")), 400 parsed_url = urlparse(url) - if not (parsed_url.scheme and parsed_url.netloc) and not request.form.get( + if not (parsed_url.scheme and parsed_url.netloc) and not request.values.get( "body") and not request.files.get("file", None): if request.headers.get("Authorization"): return {"error": "`url` or `body` parameter required."}, 400 - else: return render_template("submit.html", v=v, error="Please enter a url or some text.", title=title, url=url, body=request.form.get("body", "")), 400 + else: return render_template("submit.html", v=v, error="Please enter a url or some text.", title=title, url=url, body=request.values.get("body", "")), 400 # Force https for submitted urls - if request.form.get("url"): + if request.values.get("url"): new_url = ParseResult(scheme="https", netloc=parsed_url.netloc, path=parsed_url.path, @@ -661,7 +661,7 @@ def submit_post(v): else: url = "" - body = request.form.get("body", "") + body = request.values.get("body", "") # check for duplicate dup = g.db.query(Submission).join(Submission.submission_aux).options(lazyload('*')).filter( @@ -691,7 +691,7 @@ def submit_post(v): v.ban(reason="Sexualizing minors") if request.headers.get("Authorization"): return {"error":"ToS violation"}, 400 - else: return render_template("submit.html", v=v, error="ToS Violation", title=title, url=url, body=request.form.get("body", "")), 400 + else: return render_template("submit.html", v=v, error="ToS Violation", title=title, url=url, body=request.values.get("body", "")), 400 if "twitter.com" in domain: try: embed = requests.get("https://publish.twitter.com/oembed", params={"url":url, "omit_script":"t"}).json()["html"] @@ -794,12 +794,12 @@ def submit_post(v): if len(str(body)) > 10000: if request.headers.get("Authorization"): return {"error":"10000 character limit for text body."}, 400 - else: return render_template("submit.html", v=v, error="10000 character limit for text body.", title=title, url=url, body=request.form.get("body", "")), 400 + else: return render_template("submit.html", v=v, error="10000 character limit for text body.", title=title, url=url, body=request.values.get("body", "")), 400 if len(url) > 2048: if request.headers.get("Authorization"): return {"error":"2048 character limit for URLs."}, 400 - else: return render_template("submit.html", v=v, error="2048 character limit for URLs.", title=title, url=url,body=request.form.get("body", "")), 400 + else: return render_template("submit.html", v=v, error="2048 character limit for URLs.", title=title, url=url,body=request.values.get("body", "")), 400 # render text for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE): @@ -822,7 +822,7 @@ def submit_post(v): abort(403) if request.headers.get("Authorization"): return {"error": reason}, 403 - else: return render_template("submit.html", v=v, error=reason, title=title, url=url, body=request.form.get("body", "")), 403 + else: return render_template("submit.html", v=v, error=reason, title=title, url=url, body=request.values.get("body", "")), 403 # check spam soup = BeautifulSoup(body_html, features="html.parser") @@ -853,19 +853,19 @@ def submit_post(v): return redirect('/notifications') else: if request.headers.get("Authorization"): return {"error": f"The link `{badlink.link}` is not allowed. Reason: {badlink.reason}"}, 400 - else: return render_template("submit.html", v=v, error=f"The link `{badlink.link}` is not allowed. Reason: {badlink.reason}.", title=title, url=url, body=request.form.get("body", "")), 400 + else: return render_template("submit.html", v=v, error=f"The link `{badlink.link}` is not allowed. Reason: {badlink.reason}.", title=title, url=url, body=request.values.get("body", "")), 400 # check for embeddable video domain = parsed_url.netloc - if v.paid_dues: club = bool(request.form.get("club","")) + if v.paid_dues: club = bool(request.values.get("club","")) else: club = False new_post = Submission( - private=bool(request.form.get("private","")), + private=bool(request.values.get("private","")), club=club, author_id=v.id, - over_18=bool(request.form.get("over_18","")), + over_18=bool(request.values.get("over_18","")), app_id=v.client.application.id if v.client else None, is_bot = request.headers.get("X-User-Type","").lower()=="bot" ) @@ -905,11 +905,11 @@ def submit_post(v): file = request.files['file'] #if not file.content_type.startswith('image/'): # if request.headers.get("Authorization"): return {"error": f"Image files only"}, 400 - # else: return render_template("submit.html", v=v, error=f"Image files only.", title=title, body=request.form.get("body", "")), 400 + # else: return render_template("submit.html", v=v, error=f"Image files only.", title=title, body=request.values.get("body", "")), 400 if not file.content_type.startswith(('image/', 'video/')): if request.headers.get("Authorization"): return {"error": f"File type not allowed"}, 400 - else: return render_template("submit.html", v=v, error=f"File type not allowed.", title=title, body=request.form.get("body", "")), 400 + else: return render_template("submit.html", v=v, error=f"File type not allowed.", title=title, body=request.values.get("body", "")), 400 if file.content_type.startswith('video/') and v.coins < app.config["VIDEO_COIN_REQUIREMENT"] and v.admin_level < 1: if request.headers.get("Authorization"): @@ -922,7 +922,7 @@ def submit_post(v): v=v, error=f"You need at least {app.config['VIDEO_COIN_REQUIREMENT']} coins to upload videos.", title=title, - body=request.form.get("body", "") + body=request.values.get("body", "") ), 403 if file.content_type.startswith('image/'): @@ -946,7 +946,7 @@ def submit_post(v): v=v, error=str(e), title=title, - body=request.form.get("body", "") + body=request.values.get("body", "") ), 400 g.db.add(new_post) diff --git a/files/routes/reporting.py b/files/routes/reporting.py index df00165b0..1781ed959 100644 --- a/files/routes/reporting.py +++ b/files/routes/reporting.py @@ -16,7 +16,7 @@ def api_flag_post(pid, v): if existing: return "", 409 - reason = request.form.get("reason", "").strip()[:100] + reason = request.values.get("reason", "").strip()[:100] if "<" in reason: return {"error": f"Reasons can't contain <"} for i in re.finditer(':(.{1,30}?):', reason): @@ -47,7 +47,7 @@ def api_flag_comment(cid, v): user_id=v.id, comment_id=comment.id).first() if existing: return "", 409 - reason = request.form.get("reason", "").strip()[:100] + reason = request.values.get("reason", "").strip()[:100] if "<" in reason: return {"error": f"Reasons can't contain <"} for i in re.finditer(':(.{1,30}?):', reason): diff --git a/files/routes/search.py b/files/routes/search.py index faac30f8a..ed474846a 100644 --- a/files/routes/search.py +++ b/files/routes/search.py @@ -203,12 +203,12 @@ def searchcommentlisting(criteria, v=None, page=1, t="None", sort="top"): def searchposts(v): - query = request.args.get("q", '').strip() + query = request.values.get("q", '').strip() - page = max(1, int(request.args.get("page", 1))) + page = max(1, int(request.values.get("page", 1))) - sort = request.args.get("sort", "top").lower() - t = request.args.get('t', 'all').lower() + sort = request.values.get("sort", "top").lower() + t = request.values.get('t', 'all').lower() criteria=searchparse(query) total, ids = searchlisting(criteria, v=v, page=page, t=t, sort=sort) @@ -244,13 +244,13 @@ def searchposts(v): def searchcomments(v): - query = request.args.get("q", '').strip() + query = request.values.get("q", '').strip() - try: page = max(1, int(request.args.get("page", 1))) + try: page = max(1, int(request.values.get("page", 1))) except: page = 1 - sort = request.args.get("sort", "top").lower() - t = request.args.get('t', 'all').lower() + sort = request.values.get("sort", "top").lower() + t = request.values.get('t', 'all').lower() criteria=searchparse(query) total, ids = searchcommentlisting(criteria, v=v, page=page, t=t, sort=sort) @@ -269,11 +269,11 @@ def searchcomments(v): def searchusers(v): - query = request.args.get("q", '').strip() + query = request.values.get("q", '').strip() - page = max(1, int(request.args.get("page", 1))) - sort = request.args.get("sort", "top").lower() - t = request.args.get('t', 'all').lower() + page = max(1, int(request.values.get("page", 1))) + sort = request.values.get("sort", "top").lower() + t = request.values.get('t', 'all').lower() term=query.lstrip('@') term=term.replace('\\','') term=term.replace('_','\_') diff --git a/files/routes/settings.py b/files/routes/settings.py index 0e6dad8bc..d8112d515 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -267,7 +267,7 @@ def changelogsub(v): @auth_required @validate_formkey def namecolor(v): - color = str(request.form.get("color", "")).strip() + color = str(request.values.get("color", "")).strip() if color.startswith('#'): color = color[1:] if len(color) != 6: return render_template("settings_security.html", v=v, error="Invalid color code") v.namecolor = color @@ -279,7 +279,7 @@ def namecolor(v): @auth_required @validate_formkey def themecolor(v): - themecolor = str(request.form.get("themecolor", "")).strip() + themecolor = str(request.values.get("themecolor", "")).strip() if themecolor.startswith('#'): themecolor = themecolor[1:] if len(themecolor) != 6: return render_template("settings_security.html", v=v, error="Invalid color code") v.themecolor = themecolor @@ -368,7 +368,7 @@ def gumroad(v): @auth_required @validate_formkey def titlecolor(v): - titlecolor = str(request.form.get("titlecolor", "")).strip() + titlecolor = str(request.values.get("titlecolor", "")).strip() if titlecolor.startswith('#'): titlecolor = titlecolor[1:] if len(titlecolor) != 6: return render_template("settings_security.html", v=v, error="Invalid color code") v.titlecolor = titlecolor @@ -381,22 +381,22 @@ def titlecolor(v): @auth_required @validate_formkey def settings_security_post(v): - if request.form.get("new_password"): - if request.form.get( - "new_password") != request.form.get("cnf_password"): + if request.values.get("new_password"): + if request.values.get( + "new_password") != request.values.get("cnf_password"): return redirect("/settings/security?error=" + escape("Passwords do not match.")) - if not re.match(valid_password_regex, request.form.get("new_password")): + if not re.match(valid_password_regex, request.values.get("new_password")): #print(f"signup fail - {username } - invalid password") return redirect("/settings/security?error=" + escape("Password must be between 8 and 100 characters.")) - if not v.verifyPass(request.form.get("old_password")): + if not v.verifyPass(request.values.get("old_password")): return render_template( "settings_security.html", v=v, error="Incorrect password") - v.passhash = v.hash_password(request.form.get("new_password")) + v.passhash = v.hash_password(request.values.get("new_password")) g.db.add(v) @@ -405,13 +405,13 @@ def settings_security_post(v): return redirect("/settings/security?msg=" + escape("Your password has been changed.")) - if request.form.get("new_email"): + if request.values.get("new_email"): - if not v.verifyPass(request.form.get('password')): + if not v.verifyPass(request.values.get('password')): return redirect("/settings/security?error=" + escape("Invalid password.")) - new_email = request.form.get("new_email","").strip() + new_email = request.values.get("new_email","").strip() if new_email == v.email: return redirect("/settings/security?error=That email is already yours!") @@ -441,15 +441,15 @@ def settings_security_post(v): return redirect("/settings/security?msg=" + escape( "Check your email and click the verification link to complete the email change.")) - if request.form.get("2fa_token", ""): + if request.values.get("2fa_token", ""): - if not v.verifyPass(request.form.get('password')): + if not v.verifyPass(request.values.get('password')): return redirect("/settings/security?error=" + escape("Invalid password or token.")) - secret = request.form.get("2fa_secret") + secret = request.values.get("2fa_secret") x = pyotp.TOTP(secret) - if not x.verify(request.form.get("2fa_token"), valid_window=1): + if not x.verify(request.values.get("2fa_token"), valid_window=1): return redirect("/settings/security?error=" + escape("Invalid password or token.")) @@ -461,13 +461,13 @@ def settings_security_post(v): return redirect("/settings/security?msg=" + escape("Two-factor authentication enabled.")) - if request.form.get("2fa_remove", ""): + if request.values.get("2fa_remove", ""): - if not v.verifyPass(request.form.get('password')): + if not v.verifyPass(request.values.get('password')): return redirect("/settings/security?error=" + escape("Invalid password or token.")) - token = request.form.get("2fa_remove") + token = request.values.get("2fa_remove") if not v.validate_2fa(token): return redirect("/settings/security?error=" + @@ -486,7 +486,7 @@ def settings_security_post(v): @validate_formkey def settings_log_out_others(v): - submitted_password = request.form.get("password", "") + submitted_password = request.values.get("password", "") if not v.verifyPass(submitted_password): return render_template("settings_security.html", @@ -596,7 +596,7 @@ def settings_css_get(v): @app.post("/settings/css") @auth_required def settings_css(v): - css = request.form.get("css").replace('\\', '')[:50000] + css = request.values.get("css").replace('\\', '')[:50000] if not v.agendaposter: v.css = css @@ -618,7 +618,7 @@ def settings_profilecss_get(v): @auth_required def settings_profilecss(v): if v.coins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a patron to set profile css." - profilecss = request.form.get("profilecss").replace('\\', '')[:50000] + profilecss = request.values.get("profilecss").replace('\\', '')[:50000] v.profilecss = profilecss g.db.add(v) g.db.commit() @@ -727,7 +727,7 @@ def settings_content_get(v): @validate_formkey def settings_name_change(v): - new_name=request.form.get("name").strip() + new_name=request.values.get("name").strip() #make sure name is different if new_name==v.username: @@ -775,7 +775,7 @@ def settings_name_change(v): @auth_required @validate_formkey def settings_song_change(v): - song=request.form.get("song").strip() + song=request.values.get("song").strip() if song == "" and v.song and path.isfile(f"/songs/{v.song}.mp3") and g.db.query(User).options(lazyload('*')).filter_by(song=v.song).count() == 1: os.remove(f"/songs/{v.song}.mp3") @@ -860,7 +860,7 @@ def settings_title_change(v): if v.flairchanged: abort(403) - new_name=request.form.get("title").strip()[:100].replace("𒐪","") + new_name=request.values.get("title").strip()[:100].replace("𒐪","") #make sure name is different if new_name==v.customtitle: diff --git a/files/routes/static.py b/files/routes/static.py index c0dfe3b1c..6dacf8cb5 100644 --- a/files/routes/static.py +++ b/files/routes/static.py @@ -97,7 +97,7 @@ def admins(v): # @auth_desired # def log(v): -# page=int(request.args.get("page",1)) +# page=int(request.values.get("page",1)) # if v and v.admin_level == 6: actions = g.db.query(ModAction).order_by(ModAction.id.desc()).offset(25 * (page - 1)).limit(26).all() # else: actions=g.db.query(ModAction).options(lazyload('*')).filter(ModAction.kind!="shadowban", ModAction.kind!="unshadowban", ModAction.kind!="club", ModAction.kind!="unclub").order_by(ModAction.id.desc()).offset(25*(page-1)).limit(26).all() @@ -150,7 +150,7 @@ def contact(v): @app.post("/contact") @auth_desired def submit_contact(v): - message = f'This message has been sent automatically to all admins via https://{site}/contact, user email is "{v.email}"\n\nMessage:\n\n' + request.form.get("message", "") + message = f'This message has been sent automatically to all admins via https://{site}/contact, user email is "{v.email}"\n\nMessage:\n\n' + request.values.get("message", "") send_admin(v.id, message) g.db.commit() return render_template("contact.html", v=v, msg="Your message has been sent.") @@ -254,8 +254,8 @@ def settings_security(v): return render_template("settings_security.html", v=v, mfa_secret=pyotp.random_base32() if not v.mfa_secret else None, - error=request.args.get("error") or None, - msg=request.args.get("msg") or None + error=request.values.get("error") or None, + msg=request.values.get("msg") or None ) @app.post("/dismiss_mobile_tip") diff --git a/files/routes/users.py b/files/routes/users.py index 89b651575..15e2aacbe 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -120,7 +120,7 @@ def transfer_coins(v, username): if receiver is None: return {"error": "That user doesn't exist."}, 404 if receiver.id != v.id: - amount = request.form.get("amount", "") + amount = request.values.get("amount", "") amount = int(amount) if amount.isdigit() else None if amount is None or amount <= 0: return {"error": f"Invalid amount of {app.config['COINS_NAME']}."}, 400 @@ -210,7 +210,7 @@ def message2(v, username): user = get_user(username, v=v) if user.is_blocking: return {"error": "You're blocking this user."}, 403 if user.is_blocked: return {"error": "This user is blocking you."}, 403 - message = request.form.get("message", "")[:1000].strip() + message = request.values.get("message", "")[:1000].strip() message = message.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") @@ -248,8 +248,8 @@ def message2(v, username): @auth_required def messagereply(v): - message = request.form.get("body", "")[:1000].strip() - id = int(request.form.get("parent_id")) + message = request.values.get("body", "")[:1000].strip() + id = int(request.values.get("parent_id")) parent = get_comment(id, v=v) user = parent.author message = message.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") @@ -421,9 +421,9 @@ def u_username(username, v=None): else: return render_template("userpage_blocked.html", u=u, v=v) - sort = request.args.get("sort", "new") - t = request.args.get("t", "all") - page = int(request.args.get("page", "1")) + sort = request.values.get("sort", "new") + t = request.values.get("t", "all") + page = int(request.values.get("page", "1")) page = max(page, 1) ids = u.userpagelisting(v=v, page=page, sort=sort, t=t) @@ -520,9 +520,9 @@ def u_username_comments(username, v=None): v=v) - page = int(request.args.get("page", "1")) - sort=request.args.get("sort","new") - t=request.args.get("t","all") + page = int(request.values.get("page", "1")) + sort=request.values.get("sort","new") + t=request.values.get("t","all") comments = u.comments.options(lazyload('*')).filter(Comment.parent_submission != None) @@ -649,7 +649,7 @@ def user_profile_uid(id): @auth_required def saved_posts(v, username): - page=int(request.args.get("page",1)) + page=int(request.values.get("page",1)) ids=v.saved_idlist(page=page) @@ -673,7 +673,7 @@ def saved_posts(v, username): @auth_required def saved_comments(v, username): - page=int(request.args.get("page",1)) + page=int(request.values.get("page",1)) ids=v.saved_comment_idlist(page=page) diff --git a/files/routes/votes.py b/files/routes/votes.py index acff97e3e..84f96671a 100644 --- a/files/routes/votes.py +++ b/files/routes/votes.py @@ -10,7 +10,7 @@ from files.__main__ import app def admin_vote_info_get(v): - link = request.args.get("link") + link = request.values.get("link") if not link: return render_template("votes.html", v=v) try: diff --git a/files/templates/contact.html b/files/templates/contact.html index 543bcd4b7..bfa5d69ab 100644 --- a/files/templates/contact.html +++ b/files/templates/contact.html @@ -8,22 +8,22 @@ {% block content %} - {% if request.args.get('error') or error %} + {% if request.values.get('error') or error %} {% endif %} - {% if request.args.get('msg') or msg %} + {% if request.values.get('msg') or msg %}