forked from MarseyWorld/MarseyWorld
fsddsf
parent
6fb3fd33da
commit
731351e5a2
|
@ -67,10 +67,10 @@ def api_verify_email(v):
|
||||||
@auth_desired
|
@auth_desired
|
||||||
def activate(v):
|
def activate(v):
|
||||||
|
|
||||||
email = request.args.get("email", "")
|
email = request.values.get("email", "")
|
||||||
id = request.args.get("id", "")
|
id = request.values.get("id", "")
|
||||||
timestamp = int(request.args.get("time", "0"))
|
timestamp = int(request.values.get("time", "0"))
|
||||||
token = request.args.get("token", "")
|
token = request.values.get("token", "")
|
||||||
|
|
||||||
if int(time.time()) - timestamp > 3600:
|
if int(time.time()) - timestamp > 3600:
|
||||||
return render_template("message.html", v=v, title="Verification link expired.",
|
return render_template("message.html", v=v, title="Verification link expired.",
|
||||||
|
|
|
@ -209,7 +209,7 @@ def get_rules(v):
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def post_rules(v):
|
def post_rules(v):
|
||||||
|
|
||||||
text = request.form.get('rules', '')
|
text = request.values.get('rules', '')
|
||||||
|
|
||||||
with open(f'./{SITE_NAME} rules.html', 'w+') as f:
|
with open(f'./{SITE_NAME} rules.html', 'w+') as f:
|
||||||
f.write(text)
|
f.write(text)
|
||||||
|
@ -240,7 +240,7 @@ def agendaposters(v):
|
||||||
@admin_level_required(3)
|
@admin_level_required(3)
|
||||||
def image_posts_listing(v):
|
def image_posts_listing(v):
|
||||||
|
|
||||||
try: page = int(request.args.get('page', 1))
|
try: page = int(request.values.get('page', 1))
|
||||||
except: page = 1
|
except: page = 1
|
||||||
|
|
||||||
posts = g.db.query(Submission).order_by(Submission.id.desc())
|
posts = g.db.query(Submission).order_by(Submission.id.desc())
|
||||||
|
@ -258,7 +258,7 @@ def image_posts_listing(v):
|
||||||
@admin_level_required(3)
|
@admin_level_required(3)
|
||||||
def reported_posts(v):
|
def reported_posts(v):
|
||||||
|
|
||||||
page = max(1, int(request.args.get("page", 1)))
|
page = max(1, int(request.values.get("page", 1)))
|
||||||
|
|
||||||
posts = g.db.query(Submission).options(lazyload('*')).filter_by(
|
posts = g.db.query(Submission).options(lazyload('*')).filter_by(
|
||||||
is_approved=0,
|
is_approved=0,
|
||||||
|
@ -279,7 +279,7 @@ def reported_posts(v):
|
||||||
@admin_level_required(3)
|
@admin_level_required(3)
|
||||||
def reported_comments(v):
|
def reported_comments(v):
|
||||||
|
|
||||||
page = max(1, int(request.args.get("page", 1)))
|
page = max(1, int(request.values.get("page", 1)))
|
||||||
|
|
||||||
posts = g.db.query(Comment
|
posts = g.db.query(Comment
|
||||||
).filter_by(
|
).filter_by(
|
||||||
|
@ -333,9 +333,9 @@ def badge_grant_get(v):
|
||||||
v=v,
|
v=v,
|
||||||
badge_types=badge_types,
|
badge_types=badge_types,
|
||||||
error=errors.get(
|
error=errors.get(
|
||||||
request.args.get("error"),
|
request.values.get("error"),
|
||||||
None) if request.args.get('error') else None,
|
None) if request.values.get('error') else None,
|
||||||
msg="Badge successfully assigned" if request.args.get(
|
msg="Badge successfully assigned" if request.values.get(
|
||||||
"msg") else None
|
"msg") else None
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -345,10 +345,10 @@ def badge_grant_get(v):
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def badge_grant_post(v):
|
def badge_grant_post(v):
|
||||||
|
|
||||||
user = get_user(request.form.get("username").strip(), graceful=True)
|
user = get_user(request.values.get("username").strip(), graceful=True)
|
||||||
if not user: return redirect("/badge_grant?error=no_user")
|
if not user: return redirect("/badge_grant?error=no_user")
|
||||||
|
|
||||||
try: badge_id = int(request.form.get("badge_id"))
|
try: badge_id = int(request.values.get("badge_id"))
|
||||||
except: abort(400)
|
except: abort(400)
|
||||||
|
|
||||||
if user.has_badge(badge_id):
|
if user.has_badge(badge_id):
|
||||||
|
@ -359,10 +359,10 @@ def badge_grant_post(v):
|
||||||
user_id=user.id,
|
user_id=user.id,
|
||||||
)
|
)
|
||||||
|
|
||||||
desc = request.form.get("description")
|
desc = request.values.get("description")
|
||||||
if desc: new_badge.description = desc
|
if desc: new_badge.description = desc
|
||||||
|
|
||||||
url = request.form.get("url")
|
url = request.values.get("url")
|
||||||
if url: new_badge.url = url
|
if url: new_badge.url = url
|
||||||
|
|
||||||
g.db.add(new_badge)
|
g.db.add(new_badge)
|
||||||
|
@ -443,7 +443,7 @@ def badge_grant_post(v):
|
||||||
@admin_level_required(2)
|
@admin_level_required(2)
|
||||||
def users_list(v):
|
def users_list(v):
|
||||||
|
|
||||||
page = int(request.args.get("page", 1))
|
page = int(request.values.get("page", 1))
|
||||||
|
|
||||||
users = g.db.query(User).options(lazyload('*')).filter_by(is_banned=0
|
users = g.db.query(User).options(lazyload('*')).filter_by(is_banned=0
|
||||||
).order_by(User.created_utc.desc()
|
).order_by(User.created_utc.desc()
|
||||||
|
@ -465,11 +465,11 @@ def users_list(v):
|
||||||
@admin_level_required(4)
|
@admin_level_required(4)
|
||||||
def alt_votes_get(v):
|
def alt_votes_get(v):
|
||||||
|
|
||||||
if not request.args.get("u1") or not request.args.get("u2"):
|
if not request.values.get("u1") or not request.values.get("u2"):
|
||||||
return render_template("admin/alt_votes.html", v=v)
|
return render_template("admin/alt_votes.html", v=v)
|
||||||
|
|
||||||
u1 = request.args.get("u1")
|
u1 = request.values.get("u1")
|
||||||
u2 = request.args.get("u2")
|
u2 = request.values.get("u2")
|
||||||
|
|
||||||
if not u1 or not u2:
|
if not u1 or not u2:
|
||||||
return redirect("/admin/alt_votes")
|
return redirect("/admin/alt_votes")
|
||||||
|
@ -575,8 +575,8 @@ def alt_votes_get(v):
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def admin_link_accounts(v):
|
def admin_link_accounts(v):
|
||||||
|
|
||||||
u1 = int(request.form.get("u1"))
|
u1 = int(request.values.get("u1"))
|
||||||
u2 = int(request.form.get("u2"))
|
u2 = int(request.values.get("u2"))
|
||||||
|
|
||||||
new_alt = Alt(
|
new_alt = Alt(
|
||||||
user1=u1,
|
user1=u1,
|
||||||
|
@ -594,7 +594,7 @@ def admin_link_accounts(v):
|
||||||
@admin_level_required(3)
|
@admin_level_required(3)
|
||||||
def admin_removed(v):
|
def admin_removed(v):
|
||||||
|
|
||||||
page = int(request.args.get("page", 1))
|
page = int(request.values.get("page", 1))
|
||||||
|
|
||||||
ids = g.db.query(Submission.id).options(lazyload('*')).options(lazyload('*')).filter_by(is_banned=True).order_by(
|
ids = g.db.query(Submission.id).options(lazyload('*')).options(lazyload('*')).filter_by(is_banned=True).order_by(
|
||||||
Submission.id.desc()).offset(25 * (page - 1)).limit(26).all()
|
Submission.id.desc()).offset(25 * (page - 1)).limit(26).all()
|
||||||
|
@ -619,7 +619,7 @@ def admin_removed(v):
|
||||||
@admin_level_required(5)
|
@admin_level_required(5)
|
||||||
def admin_image_purge(v):
|
def admin_image_purge(v):
|
||||||
|
|
||||||
name = request.form.get("url")
|
name = request.values.get("url")
|
||||||
image = g.db.query(Image).options(lazyload('*')).filter(Image.text == name).first()
|
image = g.db.query(Image).options(lazyload('*')).filter(Image.text == name).first()
|
||||||
if image:
|
if image:
|
||||||
requests.delete(f'https://api.imgur.com/3/image/{image.deletehash}', headers = {"Authorization": f"Client-ID {IMGUR_KEY}"})
|
requests.delete(f'https://api.imgur.com/3/image/{image.deletehash}', headers = {"Authorization": f"Client-ID {IMGUR_KEY}"})
|
||||||
|
@ -673,8 +673,8 @@ def admin_image_ban(v):
|
||||||
|
|
||||||
new_bp=BadPic(
|
new_bp=BadPic(
|
||||||
phash=h,
|
phash=h,
|
||||||
ban_reason=request.form.get("ban_reason"),
|
ban_reason=request.values.get("ban_reason"),
|
||||||
ban_time=int(request.form.get("ban_length",0))
|
ban_time=int(request.values.get("ban_length",0))
|
||||||
)
|
)
|
||||||
|
|
||||||
g.db.add(new_bp)
|
g.db.add(new_bp)
|
||||||
|
@ -689,7 +689,7 @@ def admin_image_ban(v):
|
||||||
def agendaposter(user_id, v):
|
def agendaposter(user_id, v):
|
||||||
user = g.db.query(User).options(lazyload('*')).filter_by(id=user_id).first()
|
user = g.db.query(User).options(lazyload('*')).filter_by(id=user_id).first()
|
||||||
|
|
||||||
expiry = request.form.get("days", 0)
|
expiry = request.values.get("days", 0)
|
||||||
if expiry:
|
if expiry:
|
||||||
expiry = int(expiry)
|
expiry = int(expiry)
|
||||||
expiry = g.timestamp + expiry*60*60*24
|
expiry = g.timestamp + expiry*60*60*24
|
||||||
|
@ -710,7 +710,7 @@ def agendaposter(user_id, v):
|
||||||
if not user.agendaposter: kind = "unagendaposter"
|
if not user.agendaposter: kind = "unagendaposter"
|
||||||
else:
|
else:
|
||||||
kind = "agendaposter"
|
kind = "agendaposter"
|
||||||
note = f"for {request.form.get('days')} days" if expiry else "never expires"
|
note = f"for {request.values.get('days')} days" if expiry else "never expires"
|
||||||
|
|
||||||
ma = ModAction(
|
ma = ModAction(
|
||||||
kind=kind,
|
kind=kind,
|
||||||
|
@ -814,14 +814,14 @@ def admin_title_change(user_id, v):
|
||||||
|
|
||||||
if user.admin_level != 0: abort(403)
|
if user.admin_level != 0: abort(403)
|
||||||
|
|
||||||
new_name=request.form.get("title").strip()
|
new_name=request.values.get("title").strip()
|
||||||
|
|
||||||
user.customtitleplain=new_name
|
user.customtitleplain=new_name
|
||||||
new_name = sanitize(new_name)
|
new_name = sanitize(new_name)
|
||||||
|
|
||||||
user=g.db.query(User).with_for_update().options(lazyload('*')).options(lazyload('*')).filter_by(id=user.id).first()
|
user=g.db.query(User).with_for_update().options(lazyload('*')).options(lazyload('*')).filter_by(id=user.id).first()
|
||||||
user.customtitle=new_name
|
user.customtitle=new_name
|
||||||
user.flairchanged = bool(request.form.get("locked"))
|
user.flairchanged = bool(request.values.get("locked"))
|
||||||
g.db.add(user)
|
g.db.add(user)
|
||||||
|
|
||||||
if user.flairchanged: kind = "set_flair_locked"
|
if user.flairchanged: kind = "set_flair_locked"
|
||||||
|
@ -849,9 +849,9 @@ def ban_user(user_id, v):
|
||||||
|
|
||||||
# check for number of days for suspension
|
# check for number of days for suspension
|
||||||
if 'form' in request.values:
|
if 'form' in request.values:
|
||||||
days = int(request.form.get("days")) if request.form.get('days') else 0
|
days = int(request.values.get("days")) if request.values.get('days') else 0
|
||||||
reason = sanitize(request.form.get("reason", ""))
|
reason = sanitize(request.values.get("reason", ""))
|
||||||
message = request.form.get("reason", "")
|
message = request.values.get("reason", "")
|
||||||
else:
|
else:
|
||||||
days = int(request.values.get("days")) if request.values.get('days') else 0
|
days = int(request.values.get("days")) if request.values.get('days') else 0
|
||||||
reason = sanitize(request.values.get("reason", ""))
|
reason = sanitize(request.values.get("reason", ""))
|
||||||
|
@ -876,7 +876,7 @@ def ban_user(user_id, v):
|
||||||
|
|
||||||
user.ban(admin=v, reason=reason)
|
user.ban(admin=v, reason=reason)
|
||||||
|
|
||||||
if request.form.get("alts", ""):
|
if request.values.get("alts", ""):
|
||||||
for x in user.alts:
|
for x in user.alts:
|
||||||
if x.admin_level > 0: break
|
if x.admin_level > 0: break
|
||||||
x.ban(admin=v, reason=reason)
|
x.ban(admin=v, reason=reason)
|
||||||
|
@ -894,7 +894,7 @@ def ban_user(user_id, v):
|
||||||
)
|
)
|
||||||
g.db.add(ma)
|
g.db.add(ma)
|
||||||
|
|
||||||
if 'reason' in request.args:
|
if 'reason' in request.values:
|
||||||
if reason.startswith("/post/"):
|
if reason.startswith("/post/"):
|
||||||
post = reason.split("/post/")[1]
|
post = reason.split("/post/")[1]
|
||||||
post = get_post(post)
|
post = get_post(post)
|
||||||
|
@ -924,7 +924,7 @@ def unban_user(user_id, v):
|
||||||
|
|
||||||
user.unban()
|
user.unban()
|
||||||
|
|
||||||
if request.form.get("alts", ""):
|
if request.values.get("alts", ""):
|
||||||
for x in user.alts:
|
for x in user.alts:
|
||||||
if x.admin_level == 0:
|
if x.admin_level == 0:
|
||||||
x.unban()
|
x.unban()
|
||||||
|
@ -960,7 +960,7 @@ def ban_post(post_id, v):
|
||||||
post.is_pinned = False
|
post.is_pinned = False
|
||||||
post.removed_by = v.id
|
post.removed_by = v.id
|
||||||
|
|
||||||
ban_reason=request.form.get("reason", "")
|
ban_reason=request.values.get("reason", "")
|
||||||
ban_reason = ban_reason.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
|
ban_reason = ban_reason.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
|
||||||
ban_reason = CustomRenderer().render(mistletoe.Document(ban_reason))
|
ban_reason = CustomRenderer().render(mistletoe.Document(ban_reason))
|
||||||
ban_reason = sanitize(ban_reason)
|
ban_reason = sanitize(ban_reason)
|
||||||
|
@ -1169,10 +1169,10 @@ def admin_banned_domains(v):
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def admin_toggle_ban_domain(v):
|
def admin_toggle_ban_domain(v):
|
||||||
|
|
||||||
domain=request.form.get("domain", "").strip()
|
domain=request.values.get("domain", "").strip()
|
||||||
if not domain: abort(400)
|
if not domain: abort(400)
|
||||||
|
|
||||||
reason=request.form.get("reason", "").strip()
|
reason=request.values.get("reason", "").strip()
|
||||||
|
|
||||||
d = g.db.query(BannedDomain).options(lazyload('*')).filter_by(domain=domain).first()
|
d = g.db.query(BannedDomain).options(lazyload('*')).filter_by(domain=domain).first()
|
||||||
if d: g.db.delete(d)
|
if d: g.db.delete(d)
|
||||||
|
@ -1190,7 +1190,7 @@ def admin_toggle_ban_domain(v):
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def admin_nuke_user(v):
|
def admin_nuke_user(v):
|
||||||
|
|
||||||
user=get_user(request.form.get("user"))
|
user=get_user(request.values.get("user"))
|
||||||
|
|
||||||
for post in g.db.query(Submission).options(lazyload('*')).filter_by(author_id=user.id).all():
|
for post in g.db.query(Submission).options(lazyload('*')).filter_by(author_id=user.id).all():
|
||||||
if post.is_banned:
|
if post.is_banned:
|
||||||
|
@ -1222,7 +1222,7 @@ def admin_nuke_user(v):
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def admin_nunuke_user(v):
|
def admin_nunuke_user(v):
|
||||||
|
|
||||||
user=get_user(request.form.get("user"))
|
user=get_user(request.values.get("user"))
|
||||||
|
|
||||||
for post in g.db.query(Submission).options(lazyload('*')).filter_by(author_id=user.id).all():
|
for post in g.db.query(Submission).options(lazyload('*')).filter_by(author_id=user.id).all():
|
||||||
if not post.is_banned:
|
if not post.is_banned:
|
||||||
|
@ -1253,7 +1253,7 @@ def admin_nunuke_user(v):
|
||||||
@auth_required
|
@auth_required
|
||||||
def chart(v):
|
def chart(v):
|
||||||
|
|
||||||
days = int(request.args.get("days", 25))
|
days = int(request.values.get("days", 25))
|
||||||
|
|
||||||
now = time.gmtime()
|
now = time.gmtime()
|
||||||
midnight_this_morning = time.struct_time((now.tm_year,
|
midnight_this_morning = time.struct_time((now.tm_year,
|
||||||
|
|
|
@ -191,7 +191,7 @@ def award_post(pid, v):
|
||||||
if v.is_suspended and v.unban_utc == 0:
|
if v.is_suspended and v.unban_utc == 0:
|
||||||
return {"error": "forbidden."}, 403
|
return {"error": "forbidden."}, 403
|
||||||
|
|
||||||
kind = request.form.get("kind", "")
|
kind = request.values.get("kind", "")
|
||||||
|
|
||||||
if kind not in AWARDS:
|
if kind not in AWARDS:
|
||||||
return {"error": "That award doesn't exist."}, 404
|
return {"error": "That award doesn't exist."}, 404
|
||||||
|
@ -233,7 +233,7 @@ def award_post(pid, v):
|
||||||
|
|
||||||
msg = f"@{v.username} has given your [post]({post.permalink}) the {AWARDS[kind]['title']} Award!"
|
msg = f"@{v.username} has given your [post]({post.permalink}) the {AWARDS[kind]['title']} Award!"
|
||||||
|
|
||||||
note = request.form.get("note", "")
|
note = request.values.get("note", "")
|
||||||
if note:
|
if note:
|
||||||
msg += f"\n\n> {note}"
|
msg += f"\n\n> {note}"
|
||||||
|
|
||||||
|
@ -255,7 +255,7 @@ def award_comment(cid, v):
|
||||||
if v.is_suspended and v.unban_utc == 0:
|
if v.is_suspended and v.unban_utc == 0:
|
||||||
return {"error": "forbidden"}, 403
|
return {"error": "forbidden"}, 403
|
||||||
|
|
||||||
kind = request.form.get("kind", "")
|
kind = request.values.get("kind", "")
|
||||||
|
|
||||||
if kind not in AWARDS:
|
if kind not in AWARDS:
|
||||||
return {"error": "That award doesn't exist."}, 404
|
return {"error": "That award doesn't exist."}, 404
|
||||||
|
@ -296,7 +296,7 @@ def award_comment(cid, v):
|
||||||
|
|
||||||
msg = f"@{v.username} has given your [comment]({c.permalink}) the {AWARDS[kind]['title']} Award!"
|
msg = f"@{v.username} has given your [comment]({c.permalink}) the {AWARDS[kind]['title']} Award!"
|
||||||
|
|
||||||
note = request.form.get("note", "")
|
note = request.values.get("note", "")
|
||||||
if note:
|
if note:
|
||||||
msg += f"\n\n> {note}"
|
msg += f"\n\n> {note}"
|
||||||
|
|
||||||
|
@ -328,14 +328,14 @@ def admin_userawards_post(v):
|
||||||
if v.admin_level < 6:
|
if v.admin_level < 6:
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
u = get_user(request.form.get("username", '1'), graceful=False, v=v)
|
u = get_user(request.values.get("username", '1'), graceful=False, v=v)
|
||||||
|
|
||||||
notify_awards = {}
|
notify_awards = {}
|
||||||
|
|
||||||
latest = g.db.query(AwardRelationship).order_by(AwardRelationship.id.desc()).first()
|
latest = g.db.query(AwardRelationship).order_by(AwardRelationship.id.desc()).first()
|
||||||
thing = latest.id
|
thing = latest.id
|
||||||
|
|
||||||
for key, value in request.form.items():
|
for key, value in request.values.items():
|
||||||
if key not in AWARDS:
|
if key not in AWARDS:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
|
|
|
@ -61,7 +61,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
|
||||||
post._preloaded_comments = [comment]
|
post._preloaded_comments = [comment]
|
||||||
|
|
||||||
# context improver
|
# context improver
|
||||||
try: context = int(request.args.get("context", 0))
|
try: context = int(request.values.get("context", 0))
|
||||||
except: context = 0
|
except: context = 0
|
||||||
comment_info = comment
|
comment_info = comment
|
||||||
c = comment
|
c = comment
|
||||||
|
@ -77,7 +77,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
|
||||||
|
|
||||||
if v: defaultsortingcomments = v.defaultsortingcomments
|
if v: defaultsortingcomments = v.defaultsortingcomments
|
||||||
else: defaultsortingcomments = "top"
|
else: defaultsortingcomments = "top"
|
||||||
sort=request.args.get("sort", defaultsortingcomments)
|
sort=request.values.get("sort", defaultsortingcomments)
|
||||||
|
|
||||||
post.replies=[top_comment]
|
post.replies=[top_comment]
|
||||||
|
|
||||||
|
@ -133,8 +133,8 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def api_comment(v):
|
def api_comment(v):
|
||||||
|
|
||||||
parent_submission = request.form.get("submission")
|
parent_submission = request.values.get("submission")
|
||||||
parent_fullname = request.form.get("parent_fullname")
|
parent_fullname = request.values.get("parent_fullname")
|
||||||
|
|
||||||
# get parent item info
|
# get parent item info
|
||||||
parent_id = parent_fullname.split("_")[1]
|
parent_id = parent_fullname.split("_")[1]
|
||||||
|
@ -156,7 +156,7 @@ def api_comment(v):
|
||||||
abort(400)
|
abort(400)
|
||||||
|
|
||||||
#process and sanitize
|
#process and sanitize
|
||||||
body = request.form.get("body", "")[:10000]
|
body = request.values.get("body", "")[:10000]
|
||||||
body = body.strip()
|
body = body.strip()
|
||||||
|
|
||||||
if not body and not request.files.get('file'): return {"error":"You need to actually write something!"}, 400
|
if not body and not request.files.get('file'): return {"error":"You need to actually write something!"}, 400
|
||||||
|
@ -271,7 +271,7 @@ def api_comment(v):
|
||||||
parent_submission=parent_submission,
|
parent_submission=parent_submission,
|
||||||
parent_comment_id=parent_comment_id,
|
parent_comment_id=parent_comment_id,
|
||||||
level=level,
|
level=level,
|
||||||
over_18=parent_post.over_18 or request.form.get("over_18","")=="true",
|
over_18=parent_post.over_18 or request.values.get("over_18","")=="true",
|
||||||
is_bot=is_bot,
|
is_bot=is_bot,
|
||||||
app_id=v.client.application.id if v.client else None
|
app_id=v.client.application.id if v.client else None
|
||||||
)
|
)
|
||||||
|
@ -288,7 +288,7 @@ def api_comment(v):
|
||||||
|
|
||||||
url = upload_ibb(file=file)
|
url = upload_ibb(file=file)
|
||||||
|
|
||||||
body = request.form.get("body") + f"\n![]({url})"
|
body = request.values.get("body") + f"\n![]({url})"
|
||||||
body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
|
body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
|
||||||
body_md = CustomRenderer().render(mistletoe.Document(body))
|
body_md = CustomRenderer().render(mistletoe.Document(body))
|
||||||
body_html = sanitize(body_md)
|
body_html = sanitize(body_md)
|
||||||
|
@ -605,7 +605,7 @@ def edit_comment(cid, v):
|
||||||
|
|
||||||
if c.is_banned or c.deleted_utc > 0: abort(403)
|
if c.is_banned or c.deleted_utc > 0: abort(403)
|
||||||
|
|
||||||
body = request.form.get("body", "")[:10000]
|
body = request.values.get("body", "")[:10000]
|
||||||
for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE):
|
for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE):
|
||||||
if "wikipedia" not in i.group(1): body = body.replace(i.group(1), f'![]({i.group(1)})')
|
if "wikipedia" not in i.group(1): body = body.replace(i.group(1), f'![]({i.group(1)})')
|
||||||
body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
|
body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
|
||||||
|
|
|
@ -34,7 +34,7 @@ def discord_redirect(v):
|
||||||
|
|
||||||
#validate state
|
#validate state
|
||||||
now=int(time.time())
|
now=int(time.time())
|
||||||
state=request.args.get('state','').split('.')
|
state=request.values.get('state','').split('.')
|
||||||
|
|
||||||
timestamp=state[0]
|
timestamp=state[0]
|
||||||
|
|
||||||
|
@ -47,7 +47,7 @@ def discord_redirect(v):
|
||||||
abort(400)
|
abort(400)
|
||||||
|
|
||||||
#get discord token
|
#get discord token
|
||||||
code = request.args.get("code","")
|
code = request.values.get("code","")
|
||||||
if not code:
|
if not code:
|
||||||
abort(400)
|
abort(400)
|
||||||
|
|
||||||
|
|
|
@ -21,7 +21,7 @@ def error_400(e, v):
|
||||||
def error_401(e):
|
def error_401(e):
|
||||||
|
|
||||||
path = request.path
|
path = request.path
|
||||||
qs = urlencode(dict(request.args))
|
qs = urlencode(dict(request.values))
|
||||||
argval = quote(f"{path}?{qs}", safe='')
|
argval = quote(f"{path}?{qs}", safe='')
|
||||||
output = f"/login?redirect={argval}"
|
output = f"/login?redirect={argval}"
|
||||||
|
|
||||||
|
@ -70,7 +70,7 @@ def error_500(e, v):
|
||||||
def allow_nsfw():
|
def allow_nsfw():
|
||||||
|
|
||||||
session["over_18"] = int(time.time()) + 3600
|
session["over_18"] = int(time.time()) + 3600
|
||||||
return redirect(request.form.get("redir", "/"))
|
return redirect(request.values.get("redir", "/"))
|
||||||
|
|
||||||
|
|
||||||
@app.get("/error/<error>")
|
@app.get("/error/<error>")
|
||||||
|
|
|
@ -10,7 +10,7 @@ from files.__main__ import app
|
||||||
@app.get('/rss/<sort>/<t>')
|
@app.get('/rss/<sort>/<t>')
|
||||||
def feeds_user(sort='hot', t='all'):
|
def feeds_user(sort='hot', t='all'):
|
||||||
|
|
||||||
page = int(request.args.get("page", 1))
|
page = int(request.values.get("page", 1))
|
||||||
|
|
||||||
ids, next_exists = frontlist(
|
ids, next_exists = frontlist(
|
||||||
sort=sort,
|
sort=sort,
|
||||||
|
|
|
@ -13,11 +13,11 @@ def slash_post():
|
||||||
@app.get("/notifications")
|
@app.get("/notifications")
|
||||||
@auth_required
|
@auth_required
|
||||||
def notifications(v):
|
def notifications(v):
|
||||||
try: page = int(request.args.get('page', 1))
|
try: page = int(request.values.get('page', 1))
|
||||||
except: page = 1
|
except: page = 1
|
||||||
messages = request.args.get('messages', False)
|
messages = request.values.get('messages', False)
|
||||||
modmail = request.args.get('modmail', False)
|
modmail = request.values.get('modmail', False)
|
||||||
posts = request.args.get('posts', False)
|
posts = request.values.get('posts', False)
|
||||||
if modmail and v.admin_level == 6:
|
if modmail and v.admin_level == 6:
|
||||||
comments = g.db.query(Comment).filter(Comment.sentto==0).order_by(Comment.created_utc.desc()).offset(25*(page-1)).limit(26).all()
|
comments = g.db.query(Comment).filter(Comment.sentto==0).order_by(Comment.created_utc.desc()).offset(25*(page-1)).limit(26).all()
|
||||||
next_exists = (len(comments) > 25)
|
next_exists = (len(comments) > 25)
|
||||||
|
@ -230,7 +230,7 @@ def front_all(v):
|
||||||
|
|
||||||
if v and "logged_out" in request.full_path: v = None
|
if v and "logged_out" in request.full_path: v = None
|
||||||
|
|
||||||
try: page = int(request.args.get("page") or 1)
|
try: page = int(request.values.get("page") or 1)
|
||||||
except: abort(400)
|
except: abort(400)
|
||||||
|
|
||||||
# prevent invalid paging
|
# prevent invalid paging
|
||||||
|
@ -243,15 +243,15 @@ def front_all(v):
|
||||||
defaultsorting = "hot"
|
defaultsorting = "hot"
|
||||||
defaulttime = defaulttimefilter
|
defaulttime = defaulttimefilter
|
||||||
|
|
||||||
sort=request.args.get("sort", defaultsorting)
|
sort=request.values.get("sort", defaultsorting)
|
||||||
t=request.args.get('t', defaulttime)
|
t=request.values.get('t', defaulttime)
|
||||||
|
|
||||||
ids, next_exists = frontlist(sort=sort,
|
ids, next_exists = frontlist(sort=sort,
|
||||||
page=page,
|
page=page,
|
||||||
t=t,
|
t=t,
|
||||||
v=v,
|
v=v,
|
||||||
gt=int(request.args.get("utc_greater_than", 0)),
|
gt=int(request.values.get("utc_greater_than", 0)),
|
||||||
lt=int(request.args.get("utc_less_than", 0)),
|
lt=int(request.values.get("utc_less_than", 0)),
|
||||||
filter_words=v.filter_words if v else [],
|
filter_words=v.filter_words if v else [],
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -339,18 +339,18 @@ def changeloglist(v=None, sort="new", page=1 ,t="all", **kwargs):
|
||||||
def changelog(v):
|
def changelog(v):
|
||||||
|
|
||||||
|
|
||||||
page = int(request.args.get("page") or 1)
|
page = int(request.values.get("page") or 1)
|
||||||
page = max(page, 1)
|
page = max(page, 1)
|
||||||
|
|
||||||
sort=request.args.get("sort", "new")
|
sort=request.values.get("sort", "new")
|
||||||
t=request.args.get('t', "all")
|
t=request.values.get('t', "all")
|
||||||
|
|
||||||
ids = changeloglist(sort=sort,
|
ids = changeloglist(sort=sort,
|
||||||
page=page,
|
page=page,
|
||||||
t=t,
|
t=t,
|
||||||
v=v,
|
v=v,
|
||||||
gt=int(request.args.get("utc_greater_than", 0)),
|
gt=int(request.values.get("utc_greater_than", 0)),
|
||||||
lt=int(request.args.get("utc_less_than", 0)),
|
lt=int(request.values.get("utc_less_than", 0)),
|
||||||
)
|
)
|
||||||
|
|
||||||
# check existence of next page
|
# check existence of next page
|
||||||
|
@ -440,10 +440,10 @@ def comment_idlist(page=1, v=None, nsfw=False, sort="new", t="all", **kwargs):
|
||||||
def all_comments(v):
|
def all_comments(v):
|
||||||
|
|
||||||
|
|
||||||
page = int(request.args.get("page", 1))
|
page = int(request.values.get("page", 1))
|
||||||
|
|
||||||
sort=request.args.get("sort", "new")
|
sort=request.values.get("sort", "new")
|
||||||
t=request.args.get("t", defaulttimefilter)
|
t=request.values.get("t", defaulttimefilter)
|
||||||
|
|
||||||
idlist = comment_idlist(v=v,
|
idlist = comment_idlist(v=v,
|
||||||
page=page,
|
page=page,
|
||||||
|
|
|
@ -11,8 +11,8 @@ GIPHY_KEY = environ.get('GIPHY_KEY').rstrip()
|
||||||
@app.route("/giphy<path>", methods=["GET"])
|
@app.route("/giphy<path>", methods=["GET"])
|
||||||
def giphy(path=None):
|
def giphy(path=None):
|
||||||
|
|
||||||
searchTerm = request.args.get("searchTerm", "")
|
searchTerm = request.values.get("searchTerm", "")
|
||||||
limit = int(request.args.get("limit", 48))
|
limit = int(request.values.get("limit", 48))
|
||||||
if searchTerm and limit:
|
if searchTerm and limit:
|
||||||
url = f"https://api.giphy.com/v1/gifs/search?q={searchTerm}&api_key={GIPHY_KEY}&limit={limit}"
|
url = f"https://api.giphy.com/v1/gifs/search?q={searchTerm}&api_key={GIPHY_KEY}&limit={limit}"
|
||||||
elif searchTerm and not limit:
|
elif searchTerm and not limit:
|
||||||
|
|
|
@ -11,7 +11,7 @@ valid_password_regex = re.compile("^.{8,100}$")
|
||||||
@auth_desired
|
@auth_desired
|
||||||
def login_get(v):
|
def login_get(v):
|
||||||
|
|
||||||
redir = request.args.get("redirect", "/").replace("/logged_out", "")
|
redir = request.values.get("redirect", "/").replace("/logged_out", "")
|
||||||
if v:
|
if v:
|
||||||
return redirect(redir)
|
return redirect(redir)
|
||||||
|
|
||||||
|
@ -78,7 +78,7 @@ def check_for_alts(current_id):
|
||||||
@limiter.limit("6/minute")
|
@limiter.limit("6/minute")
|
||||||
def login_post():
|
def login_post():
|
||||||
|
|
||||||
username = request.form.get("username")
|
username = request.values.get("username")
|
||||||
|
|
||||||
if not username: abort(400)
|
if not username: abort(400)
|
||||||
if "@" in username:
|
if "@" in username:
|
||||||
|
@ -93,9 +93,9 @@ def login_post():
|
||||||
|
|
||||||
# test password
|
# test password
|
||||||
|
|
||||||
if request.form.get("password"):
|
if request.values.get("password"):
|
||||||
|
|
||||||
if not account.verifyPass(request.form.get("password")):
|
if not account.verifyPass(request.values.get("password")):
|
||||||
time.sleep(random.uniform(0, 2))
|
time.sleep(random.uniform(0, 2))
|
||||||
return render_template("login.html", failed=True)
|
return render_template("login.html", failed=True)
|
||||||
|
|
||||||
|
@ -106,21 +106,21 @@ def login_post():
|
||||||
v=account,
|
v=account,
|
||||||
time=now,
|
time=now,
|
||||||
hash=hash,
|
hash=hash,
|
||||||
redirect=request.form.get("redirect", "/")
|
redirect=request.values.get("redirect", "/")
|
||||||
)
|
)
|
||||||
elif request.form.get("2fa_token", "x"):
|
elif request.values.get("2fa_token", "x"):
|
||||||
now = int(time.time())
|
now = int(time.time())
|
||||||
|
|
||||||
if now - int(request.form.get("time")) > 600:
|
if now - int(request.values.get("time")) > 600:
|
||||||
return redirect('/login')
|
return redirect('/login')
|
||||||
|
|
||||||
formhash = request.form.get("hash")
|
formhash = request.values.get("hash")
|
||||||
if not validate_hash(f"{account.id}+{request.form.get('time')}+2fachallenge",
|
if not validate_hash(f"{account.id}+{request.values.get('time')}+2fachallenge",
|
||||||
formhash
|
formhash
|
||||||
):
|
):
|
||||||
return redirect("/login")
|
return redirect("/login")
|
||||||
|
|
||||||
if not account.validate_2fa(request.form.get("2fa_token", "").strip()):
|
if not account.validate_2fa(request.values.get("2fa_token", "").strip()):
|
||||||
hash = generate_hash(f"{account.id}+{time}+2fachallenge")
|
hash = generate_hash(f"{account.id}+{time}+2fachallenge")
|
||||||
return render_template("login_2fa.html",
|
return render_template("login_2fa.html",
|
||||||
v=account,
|
v=account,
|
||||||
|
@ -145,7 +145,7 @@ def login_post():
|
||||||
|
|
||||||
# check for previous page
|
# check for previous page
|
||||||
|
|
||||||
redir = request.form.get("redirect", "/").replace("/logged_out", "")
|
redir = request.values.get("redirect", "/").replace("/logged_out", "")
|
||||||
|
|
||||||
g.db.commit()
|
g.db.commit()
|
||||||
|
|
||||||
|
@ -184,7 +184,7 @@ def sign_up_get(v):
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
# check for referral in link
|
# check for referral in link
|
||||||
ref = request.args.get("ref", None)
|
ref = request.values.get("ref", None)
|
||||||
if ref:
|
if ref:
|
||||||
ref_user = g.db.query(User).options(lazyload('*')).filter(User.username.ilike(ref)).first()
|
ref_user = g.db.query(User).options(lazyload('*')).filter(User.username.ilike(ref)).first()
|
||||||
|
|
||||||
|
@ -207,9 +207,9 @@ def sign_up_get(v):
|
||||||
digestmod='md5'
|
digestmod='md5'
|
||||||
).hexdigest()
|
).hexdigest()
|
||||||
|
|
||||||
redir = request.args.get("redirect", "/").replace("/logged_out", "")
|
redir = request.values.get("redirect", "/").replace("/logged_out", "")
|
||||||
|
|
||||||
error = request.args.get("error", None)
|
error = request.values.get("error", None)
|
||||||
|
|
||||||
return render_template("sign_up.html",
|
return render_template("sign_up.html",
|
||||||
formkey=formkey,
|
formkey=formkey,
|
||||||
|
@ -235,8 +235,8 @@ def sign_up_post(v):
|
||||||
if not agent:
|
if not agent:
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
form_timestamp = request.form.get("now", '0')
|
form_timestamp = request.values.get("now", '0')
|
||||||
form_formkey = request.form.get("formkey", "none")
|
form_formkey = request.values.get("formkey", "none")
|
||||||
|
|
||||||
submitted_token = session.get("signup_token", "")
|
submitted_token = session.get("signup_token", "")
|
||||||
if not submitted_token:
|
if not submitted_token:
|
||||||
|
@ -251,16 +251,16 @@ def sign_up_post(v):
|
||||||
|
|
||||||
now = int(time.time())
|
now = int(time.time())
|
||||||
|
|
||||||
username = request.form.get("username").strip()
|
username = request.values.get("username").strip()
|
||||||
|
|
||||||
# define function that takes an error message and generates a new signup
|
# define function that takes an error message and generates a new signup
|
||||||
# form
|
# form
|
||||||
def new_signup(error):
|
def new_signup(error):
|
||||||
|
|
||||||
args = {"error": error}
|
args = {"error": error}
|
||||||
if request.form.get("referred_by"):
|
if request.values.get("referred_by"):
|
||||||
user = g.db.query(User).options(lazyload('*')).filter_by(
|
user = g.db.query(User).options(lazyload('*')).filter_by(
|
||||||
id=request.form.get("referred_by")).first()
|
id=request.values.get("referred_by")).first()
|
||||||
if user:
|
if user:
|
||||||
args["ref"] = user.username
|
args["ref"] = user.username
|
||||||
|
|
||||||
|
@ -275,19 +275,19 @@ def sign_up_post(v):
|
||||||
return new_signup("There was a problem. Please try again.")
|
return new_signup("There was a problem. Please try again.")
|
||||||
|
|
||||||
# check for matched passwords
|
# check for matched passwords
|
||||||
if not request.form.get(
|
if not request.values.get(
|
||||||
"password") == request.form.get("password_confirm"):
|
"password") == request.values.get("password_confirm"):
|
||||||
return new_signup("Passwords did not match. Please try again.")
|
return new_signup("Passwords did not match. Please try again.")
|
||||||
|
|
||||||
# check username/pass conditions
|
# check username/pass conditions
|
||||||
if not re.fullmatch(valid_username_regex, username):
|
if not re.fullmatch(valid_username_regex, username):
|
||||||
return new_signup("Invalid username")
|
return new_signup("Invalid username")
|
||||||
|
|
||||||
if not re.fullmatch(valid_password_regex, request.form.get("password")):
|
if not re.fullmatch(valid_password_regex, request.values.get("password")):
|
||||||
return new_signup("Password must be between 8 and 100 characters.")
|
return new_signup("Password must be between 8 and 100 characters.")
|
||||||
|
|
||||||
# Check for existing accounts
|
# Check for existing accounts
|
||||||
email = request.form.get("email")
|
email = request.values.get("email")
|
||||||
email = email.strip()
|
email = email.strip()
|
||||||
if not email: email = None
|
if not email: email = None
|
||||||
|
|
||||||
|
@ -303,7 +303,7 @@ def sign_up_post(v):
|
||||||
|
|
||||||
# check bot
|
# check bot
|
||||||
if app.config.get("HCAPTCHA_SITEKEY"):
|
if app.config.get("HCAPTCHA_SITEKEY"):
|
||||||
token = request.form.get("h-captcha-response")
|
token = request.values.get("h-captcha-response")
|
||||||
if not token:
|
if not token:
|
||||||
return new_signup("Unable to verify captcha [1].")
|
return new_signup("Unable to verify captcha [1].")
|
||||||
|
|
||||||
|
@ -322,7 +322,7 @@ def sign_up_post(v):
|
||||||
session.pop("signup_token")
|
session.pop("signup_token")
|
||||||
|
|
||||||
# get referral
|
# get referral
|
||||||
ref_id = int(request.form.get("referred_by", 0))
|
ref_id = int(request.values.get("referred_by", 0))
|
||||||
|
|
||||||
# upgrade user badge
|
# upgrade user badge
|
||||||
if ref_id:
|
if ref_id:
|
||||||
|
@ -352,7 +352,7 @@ def sign_up_post(v):
|
||||||
username=username,
|
username=username,
|
||||||
original_username = username,
|
original_username = username,
|
||||||
admin_level = admin_level,
|
admin_level = admin_level,
|
||||||
password=request.form.get("password"),
|
password=request.values.get("password"),
|
||||||
email=email,
|
email=email,
|
||||||
created_utc=int(time.time()),
|
created_utc=int(time.time()),
|
||||||
referred_by=ref_id or None,
|
referred_by=ref_id or None,
|
||||||
|
@ -392,8 +392,8 @@ def get_forgot():
|
||||||
@app.post("/forgot")
|
@app.post("/forgot")
|
||||||
def post_forgot():
|
def post_forgot():
|
||||||
|
|
||||||
username = request.form.get("username").lstrip('@')
|
username = request.values.get("username").lstrip('@')
|
||||||
email = request.form.get("email",'').strip()
|
email = request.values.get("email",'').strip()
|
||||||
|
|
||||||
email=email.replace("_","\_")
|
email=email.replace("_","\_")
|
||||||
|
|
||||||
|
@ -430,9 +430,9 @@ def post_forgot():
|
||||||
@app.get("/reset")
|
@app.get("/reset")
|
||||||
def get_reset():
|
def get_reset():
|
||||||
|
|
||||||
user_id = request.args.get("id")
|
user_id = request.values.get("id")
|
||||||
timestamp = int(request.args.get("time",0))
|
timestamp = int(request.values.get("time",0))
|
||||||
token = request.args.get("token")
|
token = request.values.get("token")
|
||||||
|
|
||||||
now = int(time.time())
|
now = int(time.time())
|
||||||
|
|
||||||
|
@ -464,12 +464,12 @@ def post_reset(v):
|
||||||
if v:
|
if v:
|
||||||
return redirect('/')
|
return redirect('/')
|
||||||
|
|
||||||
user_id = request.form.get("user_id")
|
user_id = request.values.get("user_id")
|
||||||
timestamp = int(request.form.get("time"))
|
timestamp = int(request.values.get("time"))
|
||||||
token = request.form.get("token")
|
token = request.values.get("token")
|
||||||
|
|
||||||
password = request.form.get("password")
|
password = request.values.get("password")
|
||||||
confirm_password = request.form.get("confirm_password")
|
confirm_password = request.values.get("confirm_password")
|
||||||
|
|
||||||
now = int(time.time())
|
now = int(time.time())
|
||||||
|
|
||||||
|
@ -514,7 +514,7 @@ def lost_2fa(v):
|
||||||
@limiter.limit("6/minute")
|
@limiter.limit("6/minute")
|
||||||
def request_2fa_disable():
|
def request_2fa_disable():
|
||||||
|
|
||||||
username=request.form.get("username")
|
username=request.values.get("username")
|
||||||
user=get_user(username, graceful=True)
|
user=get_user(username, graceful=True)
|
||||||
if not user or not user.email or not user.mfa_secret:
|
if not user or not user.email or not user.mfa_secret:
|
||||||
return render_template("message.html",
|
return render_template("message.html",
|
||||||
|
@ -522,7 +522,7 @@ def request_2fa_disable():
|
||||||
message="If username, password, and email match, we will send you an email.")
|
message="If username, password, and email match, we will send you an email.")
|
||||||
|
|
||||||
|
|
||||||
email=request.form.get("email")
|
email=request.values.get("email")
|
||||||
if email != user.email and email.endswith("@gmail.com"):
|
if email != user.email and email.endswith("@gmail.com"):
|
||||||
email=email.split('@')[0]
|
email=email.split('@')[0]
|
||||||
email=email.split('+')[0]
|
email=email.split('+')[0]
|
||||||
|
@ -534,7 +534,7 @@ def request_2fa_disable():
|
||||||
message="If username, password, and email match, we will send you an email.")
|
message="If username, password, and email match, we will send you an email.")
|
||||||
|
|
||||||
|
|
||||||
password =request.form.get("password")
|
password =request.values.get("password")
|
||||||
if not user.verifyPass(password):
|
if not user.verifyPass(password):
|
||||||
return render_template("message.html",
|
return render_template("message.html",
|
||||||
title="Removal request received",
|
title="Removal request received",
|
||||||
|
@ -561,15 +561,15 @@ def request_2fa_disable():
|
||||||
def reset_2fa():
|
def reset_2fa():
|
||||||
|
|
||||||
now=int(time.time())
|
now=int(time.time())
|
||||||
t=int(request.args.get("t"))
|
t=int(request.values.get("t"))
|
||||||
|
|
||||||
if now > t+3600*24:
|
if now > t+3600*24:
|
||||||
return render_template("message.html",
|
return render_template("message.html",
|
||||||
title="Expired Link",
|
title="Expired Link",
|
||||||
error="That link has expired.")
|
error="That link has expired.")
|
||||||
|
|
||||||
token=request.args.get("token")
|
token=request.values.get("token")
|
||||||
uid=request.args.get("id")
|
uid=request.values.get("id")
|
||||||
|
|
||||||
user=get_account(uid)
|
user=get_account(uid)
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,7 @@ from files.__main__ import app
|
||||||
@app.get("/authorize")
|
@app.get("/authorize")
|
||||||
@auth_required
|
@auth_required
|
||||||
def authorize_prompt(v):
|
def authorize_prompt(v):
|
||||||
client_id = request.args.get("client_id")
|
client_id = request.values.get("client_id")
|
||||||
application = g.db.query(OauthApp).options(lazyload('*')).filter_by(client_id=client_id).first()
|
application = g.db.query(OauthApp).options(lazyload('*')).filter_by(client_id=client_id).first()
|
||||||
if not application: return {"oauth_error": "Invalid `client_id`"}, 401
|
if not application: return {"oauth_error": "Invalid `client_id`"}, 401
|
||||||
return render_template("oauth.html", v=v, application=application)
|
return render_template("oauth.html", v=v, application=application)
|
||||||
|
@ -20,7 +20,7 @@ def authorize_prompt(v):
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def authorize(v):
|
def authorize(v):
|
||||||
|
|
||||||
client_id = request.form.get("client_id")
|
client_id = request.values.get("client_id")
|
||||||
application = g.db.query(OauthApp).options(lazyload('*')).filter_by(client_id=client_id).first()
|
application = g.db.query(OauthApp).options(lazyload('*')).filter_by(client_id=client_id).first()
|
||||||
if not application: return {"oauth_error": "Invalid `client_id`"}, 401
|
if not application: return {"oauth_error": "Invalid `client_id`"}, 401
|
||||||
access_token = secrets.token_urlsafe(128)[:128]
|
access_token = secrets.token_urlsafe(128)[:128]
|
||||||
|
@ -42,15 +42,15 @@ def authorize(v):
|
||||||
def request_api_keys(v):
|
def request_api_keys(v):
|
||||||
|
|
||||||
new_app = OauthApp(
|
new_app = OauthApp(
|
||||||
app_name=request.form.get('name'),
|
app_name=request.values.get('name'),
|
||||||
redirect_uri=request.form.get('redirect_uri'),
|
redirect_uri=request.values.get('redirect_uri'),
|
||||||
author_id=v.id,
|
author_id=v.id,
|
||||||
description=request.form.get("description")[:256]
|
description=request.values.get("description")[:256]
|
||||||
)
|
)
|
||||||
|
|
||||||
g.db.add(new_app)
|
g.db.add(new_app)
|
||||||
|
|
||||||
send_admin(NOTIFICATIONS_ACCOUNT, f"{v.username} has requested API keys for `{request.form.get('name')}`. You can approve or deny the request [here](/admin/apps).")
|
send_admin(NOTIFICATIONS_ACCOUNT, f"{v.username} has requested API keys for `{request.values.get('name')}`. You can approve or deny the request [here](/admin/apps).")
|
||||||
|
|
||||||
g.db.commit()
|
g.db.commit()
|
||||||
|
|
||||||
|
@ -83,9 +83,9 @@ def edit_oauth_app(v, aid):
|
||||||
aid = int(aid)
|
aid = int(aid)
|
||||||
app = g.db.query(OauthApp).options(lazyload('*')).filter_by(id=aid).first()
|
app = g.db.query(OauthApp).options(lazyload('*')).filter_by(id=aid).first()
|
||||||
|
|
||||||
app.redirect_uri = request.form.get('redirect_uri')
|
app.redirect_uri = request.values.get('redirect_uri')
|
||||||
app.app_name = request.form.get('name')
|
app.app_name = request.values.get('name')
|
||||||
app.description = request.form.get("description")[:256]
|
app.description = request.values.get("description")[:256]
|
||||||
|
|
||||||
g.db.add(app)
|
g.db.add(app)
|
||||||
|
|
||||||
|
@ -168,7 +168,7 @@ def admin_app_id(v, aid):
|
||||||
OauthApp.author)).filter_by(
|
OauthApp.author)).filter_by(
|
||||||
id=aid).first()
|
id=aid).first()
|
||||||
|
|
||||||
pids=oauth.idlist(page=int(request.args.get("page",1)),
|
pids=oauth.idlist(page=int(request.values.get("page",1)),
|
||||||
)
|
)
|
||||||
|
|
||||||
next_exists=len(pids)==101
|
next_exists=len(pids)==101
|
||||||
|
@ -194,7 +194,7 @@ def admin_app_id_comments(v, aid):
|
||||||
OauthApp.author)).filter_by(
|
OauthApp.author)).filter_by(
|
||||||
id=aid).first()
|
id=aid).first()
|
||||||
|
|
||||||
cids=oauth.comments_idlist(page=int(request.args.get("page",1)),
|
cids=oauth.comments_idlist(page=int(request.values.get("page",1)),
|
||||||
)
|
)
|
||||||
|
|
||||||
next_exists=len(cids)==101
|
next_exists=len(cids)==101
|
||||||
|
|
|
@ -91,7 +91,7 @@ def post_id(pid, anything=None, v=None):
|
||||||
|
|
||||||
if v: defaultsortingcomments = v.defaultsortingcomments
|
if v: defaultsortingcomments = v.defaultsortingcomments
|
||||||
else: defaultsortingcomments = "top"
|
else: defaultsortingcomments = "top"
|
||||||
sort=request.args.get("sort", defaultsortingcomments)
|
sort=request.values.get("sort", defaultsortingcomments)
|
||||||
|
|
||||||
try: pid = int(pid)
|
try: pid = int(pid)
|
||||||
except:
|
except:
|
||||||
|
@ -242,8 +242,8 @@ def edit_post(pid, v):
|
||||||
|
|
||||||
if not p.author_id == v.id: abort(403)
|
if not p.author_id == v.id: abort(403)
|
||||||
|
|
||||||
title = request.form.get("title")
|
title = request.values.get("title")
|
||||||
body = request.form.get("body", "")
|
body = request.values.get("body", "")
|
||||||
|
|
||||||
if title != p.title:
|
if title != p.title:
|
||||||
p.title = title
|
p.title = title
|
||||||
|
@ -397,7 +397,7 @@ def edit_post(pid, v):
|
||||||
@auth_required
|
@auth_required
|
||||||
def get_post_title(v):
|
def get_post_title(v):
|
||||||
|
|
||||||
url = request.args.get("url", None)
|
url = request.values.get("url", None)
|
||||||
if not url:
|
if not url:
|
||||||
return abort(400)
|
return abort(400)
|
||||||
|
|
||||||
|
@ -601,8 +601,8 @@ def thumbs(new_post):
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def submit_post(v):
|
def submit_post(v):
|
||||||
|
|
||||||
title = request.form.get("title", "")
|
title = request.values.get("title", "")
|
||||||
url = request.form.get("url", "")
|
url = request.values.get("url", "")
|
||||||
|
|
||||||
if url:
|
if url:
|
||||||
if "/i.imgur.com/" in url: url = url.replace(".png", ".webp").replace(".jpg", ".webp").replace(".jpeg", ".webp")
|
if "/i.imgur.com/" in url: url = url.replace(".png", ".webp").replace(".jpg", ".webp").replace(".jpeg", ".webp")
|
||||||
|
@ -633,24 +633,24 @@ def submit_post(v):
|
||||||
|
|
||||||
if not title:
|
if not title:
|
||||||
if request.headers.get("Authorization"): return {"error": "Please enter a better title"}, 400
|
if request.headers.get("Authorization"): return {"error": "Please enter a better title"}, 400
|
||||||
else: return render_template("submit.html", v=v, error="Please enter a better title.", title=title, url=url, body=request.form.get("body", "")), 400
|
else: return render_template("submit.html", v=v, error="Please enter a better title.", title=title, url=url, body=request.values.get("body", "")), 400
|
||||||
|
|
||||||
|
|
||||||
elif len(title) > 500:
|
elif len(title) > 500:
|
||||||
if request.headers.get("Authorization"): return {"error": "500 character limit for titles"}, 400
|
if request.headers.get("Authorization"): return {"error": "500 character limit for titles"}, 400
|
||||||
else: render_template("submit.html", v=v, error="500 character limit for titles.", title=title[:500], url=url, body=request.form.get("body", "")), 400
|
else: render_template("submit.html", v=v, error="500 character limit for titles.", title=title[:500], url=url, body=request.values.get("body", "")), 400
|
||||||
|
|
||||||
parsed_url = urlparse(url)
|
parsed_url = urlparse(url)
|
||||||
if not (parsed_url.scheme and parsed_url.netloc) and not request.form.get(
|
if not (parsed_url.scheme and parsed_url.netloc) and not request.values.get(
|
||||||
"body") and not request.files.get("file", None):
|
"body") and not request.files.get("file", None):
|
||||||
|
|
||||||
if request.headers.get("Authorization"): return {"error": "`url` or `body` parameter required."}, 400
|
if request.headers.get("Authorization"): return {"error": "`url` or `body` parameter required."}, 400
|
||||||
else: return render_template("submit.html", v=v, error="Please enter a url or some text.", title=title, url=url, body=request.form.get("body", "")), 400
|
else: return render_template("submit.html", v=v, error="Please enter a url or some text.", title=title, url=url, body=request.values.get("body", "")), 400
|
||||||
|
|
||||||
|
|
||||||
# Force https for submitted urls
|
# Force https for submitted urls
|
||||||
|
|
||||||
if request.form.get("url"):
|
if request.values.get("url"):
|
||||||
new_url = ParseResult(scheme="https",
|
new_url = ParseResult(scheme="https",
|
||||||
netloc=parsed_url.netloc,
|
netloc=parsed_url.netloc,
|
||||||
path=parsed_url.path,
|
path=parsed_url.path,
|
||||||
|
@ -661,7 +661,7 @@ def submit_post(v):
|
||||||
else:
|
else:
|
||||||
url = ""
|
url = ""
|
||||||
|
|
||||||
body = request.form.get("body", "")
|
body = request.values.get("body", "")
|
||||||
# check for duplicate
|
# check for duplicate
|
||||||
dup = g.db.query(Submission).join(Submission.submission_aux).options(lazyload('*')).filter(
|
dup = g.db.query(Submission).join(Submission.submission_aux).options(lazyload('*')).filter(
|
||||||
|
|
||||||
|
@ -691,7 +691,7 @@ def submit_post(v):
|
||||||
v.ban(reason="Sexualizing minors")
|
v.ban(reason="Sexualizing minors")
|
||||||
|
|
||||||
if request.headers.get("Authorization"): return {"error":"ToS violation"}, 400
|
if request.headers.get("Authorization"): return {"error":"ToS violation"}, 400
|
||||||
else: return render_template("submit.html", v=v, error="ToS Violation", title=title, url=url, body=request.form.get("body", "")), 400
|
else: return render_template("submit.html", v=v, error="ToS Violation", title=title, url=url, body=request.values.get("body", "")), 400
|
||||||
|
|
||||||
if "twitter.com" in domain:
|
if "twitter.com" in domain:
|
||||||
try: embed = requests.get("https://publish.twitter.com/oembed", params={"url":url, "omit_script":"t"}).json()["html"]
|
try: embed = requests.get("https://publish.twitter.com/oembed", params={"url":url, "omit_script":"t"}).json()["html"]
|
||||||
|
@ -794,12 +794,12 @@ def submit_post(v):
|
||||||
if len(str(body)) > 10000:
|
if len(str(body)) > 10000:
|
||||||
|
|
||||||
if request.headers.get("Authorization"): return {"error":"10000 character limit for text body."}, 400
|
if request.headers.get("Authorization"): return {"error":"10000 character limit for text body."}, 400
|
||||||
else: return render_template("submit.html", v=v, error="10000 character limit for text body.", title=title, url=url, body=request.form.get("body", "")), 400
|
else: return render_template("submit.html", v=v, error="10000 character limit for text body.", title=title, url=url, body=request.values.get("body", "")), 400
|
||||||
|
|
||||||
if len(url) > 2048:
|
if len(url) > 2048:
|
||||||
|
|
||||||
if request.headers.get("Authorization"): return {"error":"2048 character limit for URLs."}, 400
|
if request.headers.get("Authorization"): return {"error":"2048 character limit for URLs."}, 400
|
||||||
else: return render_template("submit.html", v=v, error="2048 character limit for URLs.", title=title, url=url,body=request.form.get("body", "")), 400
|
else: return render_template("submit.html", v=v, error="2048 character limit for URLs.", title=title, url=url,body=request.values.get("body", "")), 400
|
||||||
|
|
||||||
# render text
|
# render text
|
||||||
for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE):
|
for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE):
|
||||||
|
@ -822,7 +822,7 @@ def submit_post(v):
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
if request.headers.get("Authorization"): return {"error": reason}, 403
|
if request.headers.get("Authorization"): return {"error": reason}, 403
|
||||||
else: return render_template("submit.html", v=v, error=reason, title=title, url=url, body=request.form.get("body", "")), 403
|
else: return render_template("submit.html", v=v, error=reason, title=title, url=url, body=request.values.get("body", "")), 403
|
||||||
|
|
||||||
# check spam
|
# check spam
|
||||||
soup = BeautifulSoup(body_html, features="html.parser")
|
soup = BeautifulSoup(body_html, features="html.parser")
|
||||||
|
@ -853,19 +853,19 @@ def submit_post(v):
|
||||||
return redirect('/notifications')
|
return redirect('/notifications')
|
||||||
else:
|
else:
|
||||||
if request.headers.get("Authorization"): return {"error": f"The link `{badlink.link}` is not allowed. Reason: {badlink.reason}"}, 400
|
if request.headers.get("Authorization"): return {"error": f"The link `{badlink.link}` is not allowed. Reason: {badlink.reason}"}, 400
|
||||||
else: return render_template("submit.html", v=v, error=f"The link `{badlink.link}` is not allowed. Reason: {badlink.reason}.", title=title, url=url, body=request.form.get("body", "")), 400
|
else: return render_template("submit.html", v=v, error=f"The link `{badlink.link}` is not allowed. Reason: {badlink.reason}.", title=title, url=url, body=request.values.get("body", "")), 400
|
||||||
|
|
||||||
# check for embeddable video
|
# check for embeddable video
|
||||||
domain = parsed_url.netloc
|
domain = parsed_url.netloc
|
||||||
|
|
||||||
if v.paid_dues: club = bool(request.form.get("club",""))
|
if v.paid_dues: club = bool(request.values.get("club",""))
|
||||||
else: club = False
|
else: club = False
|
||||||
|
|
||||||
new_post = Submission(
|
new_post = Submission(
|
||||||
private=bool(request.form.get("private","")),
|
private=bool(request.values.get("private","")),
|
||||||
club=club,
|
club=club,
|
||||||
author_id=v.id,
|
author_id=v.id,
|
||||||
over_18=bool(request.form.get("over_18","")),
|
over_18=bool(request.values.get("over_18","")),
|
||||||
app_id=v.client.application.id if v.client else None,
|
app_id=v.client.application.id if v.client else None,
|
||||||
is_bot = request.headers.get("X-User-Type","").lower()=="bot"
|
is_bot = request.headers.get("X-User-Type","").lower()=="bot"
|
||||||
)
|
)
|
||||||
|
@ -905,11 +905,11 @@ def submit_post(v):
|
||||||
file = request.files['file']
|
file = request.files['file']
|
||||||
#if not file.content_type.startswith('image/'):
|
#if not file.content_type.startswith('image/'):
|
||||||
# if request.headers.get("Authorization"): return {"error": f"Image files only"}, 400
|
# if request.headers.get("Authorization"): return {"error": f"Image files only"}, 400
|
||||||
# else: return render_template("submit.html", v=v, error=f"Image files only.", title=title, body=request.form.get("body", "")), 400
|
# else: return render_template("submit.html", v=v, error=f"Image files only.", title=title, body=request.values.get("body", "")), 400
|
||||||
|
|
||||||
if not file.content_type.startswith(('image/', 'video/')):
|
if not file.content_type.startswith(('image/', 'video/')):
|
||||||
if request.headers.get("Authorization"): return {"error": f"File type not allowed"}, 400
|
if request.headers.get("Authorization"): return {"error": f"File type not allowed"}, 400
|
||||||
else: return render_template("submit.html", v=v, error=f"File type not allowed.", title=title, body=request.form.get("body", "")), 400
|
else: return render_template("submit.html", v=v, error=f"File type not allowed.", title=title, body=request.values.get("body", "")), 400
|
||||||
|
|
||||||
if file.content_type.startswith('video/') and v.coins < app.config["VIDEO_COIN_REQUIREMENT"] and v.admin_level < 1:
|
if file.content_type.startswith('video/') and v.coins < app.config["VIDEO_COIN_REQUIREMENT"] and v.admin_level < 1:
|
||||||
if request.headers.get("Authorization"):
|
if request.headers.get("Authorization"):
|
||||||
|
@ -922,7 +922,7 @@ def submit_post(v):
|
||||||
v=v,
|
v=v,
|
||||||
error=f"You need at least {app.config['VIDEO_COIN_REQUIREMENT']} coins to upload videos.",
|
error=f"You need at least {app.config['VIDEO_COIN_REQUIREMENT']} coins to upload videos.",
|
||||||
title=title,
|
title=title,
|
||||||
body=request.form.get("body", "")
|
body=request.values.get("body", "")
|
||||||
), 403
|
), 403
|
||||||
|
|
||||||
if file.content_type.startswith('image/'):
|
if file.content_type.startswith('image/'):
|
||||||
|
@ -946,7 +946,7 @@ def submit_post(v):
|
||||||
v=v,
|
v=v,
|
||||||
error=str(e),
|
error=str(e),
|
||||||
title=title,
|
title=title,
|
||||||
body=request.form.get("body", "")
|
body=request.values.get("body", "")
|
||||||
), 400
|
), 400
|
||||||
|
|
||||||
g.db.add(new_post)
|
g.db.add(new_post)
|
||||||
|
|
|
@ -16,7 +16,7 @@ def api_flag_post(pid, v):
|
||||||
|
|
||||||
if existing: return "", 409
|
if existing: return "", 409
|
||||||
|
|
||||||
reason = request.form.get("reason", "").strip()[:100]
|
reason = request.values.get("reason", "").strip()[:100]
|
||||||
if "<" in reason: return {"error": f"Reasons can't contain <"}
|
if "<" in reason: return {"error": f"Reasons can't contain <"}
|
||||||
|
|
||||||
for i in re.finditer(':(.{1,30}?):', reason):
|
for i in re.finditer(':(.{1,30}?):', reason):
|
||||||
|
@ -47,7 +47,7 @@ def api_flag_comment(cid, v):
|
||||||
user_id=v.id, comment_id=comment.id).first()
|
user_id=v.id, comment_id=comment.id).first()
|
||||||
|
|
||||||
if existing: return "", 409
|
if existing: return "", 409
|
||||||
reason = request.form.get("reason", "").strip()[:100]
|
reason = request.values.get("reason", "").strip()[:100]
|
||||||
if "<" in reason: return {"error": f"Reasons can't contain <"}
|
if "<" in reason: return {"error": f"Reasons can't contain <"}
|
||||||
|
|
||||||
for i in re.finditer(':(.{1,30}?):', reason):
|
for i in re.finditer(':(.{1,30}?):', reason):
|
||||||
|
|
|
@ -203,12 +203,12 @@ def searchcommentlisting(criteria, v=None, page=1, t="None", sort="top"):
|
||||||
def searchposts(v):
|
def searchposts(v):
|
||||||
|
|
||||||
|
|
||||||
query = request.args.get("q", '').strip()
|
query = request.values.get("q", '').strip()
|
||||||
|
|
||||||
page = max(1, int(request.args.get("page", 1)))
|
page = max(1, int(request.values.get("page", 1)))
|
||||||
|
|
||||||
sort = request.args.get("sort", "top").lower()
|
sort = request.values.get("sort", "top").lower()
|
||||||
t = request.args.get('t', 'all').lower()
|
t = request.values.get('t', 'all').lower()
|
||||||
|
|
||||||
criteria=searchparse(query)
|
criteria=searchparse(query)
|
||||||
total, ids = searchlisting(criteria, v=v, page=page, t=t, sort=sort)
|
total, ids = searchlisting(criteria, v=v, page=page, t=t, sort=sort)
|
||||||
|
@ -244,13 +244,13 @@ def searchposts(v):
|
||||||
def searchcomments(v):
|
def searchcomments(v):
|
||||||
|
|
||||||
|
|
||||||
query = request.args.get("q", '').strip()
|
query = request.values.get("q", '').strip()
|
||||||
|
|
||||||
try: page = max(1, int(request.args.get("page", 1)))
|
try: page = max(1, int(request.values.get("page", 1)))
|
||||||
except: page = 1
|
except: page = 1
|
||||||
|
|
||||||
sort = request.args.get("sort", "top").lower()
|
sort = request.values.get("sort", "top").lower()
|
||||||
t = request.args.get('t', 'all').lower()
|
t = request.values.get('t', 'all').lower()
|
||||||
|
|
||||||
criteria=searchparse(query)
|
criteria=searchparse(query)
|
||||||
total, ids = searchcommentlisting(criteria, v=v, page=page, t=t, sort=sort)
|
total, ids = searchcommentlisting(criteria, v=v, page=page, t=t, sort=sort)
|
||||||
|
@ -269,11 +269,11 @@ def searchcomments(v):
|
||||||
def searchusers(v):
|
def searchusers(v):
|
||||||
|
|
||||||
|
|
||||||
query = request.args.get("q", '').strip()
|
query = request.values.get("q", '').strip()
|
||||||
|
|
||||||
page = max(1, int(request.args.get("page", 1)))
|
page = max(1, int(request.values.get("page", 1)))
|
||||||
sort = request.args.get("sort", "top").lower()
|
sort = request.values.get("sort", "top").lower()
|
||||||
t = request.args.get('t', 'all').lower()
|
t = request.values.get('t', 'all').lower()
|
||||||
term=query.lstrip('@')
|
term=query.lstrip('@')
|
||||||
term=term.replace('\\','')
|
term=term.replace('\\','')
|
||||||
term=term.replace('_','\_')
|
term=term.replace('_','\_')
|
||||||
|
|
|
@ -267,7 +267,7 @@ def changelogsub(v):
|
||||||
@auth_required
|
@auth_required
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def namecolor(v):
|
def namecolor(v):
|
||||||
color = str(request.form.get("color", "")).strip()
|
color = str(request.values.get("color", "")).strip()
|
||||||
if color.startswith('#'): color = color[1:]
|
if color.startswith('#'): color = color[1:]
|
||||||
if len(color) != 6: return render_template("settings_security.html", v=v, error="Invalid color code")
|
if len(color) != 6: return render_template("settings_security.html", v=v, error="Invalid color code")
|
||||||
v.namecolor = color
|
v.namecolor = color
|
||||||
|
@ -279,7 +279,7 @@ def namecolor(v):
|
||||||
@auth_required
|
@auth_required
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def themecolor(v):
|
def themecolor(v):
|
||||||
themecolor = str(request.form.get("themecolor", "")).strip()
|
themecolor = str(request.values.get("themecolor", "")).strip()
|
||||||
if themecolor.startswith('#'): themecolor = themecolor[1:]
|
if themecolor.startswith('#'): themecolor = themecolor[1:]
|
||||||
if len(themecolor) != 6: return render_template("settings_security.html", v=v, error="Invalid color code")
|
if len(themecolor) != 6: return render_template("settings_security.html", v=v, error="Invalid color code")
|
||||||
v.themecolor = themecolor
|
v.themecolor = themecolor
|
||||||
|
@ -368,7 +368,7 @@ def gumroad(v):
|
||||||
@auth_required
|
@auth_required
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def titlecolor(v):
|
def titlecolor(v):
|
||||||
titlecolor = str(request.form.get("titlecolor", "")).strip()
|
titlecolor = str(request.values.get("titlecolor", "")).strip()
|
||||||
if titlecolor.startswith('#'): titlecolor = titlecolor[1:]
|
if titlecolor.startswith('#'): titlecolor = titlecolor[1:]
|
||||||
if len(titlecolor) != 6: return render_template("settings_security.html", v=v, error="Invalid color code")
|
if len(titlecolor) != 6: return render_template("settings_security.html", v=v, error="Invalid color code")
|
||||||
v.titlecolor = titlecolor
|
v.titlecolor = titlecolor
|
||||||
|
@ -381,22 +381,22 @@ def titlecolor(v):
|
||||||
@auth_required
|
@auth_required
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def settings_security_post(v):
|
def settings_security_post(v):
|
||||||
if request.form.get("new_password"):
|
if request.values.get("new_password"):
|
||||||
if request.form.get(
|
if request.values.get(
|
||||||
"new_password") != request.form.get("cnf_password"):
|
"new_password") != request.values.get("cnf_password"):
|
||||||
return redirect("/settings/security?error=" +
|
return redirect("/settings/security?error=" +
|
||||||
escape("Passwords do not match."))
|
escape("Passwords do not match."))
|
||||||
|
|
||||||
if not re.match(valid_password_regex, request.form.get("new_password")):
|
if not re.match(valid_password_regex, request.values.get("new_password")):
|
||||||
#print(f"signup fail - {username } - invalid password")
|
#print(f"signup fail - {username } - invalid password")
|
||||||
return redirect("/settings/security?error=" +
|
return redirect("/settings/security?error=" +
|
||||||
escape("Password must be between 8 and 100 characters."))
|
escape("Password must be between 8 and 100 characters."))
|
||||||
|
|
||||||
if not v.verifyPass(request.form.get("old_password")):
|
if not v.verifyPass(request.values.get("old_password")):
|
||||||
return render_template(
|
return render_template(
|
||||||
"settings_security.html", v=v, error="Incorrect password")
|
"settings_security.html", v=v, error="Incorrect password")
|
||||||
|
|
||||||
v.passhash = v.hash_password(request.form.get("new_password"))
|
v.passhash = v.hash_password(request.values.get("new_password"))
|
||||||
|
|
||||||
g.db.add(v)
|
g.db.add(v)
|
||||||
|
|
||||||
|
@ -405,13 +405,13 @@ def settings_security_post(v):
|
||||||
return redirect("/settings/security?msg=" +
|
return redirect("/settings/security?msg=" +
|
||||||
escape("Your password has been changed."))
|
escape("Your password has been changed."))
|
||||||
|
|
||||||
if request.form.get("new_email"):
|
if request.values.get("new_email"):
|
||||||
|
|
||||||
if not v.verifyPass(request.form.get('password')):
|
if not v.verifyPass(request.values.get('password')):
|
||||||
return redirect("/settings/security?error=" +
|
return redirect("/settings/security?error=" +
|
||||||
escape("Invalid password."))
|
escape("Invalid password."))
|
||||||
|
|
||||||
new_email = request.form.get("new_email","").strip()
|
new_email = request.values.get("new_email","").strip()
|
||||||
if new_email == v.email:
|
if new_email == v.email:
|
||||||
return redirect("/settings/security?error=That email is already yours!")
|
return redirect("/settings/security?error=That email is already yours!")
|
||||||
|
|
||||||
|
@ -441,15 +441,15 @@ def settings_security_post(v):
|
||||||
return redirect("/settings/security?msg=" + escape(
|
return redirect("/settings/security?msg=" + escape(
|
||||||
"Check your email and click the verification link to complete the email change."))
|
"Check your email and click the verification link to complete the email change."))
|
||||||
|
|
||||||
if request.form.get("2fa_token", ""):
|
if request.values.get("2fa_token", ""):
|
||||||
|
|
||||||
if not v.verifyPass(request.form.get('password')):
|
if not v.verifyPass(request.values.get('password')):
|
||||||
return redirect("/settings/security?error=" +
|
return redirect("/settings/security?error=" +
|
||||||
escape("Invalid password or token."))
|
escape("Invalid password or token."))
|
||||||
|
|
||||||
secret = request.form.get("2fa_secret")
|
secret = request.values.get("2fa_secret")
|
||||||
x = pyotp.TOTP(secret)
|
x = pyotp.TOTP(secret)
|
||||||
if not x.verify(request.form.get("2fa_token"), valid_window=1):
|
if not x.verify(request.values.get("2fa_token"), valid_window=1):
|
||||||
return redirect("/settings/security?error=" +
|
return redirect("/settings/security?error=" +
|
||||||
escape("Invalid password or token."))
|
escape("Invalid password or token."))
|
||||||
|
|
||||||
|
@ -461,13 +461,13 @@ def settings_security_post(v):
|
||||||
return redirect("/settings/security?msg=" +
|
return redirect("/settings/security?msg=" +
|
||||||
escape("Two-factor authentication enabled."))
|
escape("Two-factor authentication enabled."))
|
||||||
|
|
||||||
if request.form.get("2fa_remove", ""):
|
if request.values.get("2fa_remove", ""):
|
||||||
|
|
||||||
if not v.verifyPass(request.form.get('password')):
|
if not v.verifyPass(request.values.get('password')):
|
||||||
return redirect("/settings/security?error=" +
|
return redirect("/settings/security?error=" +
|
||||||
escape("Invalid password or token."))
|
escape("Invalid password or token."))
|
||||||
|
|
||||||
token = request.form.get("2fa_remove")
|
token = request.values.get("2fa_remove")
|
||||||
|
|
||||||
if not v.validate_2fa(token):
|
if not v.validate_2fa(token):
|
||||||
return redirect("/settings/security?error=" +
|
return redirect("/settings/security?error=" +
|
||||||
|
@ -486,7 +486,7 @@ def settings_security_post(v):
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def settings_log_out_others(v):
|
def settings_log_out_others(v):
|
||||||
|
|
||||||
submitted_password = request.form.get("password", "")
|
submitted_password = request.values.get("password", "")
|
||||||
|
|
||||||
if not v.verifyPass(submitted_password):
|
if not v.verifyPass(submitted_password):
|
||||||
return render_template("settings_security.html",
|
return render_template("settings_security.html",
|
||||||
|
@ -596,7 +596,7 @@ def settings_css_get(v):
|
||||||
@app.post("/settings/css")
|
@app.post("/settings/css")
|
||||||
@auth_required
|
@auth_required
|
||||||
def settings_css(v):
|
def settings_css(v):
|
||||||
css = request.form.get("css").replace('\\', '')[:50000]
|
css = request.values.get("css").replace('\\', '')[:50000]
|
||||||
|
|
||||||
if not v.agendaposter:
|
if not v.agendaposter:
|
||||||
v.css = css
|
v.css = css
|
||||||
|
@ -618,7 +618,7 @@ def settings_profilecss_get(v):
|
||||||
@auth_required
|
@auth_required
|
||||||
def settings_profilecss(v):
|
def settings_profilecss(v):
|
||||||
if v.coins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a patron to set profile css."
|
if v.coins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a patron to set profile css."
|
||||||
profilecss = request.form.get("profilecss").replace('\\', '')[:50000]
|
profilecss = request.values.get("profilecss").replace('\\', '')[:50000]
|
||||||
v.profilecss = profilecss
|
v.profilecss = profilecss
|
||||||
g.db.add(v)
|
g.db.add(v)
|
||||||
g.db.commit()
|
g.db.commit()
|
||||||
|
@ -727,7 +727,7 @@ def settings_content_get(v):
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def settings_name_change(v):
|
def settings_name_change(v):
|
||||||
|
|
||||||
new_name=request.form.get("name").strip()
|
new_name=request.values.get("name").strip()
|
||||||
|
|
||||||
#make sure name is different
|
#make sure name is different
|
||||||
if new_name==v.username:
|
if new_name==v.username:
|
||||||
|
@ -775,7 +775,7 @@ def settings_name_change(v):
|
||||||
@auth_required
|
@auth_required
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def settings_song_change(v):
|
def settings_song_change(v):
|
||||||
song=request.form.get("song").strip()
|
song=request.values.get("song").strip()
|
||||||
|
|
||||||
if song == "" and v.song and path.isfile(f"/songs/{v.song}.mp3") and g.db.query(User).options(lazyload('*')).filter_by(song=v.song).count() == 1:
|
if song == "" and v.song and path.isfile(f"/songs/{v.song}.mp3") and g.db.query(User).options(lazyload('*')).filter_by(song=v.song).count() == 1:
|
||||||
os.remove(f"/songs/{v.song}.mp3")
|
os.remove(f"/songs/{v.song}.mp3")
|
||||||
|
@ -860,7 +860,7 @@ def settings_title_change(v):
|
||||||
|
|
||||||
if v.flairchanged: abort(403)
|
if v.flairchanged: abort(403)
|
||||||
|
|
||||||
new_name=request.form.get("title").strip()[:100].replace("𒐪","")
|
new_name=request.values.get("title").strip()[:100].replace("𒐪","")
|
||||||
|
|
||||||
#make sure name is different
|
#make sure name is different
|
||||||
if new_name==v.customtitle:
|
if new_name==v.customtitle:
|
||||||
|
|
|
@ -97,7 +97,7 @@ def admins(v):
|
||||||
# @auth_desired
|
# @auth_desired
|
||||||
# def log(v):
|
# def log(v):
|
||||||
|
|
||||||
# page=int(request.args.get("page",1))
|
# page=int(request.values.get("page",1))
|
||||||
|
|
||||||
# if v and v.admin_level == 6: actions = g.db.query(ModAction).order_by(ModAction.id.desc()).offset(25 * (page - 1)).limit(26).all()
|
# if v and v.admin_level == 6: actions = g.db.query(ModAction).order_by(ModAction.id.desc()).offset(25 * (page - 1)).limit(26).all()
|
||||||
# else: actions=g.db.query(ModAction).options(lazyload('*')).filter(ModAction.kind!="shadowban", ModAction.kind!="unshadowban", ModAction.kind!="club", ModAction.kind!="unclub").order_by(ModAction.id.desc()).offset(25*(page-1)).limit(26).all()
|
# else: actions=g.db.query(ModAction).options(lazyload('*')).filter(ModAction.kind!="shadowban", ModAction.kind!="unshadowban", ModAction.kind!="club", ModAction.kind!="unclub").order_by(ModAction.id.desc()).offset(25*(page-1)).limit(26).all()
|
||||||
|
@ -150,7 +150,7 @@ def contact(v):
|
||||||
@app.post("/contact")
|
@app.post("/contact")
|
||||||
@auth_desired
|
@auth_desired
|
||||||
def submit_contact(v):
|
def submit_contact(v):
|
||||||
message = f'This message has been sent automatically to all admins via https://{site}/contact, user email is "{v.email}"\n\nMessage:\n\n' + request.form.get("message", "")
|
message = f'This message has been sent automatically to all admins via https://{site}/contact, user email is "{v.email}"\n\nMessage:\n\n' + request.values.get("message", "")
|
||||||
send_admin(v.id, message)
|
send_admin(v.id, message)
|
||||||
g.db.commit()
|
g.db.commit()
|
||||||
return render_template("contact.html", v=v, msg="Your message has been sent.")
|
return render_template("contact.html", v=v, msg="Your message has been sent.")
|
||||||
|
@ -254,8 +254,8 @@ def settings_security(v):
|
||||||
return render_template("settings_security.html",
|
return render_template("settings_security.html",
|
||||||
v=v,
|
v=v,
|
||||||
mfa_secret=pyotp.random_base32() if not v.mfa_secret else None,
|
mfa_secret=pyotp.random_base32() if not v.mfa_secret else None,
|
||||||
error=request.args.get("error") or None,
|
error=request.values.get("error") or None,
|
||||||
msg=request.args.get("msg") or None
|
msg=request.values.get("msg") or None
|
||||||
)
|
)
|
||||||
|
|
||||||
@app.post("/dismiss_mobile_tip")
|
@app.post("/dismiss_mobile_tip")
|
||||||
|
|
|
@ -120,7 +120,7 @@ def transfer_coins(v, username):
|
||||||
if receiver is None: return {"error": "That user doesn't exist."}, 404
|
if receiver is None: return {"error": "That user doesn't exist."}, 404
|
||||||
|
|
||||||
if receiver.id != v.id:
|
if receiver.id != v.id:
|
||||||
amount = request.form.get("amount", "")
|
amount = request.values.get("amount", "")
|
||||||
amount = int(amount) if amount.isdigit() else None
|
amount = int(amount) if amount.isdigit() else None
|
||||||
|
|
||||||
if amount is None or amount <= 0: return {"error": f"Invalid amount of {app.config['COINS_NAME']}."}, 400
|
if amount is None or amount <= 0: return {"error": f"Invalid amount of {app.config['COINS_NAME']}."}, 400
|
||||||
|
@ -210,7 +210,7 @@ def message2(v, username):
|
||||||
user = get_user(username, v=v)
|
user = get_user(username, v=v)
|
||||||
if user.is_blocking: return {"error": "You're blocking this user."}, 403
|
if user.is_blocking: return {"error": "You're blocking this user."}, 403
|
||||||
if user.is_blocked: return {"error": "This user is blocking you."}, 403
|
if user.is_blocked: return {"error": "This user is blocking you."}, 403
|
||||||
message = request.form.get("message", "")[:1000].strip()
|
message = request.values.get("message", "")[:1000].strip()
|
||||||
|
|
||||||
message = message.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
|
message = message.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
|
||||||
|
|
||||||
|
@ -248,8 +248,8 @@ def message2(v, username):
|
||||||
@auth_required
|
@auth_required
|
||||||
def messagereply(v):
|
def messagereply(v):
|
||||||
|
|
||||||
message = request.form.get("body", "")[:1000].strip()
|
message = request.values.get("body", "")[:1000].strip()
|
||||||
id = int(request.form.get("parent_id"))
|
id = int(request.values.get("parent_id"))
|
||||||
parent = get_comment(id, v=v)
|
parent = get_comment(id, v=v)
|
||||||
user = parent.author
|
user = parent.author
|
||||||
message = message.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
|
message = message.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
|
||||||
|
@ -421,9 +421,9 @@ def u_username(username, v=None):
|
||||||
else: return render_template("userpage_blocked.html", u=u, v=v)
|
else: return render_template("userpage_blocked.html", u=u, v=v)
|
||||||
|
|
||||||
|
|
||||||
sort = request.args.get("sort", "new")
|
sort = request.values.get("sort", "new")
|
||||||
t = request.args.get("t", "all")
|
t = request.values.get("t", "all")
|
||||||
page = int(request.args.get("page", "1"))
|
page = int(request.values.get("page", "1"))
|
||||||
page = max(page, 1)
|
page = max(page, 1)
|
||||||
|
|
||||||
ids = u.userpagelisting(v=v, page=page, sort=sort, t=t)
|
ids = u.userpagelisting(v=v, page=page, sort=sort, t=t)
|
||||||
|
@ -520,9 +520,9 @@ def u_username_comments(username, v=None):
|
||||||
v=v)
|
v=v)
|
||||||
|
|
||||||
|
|
||||||
page = int(request.args.get("page", "1"))
|
page = int(request.values.get("page", "1"))
|
||||||
sort=request.args.get("sort","new")
|
sort=request.values.get("sort","new")
|
||||||
t=request.args.get("t","all")
|
t=request.values.get("t","all")
|
||||||
|
|
||||||
|
|
||||||
comments = u.comments.options(lazyload('*')).filter(Comment.parent_submission != None)
|
comments = u.comments.options(lazyload('*')).filter(Comment.parent_submission != None)
|
||||||
|
@ -649,7 +649,7 @@ def user_profile_uid(id):
|
||||||
@auth_required
|
@auth_required
|
||||||
def saved_posts(v, username):
|
def saved_posts(v, username):
|
||||||
|
|
||||||
page=int(request.args.get("page",1))
|
page=int(request.values.get("page",1))
|
||||||
|
|
||||||
ids=v.saved_idlist(page=page)
|
ids=v.saved_idlist(page=page)
|
||||||
|
|
||||||
|
@ -673,7 +673,7 @@ def saved_posts(v, username):
|
||||||
@auth_required
|
@auth_required
|
||||||
def saved_comments(v, username):
|
def saved_comments(v, username):
|
||||||
|
|
||||||
page=int(request.args.get("page",1))
|
page=int(request.values.get("page",1))
|
||||||
|
|
||||||
ids=v.saved_comment_idlist(page=page)
|
ids=v.saved_comment_idlist(page=page)
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,7 @@ from files.__main__ import app
|
||||||
def admin_vote_info_get(v):
|
def admin_vote_info_get(v):
|
||||||
|
|
||||||
|
|
||||||
link = request.args.get("link")
|
link = request.values.get("link")
|
||||||
if not link: return render_template("votes.html", v=v)
|
if not link: return render_template("votes.html", v=v)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
|
@ -8,22 +8,22 @@
|
||||||
|
|
||||||
{% block content %}
|
{% block content %}
|
||||||
|
|
||||||
{% if request.args.get('error') or error %}
|
{% if request.values.get('error') or error %}
|
||||||
<div class="alert alert-danger alert-dismissible fade show my-3" role="alert">
|
<div class="alert alert-danger alert-dismissible fade show my-3" role="alert">
|
||||||
<i class="fas fa-exclamation-circle my-auto"></i>
|
<i class="fas fa-exclamation-circle my-auto"></i>
|
||||||
<span>
|
<span>
|
||||||
{{error if error else request.args.get('error')}}
|
{{error if error else request.values.get('error')}}
|
||||||
</span>
|
</span>
|
||||||
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
|
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
|
||||||
<span aria-hidden="true"><i class="far fa-times"></i></span>
|
<span aria-hidden="true"><i class="far fa-times"></i></span>
|
||||||
</button>
|
</button>
|
||||||
</div>
|
</div>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if request.args.get('msg') or msg %}
|
{% if request.values.get('msg') or msg %}
|
||||||
<div class="alert alert-success alert-dismissible fade show my-3" role="alert">
|
<div class="alert alert-success alert-dismissible fade show my-3" role="alert">
|
||||||
<i class="fas fa-check-circle my-auto" aria-hidden="true"></i>
|
<i class="fas fa-check-circle my-auto" aria-hidden="true"></i>
|
||||||
<span>
|
<span>
|
||||||
{{msg if msg else request.args.get('msg')}}
|
{{msg if msg else request.values.get('msg')}}
|
||||||
</span>
|
</span>
|
||||||
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
|
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
|
||||||
<span aria-hidden="true"><i class="far fa-times"></i></span>
|
<span aria-hidden="true"><i class="far fa-times"></i></span>
|
||||||
|
|
|
@ -22,7 +22,7 @@
|
||||||
</div>
|
</div>
|
||||||
<div class="flex-grow-1 d-fl d-none d-md-block">
|
<div class="flex-grow-1 d-fl d-none d-md-block">
|
||||||
<form class="form-inline search flex-nowrap mx-0 mx-lg-auto" action="/search/posts/" method="get">
|
<form class="form-inline search flex-nowrap mx-0 mx-lg-auto" action="/search/posts/" method="get">
|
||||||
<input class="form-control w-100" type="search" placeholder="Search" aria-label="Search" name="q" value="{{request.args.get('q', '')}}">
|
<input class="form-control w-100" type="search" placeholder="Search" aria-label="Search" name="q" value="{{request.values.get('q', '')}}">
|
||||||
<span class="input-group-append">
|
<span class="input-group-append">
|
||||||
<span class="input-group-text border-0 bg-transparent" style="margin-left: -2.5rem;">
|
<span class="input-group-text border-0 bg-transparent" style="margin-left: -2.5rem;">
|
||||||
<i class="fa fa-search" aria-hidden="true"></i>
|
<i class="fa fa-search" aria-hidden="true"></i>
|
||||||
|
|
|
@ -76,7 +76,7 @@
|
||||||
<h1 class="h4 font-weight-normal text-center">Whoops! You can't refer yourself!</h1>
|
<h1 class="h4 font-weight-normal text-center">Whoops! You can't refer yourself!</h1>
|
||||||
<p class="text-center text-muted mb-md-5">Send this link to a friend instead :)</p>
|
<p class="text-center text-muted mb-md-5">Send this link to a friend instead :)</p>
|
||||||
<label>Referral code</label>
|
<label>Referral code</label>
|
||||||
<input type="text" class="form-control copy-link" readonly value="/signup?ref={{request.args.get('ref')}}" data-clipboard-text="/signup?ref={{request.args.get('ref')}}">
|
<input type="text" class="form-control copy-link" readonly value="/signup?ref={{request.values.get('ref')}}" data-clipboard-text="/signup?ref={{request.values.get('ref')}}">
|
||||||
|
|
||||||
<div class="text-center mt-5 mb-3">
|
<div class="text-center mt-5 mb-3">
|
||||||
Already have an account? <a href="/login" class="font-weight-bold text-small toggle-login">Log in.</a>
|
Already have an account? <a href="/login" class="font-weight-bold text-small toggle-login">Log in.</a>
|
||||||
|
|
|
@ -305,7 +305,7 @@
|
||||||
|
|
||||||
<div id="urlblock">
|
<div id="urlblock">
|
||||||
<label for="URL" class="mt-3">URL</label>
|
<label for="URL" class="mt-3">URL</label>
|
||||||
<input class="form-control" id="post-URL" aria-describedby="URLHelp" type="url" name="url" placeholder="Optional if you have text." value="{{request.args.get('url','')}}" required oninput="checkForRequired();autoSuggestTitle();hide_image()">
|
<input class="form-control" id="post-URL" aria-describedby="URLHelp" type="url" name="url" placeholder="Optional if you have text." value="{{request.values.get('url','')}}" required oninput="checkForRequired();autoSuggestTitle();hide_image()">
|
||||||
<small class="form-text text-muted">To post an image, use a direct image link such as i.imgur.com</small>
|
<small class="form-text text-muted">To post an image, use a direct image link such as i.imgur.com</small>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue