master
Aevann1 2021-09-19 15:11:34 +02:00
parent 6fb3fd33da
commit 731351e5a2
22 changed files with 219 additions and 219 deletions

View File

@ -67,10 +67,10 @@ def api_verify_email(v):
@auth_desired @auth_desired
def activate(v): def activate(v):
email = request.args.get("email", "") email = request.values.get("email", "")
id = request.args.get("id", "") id = request.values.get("id", "")
timestamp = int(request.args.get("time", "0")) timestamp = int(request.values.get("time", "0"))
token = request.args.get("token", "") token = request.values.get("token", "")
if int(time.time()) - timestamp > 3600: if int(time.time()) - timestamp > 3600:
return render_template("message.html", v=v, title="Verification link expired.", return render_template("message.html", v=v, title="Verification link expired.",

View File

@ -209,7 +209,7 @@ def get_rules(v):
@validate_formkey @validate_formkey
def post_rules(v): def post_rules(v):
text = request.form.get('rules', '') text = request.values.get('rules', '')
with open(f'./{SITE_NAME} rules.html', 'w+') as f: with open(f'./{SITE_NAME} rules.html', 'w+') as f:
f.write(text) f.write(text)
@ -240,7 +240,7 @@ def agendaposters(v):
@admin_level_required(3) @admin_level_required(3)
def image_posts_listing(v): def image_posts_listing(v):
try: page = int(request.args.get('page', 1)) try: page = int(request.values.get('page', 1))
except: page = 1 except: page = 1
posts = g.db.query(Submission).order_by(Submission.id.desc()) posts = g.db.query(Submission).order_by(Submission.id.desc())
@ -258,7 +258,7 @@ def image_posts_listing(v):
@admin_level_required(3) @admin_level_required(3)
def reported_posts(v): def reported_posts(v):
page = max(1, int(request.args.get("page", 1))) page = max(1, int(request.values.get("page", 1)))
posts = g.db.query(Submission).options(lazyload('*')).filter_by( posts = g.db.query(Submission).options(lazyload('*')).filter_by(
is_approved=0, is_approved=0,
@ -279,7 +279,7 @@ def reported_posts(v):
@admin_level_required(3) @admin_level_required(3)
def reported_comments(v): def reported_comments(v):
page = max(1, int(request.args.get("page", 1))) page = max(1, int(request.values.get("page", 1)))
posts = g.db.query(Comment posts = g.db.query(Comment
).filter_by( ).filter_by(
@ -333,9 +333,9 @@ def badge_grant_get(v):
v=v, v=v,
badge_types=badge_types, badge_types=badge_types,
error=errors.get( error=errors.get(
request.args.get("error"), request.values.get("error"),
None) if request.args.get('error') else None, None) if request.values.get('error') else None,
msg="Badge successfully assigned" if request.args.get( msg="Badge successfully assigned" if request.values.get(
"msg") else None "msg") else None
) )
@ -345,10 +345,10 @@ def badge_grant_get(v):
@validate_formkey @validate_formkey
def badge_grant_post(v): def badge_grant_post(v):
user = get_user(request.form.get("username").strip(), graceful=True) user = get_user(request.values.get("username").strip(), graceful=True)
if not user: return redirect("/badge_grant?error=no_user") if not user: return redirect("/badge_grant?error=no_user")
try: badge_id = int(request.form.get("badge_id")) try: badge_id = int(request.values.get("badge_id"))
except: abort(400) except: abort(400)
if user.has_badge(badge_id): if user.has_badge(badge_id):
@ -359,10 +359,10 @@ def badge_grant_post(v):
user_id=user.id, user_id=user.id,
) )
desc = request.form.get("description") desc = request.values.get("description")
if desc: new_badge.description = desc if desc: new_badge.description = desc
url = request.form.get("url") url = request.values.get("url")
if url: new_badge.url = url if url: new_badge.url = url
g.db.add(new_badge) g.db.add(new_badge)
@ -443,7 +443,7 @@ def badge_grant_post(v):
@admin_level_required(2) @admin_level_required(2)
def users_list(v): def users_list(v):
page = int(request.args.get("page", 1)) page = int(request.values.get("page", 1))
users = g.db.query(User).options(lazyload('*')).filter_by(is_banned=0 users = g.db.query(User).options(lazyload('*')).filter_by(is_banned=0
).order_by(User.created_utc.desc() ).order_by(User.created_utc.desc()
@ -465,11 +465,11 @@ def users_list(v):
@admin_level_required(4) @admin_level_required(4)
def alt_votes_get(v): def alt_votes_get(v):
if not request.args.get("u1") or not request.args.get("u2"): if not request.values.get("u1") or not request.values.get("u2"):
return render_template("admin/alt_votes.html", v=v) return render_template("admin/alt_votes.html", v=v)
u1 = request.args.get("u1") u1 = request.values.get("u1")
u2 = request.args.get("u2") u2 = request.values.get("u2")
if not u1 or not u2: if not u1 or not u2:
return redirect("/admin/alt_votes") return redirect("/admin/alt_votes")
@ -575,8 +575,8 @@ def alt_votes_get(v):
@validate_formkey @validate_formkey
def admin_link_accounts(v): def admin_link_accounts(v):
u1 = int(request.form.get("u1")) u1 = int(request.values.get("u1"))
u2 = int(request.form.get("u2")) u2 = int(request.values.get("u2"))
new_alt = Alt( new_alt = Alt(
user1=u1, user1=u1,
@ -594,7 +594,7 @@ def admin_link_accounts(v):
@admin_level_required(3) @admin_level_required(3)
def admin_removed(v): def admin_removed(v):
page = int(request.args.get("page", 1)) page = int(request.values.get("page", 1))
ids = g.db.query(Submission.id).options(lazyload('*')).options(lazyload('*')).filter_by(is_banned=True).order_by( ids = g.db.query(Submission.id).options(lazyload('*')).options(lazyload('*')).filter_by(is_banned=True).order_by(
Submission.id.desc()).offset(25 * (page - 1)).limit(26).all() Submission.id.desc()).offset(25 * (page - 1)).limit(26).all()
@ -619,7 +619,7 @@ def admin_removed(v):
@admin_level_required(5) @admin_level_required(5)
def admin_image_purge(v): def admin_image_purge(v):
name = request.form.get("url") name = request.values.get("url")
image = g.db.query(Image).options(lazyload('*')).filter(Image.text == name).first() image = g.db.query(Image).options(lazyload('*')).filter(Image.text == name).first()
if image: if image:
requests.delete(f'https://api.imgur.com/3/image/{image.deletehash}', headers = {"Authorization": f"Client-ID {IMGUR_KEY}"}) requests.delete(f'https://api.imgur.com/3/image/{image.deletehash}', headers = {"Authorization": f"Client-ID {IMGUR_KEY}"})
@ -673,8 +673,8 @@ def admin_image_ban(v):
new_bp=BadPic( new_bp=BadPic(
phash=h, phash=h,
ban_reason=request.form.get("ban_reason"), ban_reason=request.values.get("ban_reason"),
ban_time=int(request.form.get("ban_length",0)) ban_time=int(request.values.get("ban_length",0))
) )
g.db.add(new_bp) g.db.add(new_bp)
@ -689,7 +689,7 @@ def admin_image_ban(v):
def agendaposter(user_id, v): def agendaposter(user_id, v):
user = g.db.query(User).options(lazyload('*')).filter_by(id=user_id).first() user = g.db.query(User).options(lazyload('*')).filter_by(id=user_id).first()
expiry = request.form.get("days", 0) expiry = request.values.get("days", 0)
if expiry: if expiry:
expiry = int(expiry) expiry = int(expiry)
expiry = g.timestamp + expiry*60*60*24 expiry = g.timestamp + expiry*60*60*24
@ -710,7 +710,7 @@ def agendaposter(user_id, v):
if not user.agendaposter: kind = "unagendaposter" if not user.agendaposter: kind = "unagendaposter"
else: else:
kind = "agendaposter" kind = "agendaposter"
note = f"for {request.form.get('days')} days" if expiry else "never expires" note = f"for {request.values.get('days')} days" if expiry else "never expires"
ma = ModAction( ma = ModAction(
kind=kind, kind=kind,
@ -814,14 +814,14 @@ def admin_title_change(user_id, v):
if user.admin_level != 0: abort(403) if user.admin_level != 0: abort(403)
new_name=request.form.get("title").strip() new_name=request.values.get("title").strip()
user.customtitleplain=new_name user.customtitleplain=new_name
new_name = sanitize(new_name) new_name = sanitize(new_name)
user=g.db.query(User).with_for_update().options(lazyload('*')).options(lazyload('*')).filter_by(id=user.id).first() user=g.db.query(User).with_for_update().options(lazyload('*')).options(lazyload('*')).filter_by(id=user.id).first()
user.customtitle=new_name user.customtitle=new_name
user.flairchanged = bool(request.form.get("locked")) user.flairchanged = bool(request.values.get("locked"))
g.db.add(user) g.db.add(user)
if user.flairchanged: kind = "set_flair_locked" if user.flairchanged: kind = "set_flair_locked"
@ -849,9 +849,9 @@ def ban_user(user_id, v):
# check for number of days for suspension # check for number of days for suspension
if 'form' in request.values: if 'form' in request.values:
days = int(request.form.get("days")) if request.form.get('days') else 0 days = int(request.values.get("days")) if request.values.get('days') else 0
reason = sanitize(request.form.get("reason", "")) reason = sanitize(request.values.get("reason", ""))
message = request.form.get("reason", "") message = request.values.get("reason", "")
else: else:
days = int(request.values.get("days")) if request.values.get('days') else 0 days = int(request.values.get("days")) if request.values.get('days') else 0
reason = sanitize(request.values.get("reason", "")) reason = sanitize(request.values.get("reason", ""))
@ -876,7 +876,7 @@ def ban_user(user_id, v):
user.ban(admin=v, reason=reason) user.ban(admin=v, reason=reason)
if request.form.get("alts", ""): if request.values.get("alts", ""):
for x in user.alts: for x in user.alts:
if x.admin_level > 0: break if x.admin_level > 0: break
x.ban(admin=v, reason=reason) x.ban(admin=v, reason=reason)
@ -894,7 +894,7 @@ def ban_user(user_id, v):
) )
g.db.add(ma) g.db.add(ma)
if 'reason' in request.args: if 'reason' in request.values:
if reason.startswith("/post/"): if reason.startswith("/post/"):
post = reason.split("/post/")[1] post = reason.split("/post/")[1]
post = get_post(post) post = get_post(post)
@ -924,7 +924,7 @@ def unban_user(user_id, v):
user.unban() user.unban()
if request.form.get("alts", ""): if request.values.get("alts", ""):
for x in user.alts: for x in user.alts:
if x.admin_level == 0: if x.admin_level == 0:
x.unban() x.unban()
@ -960,7 +960,7 @@ def ban_post(post_id, v):
post.is_pinned = False post.is_pinned = False
post.removed_by = v.id post.removed_by = v.id
ban_reason=request.form.get("reason", "") ban_reason=request.values.get("reason", "")
ban_reason = ban_reason.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") ban_reason = ban_reason.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
ban_reason = CustomRenderer().render(mistletoe.Document(ban_reason)) ban_reason = CustomRenderer().render(mistletoe.Document(ban_reason))
ban_reason = sanitize(ban_reason) ban_reason = sanitize(ban_reason)
@ -1169,10 +1169,10 @@ def admin_banned_domains(v):
@validate_formkey @validate_formkey
def admin_toggle_ban_domain(v): def admin_toggle_ban_domain(v):
domain=request.form.get("domain", "").strip() domain=request.values.get("domain", "").strip()
if not domain: abort(400) if not domain: abort(400)
reason=request.form.get("reason", "").strip() reason=request.values.get("reason", "").strip()
d = g.db.query(BannedDomain).options(lazyload('*')).filter_by(domain=domain).first() d = g.db.query(BannedDomain).options(lazyload('*')).filter_by(domain=domain).first()
if d: g.db.delete(d) if d: g.db.delete(d)
@ -1190,7 +1190,7 @@ def admin_toggle_ban_domain(v):
@validate_formkey @validate_formkey
def admin_nuke_user(v): def admin_nuke_user(v):
user=get_user(request.form.get("user")) user=get_user(request.values.get("user"))
for post in g.db.query(Submission).options(lazyload('*')).filter_by(author_id=user.id).all(): for post in g.db.query(Submission).options(lazyload('*')).filter_by(author_id=user.id).all():
if post.is_banned: if post.is_banned:
@ -1222,7 +1222,7 @@ def admin_nuke_user(v):
@validate_formkey @validate_formkey
def admin_nunuke_user(v): def admin_nunuke_user(v):
user=get_user(request.form.get("user")) user=get_user(request.values.get("user"))
for post in g.db.query(Submission).options(lazyload('*')).filter_by(author_id=user.id).all(): for post in g.db.query(Submission).options(lazyload('*')).filter_by(author_id=user.id).all():
if not post.is_banned: if not post.is_banned:
@ -1253,7 +1253,7 @@ def admin_nunuke_user(v):
@auth_required @auth_required
def chart(v): def chart(v):
days = int(request.args.get("days", 25)) days = int(request.values.get("days", 25))
now = time.gmtime() now = time.gmtime()
midnight_this_morning = time.struct_time((now.tm_year, midnight_this_morning = time.struct_time((now.tm_year,

View File

@ -191,7 +191,7 @@ def award_post(pid, v):
if v.is_suspended and v.unban_utc == 0: if v.is_suspended and v.unban_utc == 0:
return {"error": "forbidden."}, 403 return {"error": "forbidden."}, 403
kind = request.form.get("kind", "") kind = request.values.get("kind", "")
if kind not in AWARDS: if kind not in AWARDS:
return {"error": "That award doesn't exist."}, 404 return {"error": "That award doesn't exist."}, 404
@ -233,7 +233,7 @@ def award_post(pid, v):
msg = f"@{v.username} has given your [post]({post.permalink}) the {AWARDS[kind]['title']} Award!" msg = f"@{v.username} has given your [post]({post.permalink}) the {AWARDS[kind]['title']} Award!"
note = request.form.get("note", "") note = request.values.get("note", "")
if note: if note:
msg += f"\n\n> {note}" msg += f"\n\n> {note}"
@ -255,7 +255,7 @@ def award_comment(cid, v):
if v.is_suspended and v.unban_utc == 0: if v.is_suspended and v.unban_utc == 0:
return {"error": "forbidden"}, 403 return {"error": "forbidden"}, 403
kind = request.form.get("kind", "") kind = request.values.get("kind", "")
if kind not in AWARDS: if kind not in AWARDS:
return {"error": "That award doesn't exist."}, 404 return {"error": "That award doesn't exist."}, 404
@ -296,7 +296,7 @@ def award_comment(cid, v):
msg = f"@{v.username} has given your [comment]({c.permalink}) the {AWARDS[kind]['title']} Award!" msg = f"@{v.username} has given your [comment]({c.permalink}) the {AWARDS[kind]['title']} Award!"
note = request.form.get("note", "") note = request.values.get("note", "")
if note: if note:
msg += f"\n\n> {note}" msg += f"\n\n> {note}"
@ -328,14 +328,14 @@ def admin_userawards_post(v):
if v.admin_level < 6: if v.admin_level < 6:
abort(403) abort(403)
u = get_user(request.form.get("username", '1'), graceful=False, v=v) u = get_user(request.values.get("username", '1'), graceful=False, v=v)
notify_awards = {} notify_awards = {}
latest = g.db.query(AwardRelationship).order_by(AwardRelationship.id.desc()).first() latest = g.db.query(AwardRelationship).order_by(AwardRelationship.id.desc()).first()
thing = latest.id thing = latest.id
for key, value in request.form.items(): for key, value in request.values.items():
if key not in AWARDS: if key not in AWARDS:
continue continue

View File

@ -61,7 +61,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
post._preloaded_comments = [comment] post._preloaded_comments = [comment]
# context improver # context improver
try: context = int(request.args.get("context", 0)) try: context = int(request.values.get("context", 0))
except: context = 0 except: context = 0
comment_info = comment comment_info = comment
c = comment c = comment
@ -77,7 +77,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
if v: defaultsortingcomments = v.defaultsortingcomments if v: defaultsortingcomments = v.defaultsortingcomments
else: defaultsortingcomments = "top" else: defaultsortingcomments = "top"
sort=request.args.get("sort", defaultsortingcomments) sort=request.values.get("sort", defaultsortingcomments)
post.replies=[top_comment] post.replies=[top_comment]
@ -133,8 +133,8 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
@validate_formkey @validate_formkey
def api_comment(v): def api_comment(v):
parent_submission = request.form.get("submission") parent_submission = request.values.get("submission")
parent_fullname = request.form.get("parent_fullname") parent_fullname = request.values.get("parent_fullname")
# get parent item info # get parent item info
parent_id = parent_fullname.split("_")[1] parent_id = parent_fullname.split("_")[1]
@ -156,7 +156,7 @@ def api_comment(v):
abort(400) abort(400)
#process and sanitize #process and sanitize
body = request.form.get("body", "")[:10000] body = request.values.get("body", "")[:10000]
body = body.strip() body = body.strip()
if not body and not request.files.get('file'): return {"error":"You need to actually write something!"}, 400 if not body and not request.files.get('file'): return {"error":"You need to actually write something!"}, 400
@ -271,7 +271,7 @@ def api_comment(v):
parent_submission=parent_submission, parent_submission=parent_submission,
parent_comment_id=parent_comment_id, parent_comment_id=parent_comment_id,
level=level, level=level,
over_18=parent_post.over_18 or request.form.get("over_18","")=="true", over_18=parent_post.over_18 or request.values.get("over_18","")=="true",
is_bot=is_bot, is_bot=is_bot,
app_id=v.client.application.id if v.client else None app_id=v.client.application.id if v.client else None
) )
@ -288,7 +288,7 @@ def api_comment(v):
url = upload_ibb(file=file) url = upload_ibb(file=file)
body = request.form.get("body") + f"\n![]({url})" body = request.values.get("body") + f"\n![]({url})"
body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
body_md = CustomRenderer().render(mistletoe.Document(body)) body_md = CustomRenderer().render(mistletoe.Document(body))
body_html = sanitize(body_md) body_html = sanitize(body_md)
@ -605,7 +605,7 @@ def edit_comment(cid, v):
if c.is_banned or c.deleted_utc > 0: abort(403) if c.is_banned or c.deleted_utc > 0: abort(403)
body = request.form.get("body", "")[:10000] body = request.values.get("body", "")[:10000]
for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE): for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE):
if "wikipedia" not in i.group(1): body = body.replace(i.group(1), f'![]({i.group(1)})') if "wikipedia" not in i.group(1): body = body.replace(i.group(1), f'![]({i.group(1)})')
body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")

View File

@ -34,7 +34,7 @@ def discord_redirect(v):
#validate state #validate state
now=int(time.time()) now=int(time.time())
state=request.args.get('state','').split('.') state=request.values.get('state','').split('.')
timestamp=state[0] timestamp=state[0]
@ -47,7 +47,7 @@ def discord_redirect(v):
abort(400) abort(400)
#get discord token #get discord token
code = request.args.get("code","") code = request.values.get("code","")
if not code: if not code:
abort(400) abort(400)

View File

@ -21,7 +21,7 @@ def error_400(e, v):
def error_401(e): def error_401(e):
path = request.path path = request.path
qs = urlencode(dict(request.args)) qs = urlencode(dict(request.values))
argval = quote(f"{path}?{qs}", safe='') argval = quote(f"{path}?{qs}", safe='')
output = f"/login?redirect={argval}" output = f"/login?redirect={argval}"
@ -70,7 +70,7 @@ def error_500(e, v):
def allow_nsfw(): def allow_nsfw():
session["over_18"] = int(time.time()) + 3600 session["over_18"] = int(time.time()) + 3600
return redirect(request.form.get("redir", "/")) return redirect(request.values.get("redir", "/"))
@app.get("/error/<error>") @app.get("/error/<error>")

View File

@ -10,7 +10,7 @@ from files.__main__ import app
@app.get('/rss/<sort>/<t>') @app.get('/rss/<sort>/<t>')
def feeds_user(sort='hot', t='all'): def feeds_user(sort='hot', t='all'):
page = int(request.args.get("page", 1)) page = int(request.values.get("page", 1))
ids, next_exists = frontlist( ids, next_exists = frontlist(
sort=sort, sort=sort,

View File

@ -13,11 +13,11 @@ def slash_post():
@app.get("/notifications") @app.get("/notifications")
@auth_required @auth_required
def notifications(v): def notifications(v):
try: page = int(request.args.get('page', 1)) try: page = int(request.values.get('page', 1))
except: page = 1 except: page = 1
messages = request.args.get('messages', False) messages = request.values.get('messages', False)
modmail = request.args.get('modmail', False) modmail = request.values.get('modmail', False)
posts = request.args.get('posts', False) posts = request.values.get('posts', False)
if modmail and v.admin_level == 6: if modmail and v.admin_level == 6:
comments = g.db.query(Comment).filter(Comment.sentto==0).order_by(Comment.created_utc.desc()).offset(25*(page-1)).limit(26).all() comments = g.db.query(Comment).filter(Comment.sentto==0).order_by(Comment.created_utc.desc()).offset(25*(page-1)).limit(26).all()
next_exists = (len(comments) > 25) next_exists = (len(comments) > 25)
@ -230,7 +230,7 @@ def front_all(v):
if v and "logged_out" in request.full_path: v = None if v and "logged_out" in request.full_path: v = None
try: page = int(request.args.get("page") or 1) try: page = int(request.values.get("page") or 1)
except: abort(400) except: abort(400)
# prevent invalid paging # prevent invalid paging
@ -243,15 +243,15 @@ def front_all(v):
defaultsorting = "hot" defaultsorting = "hot"
defaulttime = defaulttimefilter defaulttime = defaulttimefilter
sort=request.args.get("sort", defaultsorting) sort=request.values.get("sort", defaultsorting)
t=request.args.get('t', defaulttime) t=request.values.get('t', defaulttime)
ids, next_exists = frontlist(sort=sort, ids, next_exists = frontlist(sort=sort,
page=page, page=page,
t=t, t=t,
v=v, v=v,
gt=int(request.args.get("utc_greater_than", 0)), gt=int(request.values.get("utc_greater_than", 0)),
lt=int(request.args.get("utc_less_than", 0)), lt=int(request.values.get("utc_less_than", 0)),
filter_words=v.filter_words if v else [], filter_words=v.filter_words if v else [],
) )
@ -339,18 +339,18 @@ def changeloglist(v=None, sort="new", page=1 ,t="all", **kwargs):
def changelog(v): def changelog(v):
page = int(request.args.get("page") or 1) page = int(request.values.get("page") or 1)
page = max(page, 1) page = max(page, 1)
sort=request.args.get("sort", "new") sort=request.values.get("sort", "new")
t=request.args.get('t', "all") t=request.values.get('t', "all")
ids = changeloglist(sort=sort, ids = changeloglist(sort=sort,
page=page, page=page,
t=t, t=t,
v=v, v=v,
gt=int(request.args.get("utc_greater_than", 0)), gt=int(request.values.get("utc_greater_than", 0)),
lt=int(request.args.get("utc_less_than", 0)), lt=int(request.values.get("utc_less_than", 0)),
) )
# check existence of next page # check existence of next page
@ -440,10 +440,10 @@ def comment_idlist(page=1, v=None, nsfw=False, sort="new", t="all", **kwargs):
def all_comments(v): def all_comments(v):
page = int(request.args.get("page", 1)) page = int(request.values.get("page", 1))
sort=request.args.get("sort", "new") sort=request.values.get("sort", "new")
t=request.args.get("t", defaulttimefilter) t=request.values.get("t", defaulttimefilter)
idlist = comment_idlist(v=v, idlist = comment_idlist(v=v,
page=page, page=page,

View File

@ -11,8 +11,8 @@ GIPHY_KEY = environ.get('GIPHY_KEY').rstrip()
@app.route("/giphy<path>", methods=["GET"]) @app.route("/giphy<path>", methods=["GET"])
def giphy(path=None): def giphy(path=None):
searchTerm = request.args.get("searchTerm", "") searchTerm = request.values.get("searchTerm", "")
limit = int(request.args.get("limit", 48)) limit = int(request.values.get("limit", 48))
if searchTerm and limit: if searchTerm and limit:
url = f"https://api.giphy.com/v1/gifs/search?q={searchTerm}&api_key={GIPHY_KEY}&limit={limit}" url = f"https://api.giphy.com/v1/gifs/search?q={searchTerm}&api_key={GIPHY_KEY}&limit={limit}"
elif searchTerm and not limit: elif searchTerm and not limit:

View File

@ -11,7 +11,7 @@ valid_password_regex = re.compile("^.{8,100}$")
@auth_desired @auth_desired
def login_get(v): def login_get(v):
redir = request.args.get("redirect", "/").replace("/logged_out", "") redir = request.values.get("redirect", "/").replace("/logged_out", "")
if v: if v:
return redirect(redir) return redirect(redir)
@ -78,7 +78,7 @@ def check_for_alts(current_id):
@limiter.limit("6/minute") @limiter.limit("6/minute")
def login_post(): def login_post():
username = request.form.get("username") username = request.values.get("username")
if not username: abort(400) if not username: abort(400)
if "@" in username: if "@" in username:
@ -93,9 +93,9 @@ def login_post():
# test password # test password
if request.form.get("password"): if request.values.get("password"):
if not account.verifyPass(request.form.get("password")): if not account.verifyPass(request.values.get("password")):
time.sleep(random.uniform(0, 2)) time.sleep(random.uniform(0, 2))
return render_template("login.html", failed=True) return render_template("login.html", failed=True)
@ -106,21 +106,21 @@ def login_post():
v=account, v=account,
time=now, time=now,
hash=hash, hash=hash,
redirect=request.form.get("redirect", "/") redirect=request.values.get("redirect", "/")
) )
elif request.form.get("2fa_token", "x"): elif request.values.get("2fa_token", "x"):
now = int(time.time()) now = int(time.time())
if now - int(request.form.get("time")) > 600: if now - int(request.values.get("time")) > 600:
return redirect('/login') return redirect('/login')
formhash = request.form.get("hash") formhash = request.values.get("hash")
if not validate_hash(f"{account.id}+{request.form.get('time')}+2fachallenge", if not validate_hash(f"{account.id}+{request.values.get('time')}+2fachallenge",
formhash formhash
): ):
return redirect("/login") return redirect("/login")
if not account.validate_2fa(request.form.get("2fa_token", "").strip()): if not account.validate_2fa(request.values.get("2fa_token", "").strip()):
hash = generate_hash(f"{account.id}+{time}+2fachallenge") hash = generate_hash(f"{account.id}+{time}+2fachallenge")
return render_template("login_2fa.html", return render_template("login_2fa.html",
v=account, v=account,
@ -145,7 +145,7 @@ def login_post():
# check for previous page # check for previous page
redir = request.form.get("redirect", "/").replace("/logged_out", "") redir = request.values.get("redirect", "/").replace("/logged_out", "")
g.db.commit() g.db.commit()
@ -184,7 +184,7 @@ def sign_up_get(v):
abort(403) abort(403)
# check for referral in link # check for referral in link
ref = request.args.get("ref", None) ref = request.values.get("ref", None)
if ref: if ref:
ref_user = g.db.query(User).options(lazyload('*')).filter(User.username.ilike(ref)).first() ref_user = g.db.query(User).options(lazyload('*')).filter(User.username.ilike(ref)).first()
@ -207,9 +207,9 @@ def sign_up_get(v):
digestmod='md5' digestmod='md5'
).hexdigest() ).hexdigest()
redir = request.args.get("redirect", "/").replace("/logged_out", "") redir = request.values.get("redirect", "/").replace("/logged_out", "")
error = request.args.get("error", None) error = request.values.get("error", None)
return render_template("sign_up.html", return render_template("sign_up.html",
formkey=formkey, formkey=formkey,
@ -235,8 +235,8 @@ def sign_up_post(v):
if not agent: if not agent:
abort(403) abort(403)
form_timestamp = request.form.get("now", '0') form_timestamp = request.values.get("now", '0')
form_formkey = request.form.get("formkey", "none") form_formkey = request.values.get("formkey", "none")
submitted_token = session.get("signup_token", "") submitted_token = session.get("signup_token", "")
if not submitted_token: if not submitted_token:
@ -251,16 +251,16 @@ def sign_up_post(v):
now = int(time.time()) now = int(time.time())
username = request.form.get("username").strip() username = request.values.get("username").strip()
# define function that takes an error message and generates a new signup # define function that takes an error message and generates a new signup
# form # form
def new_signup(error): def new_signup(error):
args = {"error": error} args = {"error": error}
if request.form.get("referred_by"): if request.values.get("referred_by"):
user = g.db.query(User).options(lazyload('*')).filter_by( user = g.db.query(User).options(lazyload('*')).filter_by(
id=request.form.get("referred_by")).first() id=request.values.get("referred_by")).first()
if user: if user:
args["ref"] = user.username args["ref"] = user.username
@ -275,19 +275,19 @@ def sign_up_post(v):
return new_signup("There was a problem. Please try again.") return new_signup("There was a problem. Please try again.")
# check for matched passwords # check for matched passwords
if not request.form.get( if not request.values.get(
"password") == request.form.get("password_confirm"): "password") == request.values.get("password_confirm"):
return new_signup("Passwords did not match. Please try again.") return new_signup("Passwords did not match. Please try again.")
# check username/pass conditions # check username/pass conditions
if not re.fullmatch(valid_username_regex, username): if not re.fullmatch(valid_username_regex, username):
return new_signup("Invalid username") return new_signup("Invalid username")
if not re.fullmatch(valid_password_regex, request.form.get("password")): if not re.fullmatch(valid_password_regex, request.values.get("password")):
return new_signup("Password must be between 8 and 100 characters.") return new_signup("Password must be between 8 and 100 characters.")
# Check for existing accounts # Check for existing accounts
email = request.form.get("email") email = request.values.get("email")
email = email.strip() email = email.strip()
if not email: email = None if not email: email = None
@ -303,7 +303,7 @@ def sign_up_post(v):
# check bot # check bot
if app.config.get("HCAPTCHA_SITEKEY"): if app.config.get("HCAPTCHA_SITEKEY"):
token = request.form.get("h-captcha-response") token = request.values.get("h-captcha-response")
if not token: if not token:
return new_signup("Unable to verify captcha [1].") return new_signup("Unable to verify captcha [1].")
@ -322,7 +322,7 @@ def sign_up_post(v):
session.pop("signup_token") session.pop("signup_token")
# get referral # get referral
ref_id = int(request.form.get("referred_by", 0)) ref_id = int(request.values.get("referred_by", 0))
# upgrade user badge # upgrade user badge
if ref_id: if ref_id:
@ -352,7 +352,7 @@ def sign_up_post(v):
username=username, username=username,
original_username = username, original_username = username,
admin_level = admin_level, admin_level = admin_level,
password=request.form.get("password"), password=request.values.get("password"),
email=email, email=email,
created_utc=int(time.time()), created_utc=int(time.time()),
referred_by=ref_id or None, referred_by=ref_id or None,
@ -392,8 +392,8 @@ def get_forgot():
@app.post("/forgot") @app.post("/forgot")
def post_forgot(): def post_forgot():
username = request.form.get("username").lstrip('@') username = request.values.get("username").lstrip('@')
email = request.form.get("email",'').strip() email = request.values.get("email",'').strip()
email=email.replace("_","\_") email=email.replace("_","\_")
@ -430,9 +430,9 @@ def post_forgot():
@app.get("/reset") @app.get("/reset")
def get_reset(): def get_reset():
user_id = request.args.get("id") user_id = request.values.get("id")
timestamp = int(request.args.get("time",0)) timestamp = int(request.values.get("time",0))
token = request.args.get("token") token = request.values.get("token")
now = int(time.time()) now = int(time.time())
@ -464,12 +464,12 @@ def post_reset(v):
if v: if v:
return redirect('/') return redirect('/')
user_id = request.form.get("user_id") user_id = request.values.get("user_id")
timestamp = int(request.form.get("time")) timestamp = int(request.values.get("time"))
token = request.form.get("token") token = request.values.get("token")
password = request.form.get("password") password = request.values.get("password")
confirm_password = request.form.get("confirm_password") confirm_password = request.values.get("confirm_password")
now = int(time.time()) now = int(time.time())
@ -514,7 +514,7 @@ def lost_2fa(v):
@limiter.limit("6/minute") @limiter.limit("6/minute")
def request_2fa_disable(): def request_2fa_disable():
username=request.form.get("username") username=request.values.get("username")
user=get_user(username, graceful=True) user=get_user(username, graceful=True)
if not user or not user.email or not user.mfa_secret: if not user or not user.email or not user.mfa_secret:
return render_template("message.html", return render_template("message.html",
@ -522,7 +522,7 @@ def request_2fa_disable():
message="If username, password, and email match, we will send you an email.") message="If username, password, and email match, we will send you an email.")
email=request.form.get("email") email=request.values.get("email")
if email != user.email and email.endswith("@gmail.com"): if email != user.email and email.endswith("@gmail.com"):
email=email.split('@')[0] email=email.split('@')[0]
email=email.split('+')[0] email=email.split('+')[0]
@ -534,7 +534,7 @@ def request_2fa_disable():
message="If username, password, and email match, we will send you an email.") message="If username, password, and email match, we will send you an email.")
password =request.form.get("password") password =request.values.get("password")
if not user.verifyPass(password): if not user.verifyPass(password):
return render_template("message.html", return render_template("message.html",
title="Removal request received", title="Removal request received",
@ -561,15 +561,15 @@ def request_2fa_disable():
def reset_2fa(): def reset_2fa():
now=int(time.time()) now=int(time.time())
t=int(request.args.get("t")) t=int(request.values.get("t"))
if now > t+3600*24: if now > t+3600*24:
return render_template("message.html", return render_template("message.html",
title="Expired Link", title="Expired Link",
error="That link has expired.") error="That link has expired.")
token=request.args.get("token") token=request.values.get("token")
uid=request.args.get("id") uid=request.values.get("id")
user=get_account(uid) user=get_account(uid)

View File

@ -9,7 +9,7 @@ from files.__main__ import app
@app.get("/authorize") @app.get("/authorize")
@auth_required @auth_required
def authorize_prompt(v): def authorize_prompt(v):
client_id = request.args.get("client_id") client_id = request.values.get("client_id")
application = g.db.query(OauthApp).options(lazyload('*')).filter_by(client_id=client_id).first() application = g.db.query(OauthApp).options(lazyload('*')).filter_by(client_id=client_id).first()
if not application: return {"oauth_error": "Invalid `client_id`"}, 401 if not application: return {"oauth_error": "Invalid `client_id`"}, 401
return render_template("oauth.html", v=v, application=application) return render_template("oauth.html", v=v, application=application)
@ -20,7 +20,7 @@ def authorize_prompt(v):
@validate_formkey @validate_formkey
def authorize(v): def authorize(v):
client_id = request.form.get("client_id") client_id = request.values.get("client_id")
application = g.db.query(OauthApp).options(lazyload('*')).filter_by(client_id=client_id).first() application = g.db.query(OauthApp).options(lazyload('*')).filter_by(client_id=client_id).first()
if not application: return {"oauth_error": "Invalid `client_id`"}, 401 if not application: return {"oauth_error": "Invalid `client_id`"}, 401
access_token = secrets.token_urlsafe(128)[:128] access_token = secrets.token_urlsafe(128)[:128]
@ -42,15 +42,15 @@ def authorize(v):
def request_api_keys(v): def request_api_keys(v):
new_app = OauthApp( new_app = OauthApp(
app_name=request.form.get('name'), app_name=request.values.get('name'),
redirect_uri=request.form.get('redirect_uri'), redirect_uri=request.values.get('redirect_uri'),
author_id=v.id, author_id=v.id,
description=request.form.get("description")[:256] description=request.values.get("description")[:256]
) )
g.db.add(new_app) g.db.add(new_app)
send_admin(NOTIFICATIONS_ACCOUNT, f"{v.username} has requested API keys for `{request.form.get('name')}`. You can approve or deny the request [here](/admin/apps).") send_admin(NOTIFICATIONS_ACCOUNT, f"{v.username} has requested API keys for `{request.values.get('name')}`. You can approve or deny the request [here](/admin/apps).")
g.db.commit() g.db.commit()
@ -83,9 +83,9 @@ def edit_oauth_app(v, aid):
aid = int(aid) aid = int(aid)
app = g.db.query(OauthApp).options(lazyload('*')).filter_by(id=aid).first() app = g.db.query(OauthApp).options(lazyload('*')).filter_by(id=aid).first()
app.redirect_uri = request.form.get('redirect_uri') app.redirect_uri = request.values.get('redirect_uri')
app.app_name = request.form.get('name') app.app_name = request.values.get('name')
app.description = request.form.get("description")[:256] app.description = request.values.get("description")[:256]
g.db.add(app) g.db.add(app)
@ -168,7 +168,7 @@ def admin_app_id(v, aid):
OauthApp.author)).filter_by( OauthApp.author)).filter_by(
id=aid).first() id=aid).first()
pids=oauth.idlist(page=int(request.args.get("page",1)), pids=oauth.idlist(page=int(request.values.get("page",1)),
) )
next_exists=len(pids)==101 next_exists=len(pids)==101
@ -194,7 +194,7 @@ def admin_app_id_comments(v, aid):
OauthApp.author)).filter_by( OauthApp.author)).filter_by(
id=aid).first() id=aid).first()
cids=oauth.comments_idlist(page=int(request.args.get("page",1)), cids=oauth.comments_idlist(page=int(request.values.get("page",1)),
) )
next_exists=len(cids)==101 next_exists=len(cids)==101

View File

@ -91,7 +91,7 @@ def post_id(pid, anything=None, v=None):
if v: defaultsortingcomments = v.defaultsortingcomments if v: defaultsortingcomments = v.defaultsortingcomments
else: defaultsortingcomments = "top" else: defaultsortingcomments = "top"
sort=request.args.get("sort", defaultsortingcomments) sort=request.values.get("sort", defaultsortingcomments)
try: pid = int(pid) try: pid = int(pid)
except: except:
@ -242,8 +242,8 @@ def edit_post(pid, v):
if not p.author_id == v.id: abort(403) if not p.author_id == v.id: abort(403)
title = request.form.get("title") title = request.values.get("title")
body = request.form.get("body", "") body = request.values.get("body", "")
if title != p.title: if title != p.title:
p.title = title p.title = title
@ -397,7 +397,7 @@ def edit_post(pid, v):
@auth_required @auth_required
def get_post_title(v): def get_post_title(v):
url = request.args.get("url", None) url = request.values.get("url", None)
if not url: if not url:
return abort(400) return abort(400)
@ -601,8 +601,8 @@ def thumbs(new_post):
@validate_formkey @validate_formkey
def submit_post(v): def submit_post(v):
title = request.form.get("title", "") title = request.values.get("title", "")
url = request.form.get("url", "") url = request.values.get("url", "")
if url: if url:
if "/i.imgur.com/" in url: url = url.replace(".png", ".webp").replace(".jpg", ".webp").replace(".jpeg", ".webp") if "/i.imgur.com/" in url: url = url.replace(".png", ".webp").replace(".jpg", ".webp").replace(".jpeg", ".webp")
@ -633,24 +633,24 @@ def submit_post(v):
if not title: if not title:
if request.headers.get("Authorization"): return {"error": "Please enter a better title"}, 400 if request.headers.get("Authorization"): return {"error": "Please enter a better title"}, 400
else: return render_template("submit.html", v=v, error="Please enter a better title.", title=title, url=url, body=request.form.get("body", "")), 400 else: return render_template("submit.html", v=v, error="Please enter a better title.", title=title, url=url, body=request.values.get("body", "")), 400
elif len(title) > 500: elif len(title) > 500:
if request.headers.get("Authorization"): return {"error": "500 character limit for titles"}, 400 if request.headers.get("Authorization"): return {"error": "500 character limit for titles"}, 400
else: render_template("submit.html", v=v, error="500 character limit for titles.", title=title[:500], url=url, body=request.form.get("body", "")), 400 else: render_template("submit.html", v=v, error="500 character limit for titles.", title=title[:500], url=url, body=request.values.get("body", "")), 400
parsed_url = urlparse(url) parsed_url = urlparse(url)
if not (parsed_url.scheme and parsed_url.netloc) and not request.form.get( if not (parsed_url.scheme and parsed_url.netloc) and not request.values.get(
"body") and not request.files.get("file", None): "body") and not request.files.get("file", None):
if request.headers.get("Authorization"): return {"error": "`url` or `body` parameter required."}, 400 if request.headers.get("Authorization"): return {"error": "`url` or `body` parameter required."}, 400
else: return render_template("submit.html", v=v, error="Please enter a url or some text.", title=title, url=url, body=request.form.get("body", "")), 400 else: return render_template("submit.html", v=v, error="Please enter a url or some text.", title=title, url=url, body=request.values.get("body", "")), 400
# Force https for submitted urls # Force https for submitted urls
if request.form.get("url"): if request.values.get("url"):
new_url = ParseResult(scheme="https", new_url = ParseResult(scheme="https",
netloc=parsed_url.netloc, netloc=parsed_url.netloc,
path=parsed_url.path, path=parsed_url.path,
@ -661,7 +661,7 @@ def submit_post(v):
else: else:
url = "" url = ""
body = request.form.get("body", "") body = request.values.get("body", "")
# check for duplicate # check for duplicate
dup = g.db.query(Submission).join(Submission.submission_aux).options(lazyload('*')).filter( dup = g.db.query(Submission).join(Submission.submission_aux).options(lazyload('*')).filter(
@ -691,7 +691,7 @@ def submit_post(v):
v.ban(reason="Sexualizing minors") v.ban(reason="Sexualizing minors")
if request.headers.get("Authorization"): return {"error":"ToS violation"}, 400 if request.headers.get("Authorization"): return {"error":"ToS violation"}, 400
else: return render_template("submit.html", v=v, error="ToS Violation", title=title, url=url, body=request.form.get("body", "")), 400 else: return render_template("submit.html", v=v, error="ToS Violation", title=title, url=url, body=request.values.get("body", "")), 400
if "twitter.com" in domain: if "twitter.com" in domain:
try: embed = requests.get("https://publish.twitter.com/oembed", params={"url":url, "omit_script":"t"}).json()["html"] try: embed = requests.get("https://publish.twitter.com/oembed", params={"url":url, "omit_script":"t"}).json()["html"]
@ -794,12 +794,12 @@ def submit_post(v):
if len(str(body)) > 10000: if len(str(body)) > 10000:
if request.headers.get("Authorization"): return {"error":"10000 character limit for text body."}, 400 if request.headers.get("Authorization"): return {"error":"10000 character limit for text body."}, 400
else: return render_template("submit.html", v=v, error="10000 character limit for text body.", title=title, url=url, body=request.form.get("body", "")), 400 else: return render_template("submit.html", v=v, error="10000 character limit for text body.", title=title, url=url, body=request.values.get("body", "")), 400
if len(url) > 2048: if len(url) > 2048:
if request.headers.get("Authorization"): return {"error":"2048 character limit for URLs."}, 400 if request.headers.get("Authorization"): return {"error":"2048 character limit for URLs."}, 400
else: return render_template("submit.html", v=v, error="2048 character limit for URLs.", title=title, url=url,body=request.form.get("body", "")), 400 else: return render_template("submit.html", v=v, error="2048 character limit for URLs.", title=title, url=url,body=request.values.get("body", "")), 400
# render text # render text
for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE): for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE):
@ -822,7 +822,7 @@ def submit_post(v):
abort(403) abort(403)
if request.headers.get("Authorization"): return {"error": reason}, 403 if request.headers.get("Authorization"): return {"error": reason}, 403
else: return render_template("submit.html", v=v, error=reason, title=title, url=url, body=request.form.get("body", "")), 403 else: return render_template("submit.html", v=v, error=reason, title=title, url=url, body=request.values.get("body", "")), 403
# check spam # check spam
soup = BeautifulSoup(body_html, features="html.parser") soup = BeautifulSoup(body_html, features="html.parser")
@ -853,19 +853,19 @@ def submit_post(v):
return redirect('/notifications') return redirect('/notifications')
else: else:
if request.headers.get("Authorization"): return {"error": f"The link `{badlink.link}` is not allowed. Reason: {badlink.reason}"}, 400 if request.headers.get("Authorization"): return {"error": f"The link `{badlink.link}` is not allowed. Reason: {badlink.reason}"}, 400
else: return render_template("submit.html", v=v, error=f"The link `{badlink.link}` is not allowed. Reason: {badlink.reason}.", title=title, url=url, body=request.form.get("body", "")), 400 else: return render_template("submit.html", v=v, error=f"The link `{badlink.link}` is not allowed. Reason: {badlink.reason}.", title=title, url=url, body=request.values.get("body", "")), 400
# check for embeddable video # check for embeddable video
domain = parsed_url.netloc domain = parsed_url.netloc
if v.paid_dues: club = bool(request.form.get("club","")) if v.paid_dues: club = bool(request.values.get("club",""))
else: club = False else: club = False
new_post = Submission( new_post = Submission(
private=bool(request.form.get("private","")), private=bool(request.values.get("private","")),
club=club, club=club,
author_id=v.id, author_id=v.id,
over_18=bool(request.form.get("over_18","")), over_18=bool(request.values.get("over_18","")),
app_id=v.client.application.id if v.client else None, app_id=v.client.application.id if v.client else None,
is_bot = request.headers.get("X-User-Type","").lower()=="bot" is_bot = request.headers.get("X-User-Type","").lower()=="bot"
) )
@ -905,11 +905,11 @@ def submit_post(v):
file = request.files['file'] file = request.files['file']
#if not file.content_type.startswith('image/'): #if not file.content_type.startswith('image/'):
# if request.headers.get("Authorization"): return {"error": f"Image files only"}, 400 # if request.headers.get("Authorization"): return {"error": f"Image files only"}, 400
# else: return render_template("submit.html", v=v, error=f"Image files only.", title=title, body=request.form.get("body", "")), 400 # else: return render_template("submit.html", v=v, error=f"Image files only.", title=title, body=request.values.get("body", "")), 400
if not file.content_type.startswith(('image/', 'video/')): if not file.content_type.startswith(('image/', 'video/')):
if request.headers.get("Authorization"): return {"error": f"File type not allowed"}, 400 if request.headers.get("Authorization"): return {"error": f"File type not allowed"}, 400
else: return render_template("submit.html", v=v, error=f"File type not allowed.", title=title, body=request.form.get("body", "")), 400 else: return render_template("submit.html", v=v, error=f"File type not allowed.", title=title, body=request.values.get("body", "")), 400
if file.content_type.startswith('video/') and v.coins < app.config["VIDEO_COIN_REQUIREMENT"] and v.admin_level < 1: if file.content_type.startswith('video/') and v.coins < app.config["VIDEO_COIN_REQUIREMENT"] and v.admin_level < 1:
if request.headers.get("Authorization"): if request.headers.get("Authorization"):
@ -922,7 +922,7 @@ def submit_post(v):
v=v, v=v,
error=f"You need at least {app.config['VIDEO_COIN_REQUIREMENT']} coins to upload videos.", error=f"You need at least {app.config['VIDEO_COIN_REQUIREMENT']} coins to upload videos.",
title=title, title=title,
body=request.form.get("body", "") body=request.values.get("body", "")
), 403 ), 403
if file.content_type.startswith('image/'): if file.content_type.startswith('image/'):
@ -946,7 +946,7 @@ def submit_post(v):
v=v, v=v,
error=str(e), error=str(e),
title=title, title=title,
body=request.form.get("body", "") body=request.values.get("body", "")
), 400 ), 400
g.db.add(new_post) g.db.add(new_post)

View File

@ -16,7 +16,7 @@ def api_flag_post(pid, v):
if existing: return "", 409 if existing: return "", 409
reason = request.form.get("reason", "").strip()[:100] reason = request.values.get("reason", "").strip()[:100]
if "<" in reason: return {"error": f"Reasons can't contain <"} if "<" in reason: return {"error": f"Reasons can't contain <"}
for i in re.finditer(':(.{1,30}?):', reason): for i in re.finditer(':(.{1,30}?):', reason):
@ -47,7 +47,7 @@ def api_flag_comment(cid, v):
user_id=v.id, comment_id=comment.id).first() user_id=v.id, comment_id=comment.id).first()
if existing: return "", 409 if existing: return "", 409
reason = request.form.get("reason", "").strip()[:100] reason = request.values.get("reason", "").strip()[:100]
if "<" in reason: return {"error": f"Reasons can't contain <"} if "<" in reason: return {"error": f"Reasons can't contain <"}
for i in re.finditer(':(.{1,30}?):', reason): for i in re.finditer(':(.{1,30}?):', reason):

View File

@ -203,12 +203,12 @@ def searchcommentlisting(criteria, v=None, page=1, t="None", sort="top"):
def searchposts(v): def searchposts(v):
query = request.args.get("q", '').strip() query = request.values.get("q", '').strip()
page = max(1, int(request.args.get("page", 1))) page = max(1, int(request.values.get("page", 1)))
sort = request.args.get("sort", "top").lower() sort = request.values.get("sort", "top").lower()
t = request.args.get('t', 'all').lower() t = request.values.get('t', 'all').lower()
criteria=searchparse(query) criteria=searchparse(query)
total, ids = searchlisting(criteria, v=v, page=page, t=t, sort=sort) total, ids = searchlisting(criteria, v=v, page=page, t=t, sort=sort)
@ -244,13 +244,13 @@ def searchposts(v):
def searchcomments(v): def searchcomments(v):
query = request.args.get("q", '').strip() query = request.values.get("q", '').strip()
try: page = max(1, int(request.args.get("page", 1))) try: page = max(1, int(request.values.get("page", 1)))
except: page = 1 except: page = 1
sort = request.args.get("sort", "top").lower() sort = request.values.get("sort", "top").lower()
t = request.args.get('t', 'all').lower() t = request.values.get('t', 'all').lower()
criteria=searchparse(query) criteria=searchparse(query)
total, ids = searchcommentlisting(criteria, v=v, page=page, t=t, sort=sort) total, ids = searchcommentlisting(criteria, v=v, page=page, t=t, sort=sort)
@ -269,11 +269,11 @@ def searchcomments(v):
def searchusers(v): def searchusers(v):
query = request.args.get("q", '').strip() query = request.values.get("q", '').strip()
page = max(1, int(request.args.get("page", 1))) page = max(1, int(request.values.get("page", 1)))
sort = request.args.get("sort", "top").lower() sort = request.values.get("sort", "top").lower()
t = request.args.get('t', 'all').lower() t = request.values.get('t', 'all').lower()
term=query.lstrip('@') term=query.lstrip('@')
term=term.replace('\\','') term=term.replace('\\','')
term=term.replace('_','\_') term=term.replace('_','\_')

View File

@ -267,7 +267,7 @@ def changelogsub(v):
@auth_required @auth_required
@validate_formkey @validate_formkey
def namecolor(v): def namecolor(v):
color = str(request.form.get("color", "")).strip() color = str(request.values.get("color", "")).strip()
if color.startswith('#'): color = color[1:] if color.startswith('#'): color = color[1:]
if len(color) != 6: return render_template("settings_security.html", v=v, error="Invalid color code") if len(color) != 6: return render_template("settings_security.html", v=v, error="Invalid color code")
v.namecolor = color v.namecolor = color
@ -279,7 +279,7 @@ def namecolor(v):
@auth_required @auth_required
@validate_formkey @validate_formkey
def themecolor(v): def themecolor(v):
themecolor = str(request.form.get("themecolor", "")).strip() themecolor = str(request.values.get("themecolor", "")).strip()
if themecolor.startswith('#'): themecolor = themecolor[1:] if themecolor.startswith('#'): themecolor = themecolor[1:]
if len(themecolor) != 6: return render_template("settings_security.html", v=v, error="Invalid color code") if len(themecolor) != 6: return render_template("settings_security.html", v=v, error="Invalid color code")
v.themecolor = themecolor v.themecolor = themecolor
@ -368,7 +368,7 @@ def gumroad(v):
@auth_required @auth_required
@validate_formkey @validate_formkey
def titlecolor(v): def titlecolor(v):
titlecolor = str(request.form.get("titlecolor", "")).strip() titlecolor = str(request.values.get("titlecolor", "")).strip()
if titlecolor.startswith('#'): titlecolor = titlecolor[1:] if titlecolor.startswith('#'): titlecolor = titlecolor[1:]
if len(titlecolor) != 6: return render_template("settings_security.html", v=v, error="Invalid color code") if len(titlecolor) != 6: return render_template("settings_security.html", v=v, error="Invalid color code")
v.titlecolor = titlecolor v.titlecolor = titlecolor
@ -381,22 +381,22 @@ def titlecolor(v):
@auth_required @auth_required
@validate_formkey @validate_formkey
def settings_security_post(v): def settings_security_post(v):
if request.form.get("new_password"): if request.values.get("new_password"):
if request.form.get( if request.values.get(
"new_password") != request.form.get("cnf_password"): "new_password") != request.values.get("cnf_password"):
return redirect("/settings/security?error=" + return redirect("/settings/security?error=" +
escape("Passwords do not match.")) escape("Passwords do not match."))
if not re.match(valid_password_regex, request.form.get("new_password")): if not re.match(valid_password_regex, request.values.get("new_password")):
#print(f"signup fail - {username } - invalid password") #print(f"signup fail - {username } - invalid password")
return redirect("/settings/security?error=" + return redirect("/settings/security?error=" +
escape("Password must be between 8 and 100 characters.")) escape("Password must be between 8 and 100 characters."))
if not v.verifyPass(request.form.get("old_password")): if not v.verifyPass(request.values.get("old_password")):
return render_template( return render_template(
"settings_security.html", v=v, error="Incorrect password") "settings_security.html", v=v, error="Incorrect password")
v.passhash = v.hash_password(request.form.get("new_password")) v.passhash = v.hash_password(request.values.get("new_password"))
g.db.add(v) g.db.add(v)
@ -405,13 +405,13 @@ def settings_security_post(v):
return redirect("/settings/security?msg=" + return redirect("/settings/security?msg=" +
escape("Your password has been changed.")) escape("Your password has been changed."))
if request.form.get("new_email"): if request.values.get("new_email"):
if not v.verifyPass(request.form.get('password')): if not v.verifyPass(request.values.get('password')):
return redirect("/settings/security?error=" + return redirect("/settings/security?error=" +
escape("Invalid password.")) escape("Invalid password."))
new_email = request.form.get("new_email","").strip() new_email = request.values.get("new_email","").strip()
if new_email == v.email: if new_email == v.email:
return redirect("/settings/security?error=That email is already yours!") return redirect("/settings/security?error=That email is already yours!")
@ -441,15 +441,15 @@ def settings_security_post(v):
return redirect("/settings/security?msg=" + escape( return redirect("/settings/security?msg=" + escape(
"Check your email and click the verification link to complete the email change.")) "Check your email and click the verification link to complete the email change."))
if request.form.get("2fa_token", ""): if request.values.get("2fa_token", ""):
if not v.verifyPass(request.form.get('password')): if not v.verifyPass(request.values.get('password')):
return redirect("/settings/security?error=" + return redirect("/settings/security?error=" +
escape("Invalid password or token.")) escape("Invalid password or token."))
secret = request.form.get("2fa_secret") secret = request.values.get("2fa_secret")
x = pyotp.TOTP(secret) x = pyotp.TOTP(secret)
if not x.verify(request.form.get("2fa_token"), valid_window=1): if not x.verify(request.values.get("2fa_token"), valid_window=1):
return redirect("/settings/security?error=" + return redirect("/settings/security?error=" +
escape("Invalid password or token.")) escape("Invalid password or token."))
@ -461,13 +461,13 @@ def settings_security_post(v):
return redirect("/settings/security?msg=" + return redirect("/settings/security?msg=" +
escape("Two-factor authentication enabled.")) escape("Two-factor authentication enabled."))
if request.form.get("2fa_remove", ""): if request.values.get("2fa_remove", ""):
if not v.verifyPass(request.form.get('password')): if not v.verifyPass(request.values.get('password')):
return redirect("/settings/security?error=" + return redirect("/settings/security?error=" +
escape("Invalid password or token.")) escape("Invalid password or token."))
token = request.form.get("2fa_remove") token = request.values.get("2fa_remove")
if not v.validate_2fa(token): if not v.validate_2fa(token):
return redirect("/settings/security?error=" + return redirect("/settings/security?error=" +
@ -486,7 +486,7 @@ def settings_security_post(v):
@validate_formkey @validate_formkey
def settings_log_out_others(v): def settings_log_out_others(v):
submitted_password = request.form.get("password", "") submitted_password = request.values.get("password", "")
if not v.verifyPass(submitted_password): if not v.verifyPass(submitted_password):
return render_template("settings_security.html", return render_template("settings_security.html",
@ -596,7 +596,7 @@ def settings_css_get(v):
@app.post("/settings/css") @app.post("/settings/css")
@auth_required @auth_required
def settings_css(v): def settings_css(v):
css = request.form.get("css").replace('\\', '')[:50000] css = request.values.get("css").replace('\\', '')[:50000]
if not v.agendaposter: if not v.agendaposter:
v.css = css v.css = css
@ -618,7 +618,7 @@ def settings_profilecss_get(v):
@auth_required @auth_required
def settings_profilecss(v): def settings_profilecss(v):
if v.coins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a patron to set profile css." if v.coins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a patron to set profile css."
profilecss = request.form.get("profilecss").replace('\\', '')[:50000] profilecss = request.values.get("profilecss").replace('\\', '')[:50000]
v.profilecss = profilecss v.profilecss = profilecss
g.db.add(v) g.db.add(v)
g.db.commit() g.db.commit()
@ -727,7 +727,7 @@ def settings_content_get(v):
@validate_formkey @validate_formkey
def settings_name_change(v): def settings_name_change(v):
new_name=request.form.get("name").strip() new_name=request.values.get("name").strip()
#make sure name is different #make sure name is different
if new_name==v.username: if new_name==v.username:
@ -775,7 +775,7 @@ def settings_name_change(v):
@auth_required @auth_required
@validate_formkey @validate_formkey
def settings_song_change(v): def settings_song_change(v):
song=request.form.get("song").strip() song=request.values.get("song").strip()
if song == "" and v.song and path.isfile(f"/songs/{v.song}.mp3") and g.db.query(User).options(lazyload('*')).filter_by(song=v.song).count() == 1: if song == "" and v.song and path.isfile(f"/songs/{v.song}.mp3") and g.db.query(User).options(lazyload('*')).filter_by(song=v.song).count() == 1:
os.remove(f"/songs/{v.song}.mp3") os.remove(f"/songs/{v.song}.mp3")
@ -860,7 +860,7 @@ def settings_title_change(v):
if v.flairchanged: abort(403) if v.flairchanged: abort(403)
new_name=request.form.get("title").strip()[:100].replace("𒐪","") new_name=request.values.get("title").strip()[:100].replace("𒐪","")
#make sure name is different #make sure name is different
if new_name==v.customtitle: if new_name==v.customtitle:

View File

@ -97,7 +97,7 @@ def admins(v):
# @auth_desired # @auth_desired
# def log(v): # def log(v):
# page=int(request.args.get("page",1)) # page=int(request.values.get("page",1))
# if v and v.admin_level == 6: actions = g.db.query(ModAction).order_by(ModAction.id.desc()).offset(25 * (page - 1)).limit(26).all() # if v and v.admin_level == 6: actions = g.db.query(ModAction).order_by(ModAction.id.desc()).offset(25 * (page - 1)).limit(26).all()
# else: actions=g.db.query(ModAction).options(lazyload('*')).filter(ModAction.kind!="shadowban", ModAction.kind!="unshadowban", ModAction.kind!="club", ModAction.kind!="unclub").order_by(ModAction.id.desc()).offset(25*(page-1)).limit(26).all() # else: actions=g.db.query(ModAction).options(lazyload('*')).filter(ModAction.kind!="shadowban", ModAction.kind!="unshadowban", ModAction.kind!="club", ModAction.kind!="unclub").order_by(ModAction.id.desc()).offset(25*(page-1)).limit(26).all()
@ -150,7 +150,7 @@ def contact(v):
@app.post("/contact") @app.post("/contact")
@auth_desired @auth_desired
def submit_contact(v): def submit_contact(v):
message = f'This message has been sent automatically to all admins via https://{site}/contact, user email is "{v.email}"\n\nMessage:\n\n' + request.form.get("message", "") message = f'This message has been sent automatically to all admins via https://{site}/contact, user email is "{v.email}"\n\nMessage:\n\n' + request.values.get("message", "")
send_admin(v.id, message) send_admin(v.id, message)
g.db.commit() g.db.commit()
return render_template("contact.html", v=v, msg="Your message has been sent.") return render_template("contact.html", v=v, msg="Your message has been sent.")
@ -254,8 +254,8 @@ def settings_security(v):
return render_template("settings_security.html", return render_template("settings_security.html",
v=v, v=v,
mfa_secret=pyotp.random_base32() if not v.mfa_secret else None, mfa_secret=pyotp.random_base32() if not v.mfa_secret else None,
error=request.args.get("error") or None, error=request.values.get("error") or None,
msg=request.args.get("msg") or None msg=request.values.get("msg") or None
) )
@app.post("/dismiss_mobile_tip") @app.post("/dismiss_mobile_tip")

View File

@ -120,7 +120,7 @@ def transfer_coins(v, username):
if receiver is None: return {"error": "That user doesn't exist."}, 404 if receiver is None: return {"error": "That user doesn't exist."}, 404
if receiver.id != v.id: if receiver.id != v.id:
amount = request.form.get("amount", "") amount = request.values.get("amount", "")
amount = int(amount) if amount.isdigit() else None amount = int(amount) if amount.isdigit() else None
if amount is None or amount <= 0: return {"error": f"Invalid amount of {app.config['COINS_NAME']}."}, 400 if amount is None or amount <= 0: return {"error": f"Invalid amount of {app.config['COINS_NAME']}."}, 400
@ -210,7 +210,7 @@ def message2(v, username):
user = get_user(username, v=v) user = get_user(username, v=v)
if user.is_blocking: return {"error": "You're blocking this user."}, 403 if user.is_blocking: return {"error": "You're blocking this user."}, 403
if user.is_blocked: return {"error": "This user is blocking you."}, 403 if user.is_blocked: return {"error": "This user is blocking you."}, 403
message = request.form.get("message", "")[:1000].strip() message = request.values.get("message", "")[:1000].strip()
message = message.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") message = message.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
@ -248,8 +248,8 @@ def message2(v, username):
@auth_required @auth_required
def messagereply(v): def messagereply(v):
message = request.form.get("body", "")[:1000].strip() message = request.values.get("body", "")[:1000].strip()
id = int(request.form.get("parent_id")) id = int(request.values.get("parent_id"))
parent = get_comment(id, v=v) parent = get_comment(id, v=v)
user = parent.author user = parent.author
message = message.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n") message = message.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n").replace("\n\n\n", "\n\n")
@ -421,9 +421,9 @@ def u_username(username, v=None):
else: return render_template("userpage_blocked.html", u=u, v=v) else: return render_template("userpage_blocked.html", u=u, v=v)
sort = request.args.get("sort", "new") sort = request.values.get("sort", "new")
t = request.args.get("t", "all") t = request.values.get("t", "all")
page = int(request.args.get("page", "1")) page = int(request.values.get("page", "1"))
page = max(page, 1) page = max(page, 1)
ids = u.userpagelisting(v=v, page=page, sort=sort, t=t) ids = u.userpagelisting(v=v, page=page, sort=sort, t=t)
@ -520,9 +520,9 @@ def u_username_comments(username, v=None):
v=v) v=v)
page = int(request.args.get("page", "1")) page = int(request.values.get("page", "1"))
sort=request.args.get("sort","new") sort=request.values.get("sort","new")
t=request.args.get("t","all") t=request.values.get("t","all")
comments = u.comments.options(lazyload('*')).filter(Comment.parent_submission != None) comments = u.comments.options(lazyload('*')).filter(Comment.parent_submission != None)
@ -649,7 +649,7 @@ def user_profile_uid(id):
@auth_required @auth_required
def saved_posts(v, username): def saved_posts(v, username):
page=int(request.args.get("page",1)) page=int(request.values.get("page",1))
ids=v.saved_idlist(page=page) ids=v.saved_idlist(page=page)
@ -673,7 +673,7 @@ def saved_posts(v, username):
@auth_required @auth_required
def saved_comments(v, username): def saved_comments(v, username):
page=int(request.args.get("page",1)) page=int(request.values.get("page",1))
ids=v.saved_comment_idlist(page=page) ids=v.saved_comment_idlist(page=page)

View File

@ -10,7 +10,7 @@ from files.__main__ import app
def admin_vote_info_get(v): def admin_vote_info_get(v):
link = request.args.get("link") link = request.values.get("link")
if not link: return render_template("votes.html", v=v) if not link: return render_template("votes.html", v=v)
try: try:

View File

@ -8,22 +8,22 @@
{% block content %} {% block content %}
{% if request.args.get('error') or error %} {% if request.values.get('error') or error %}
<div class="alert alert-danger alert-dismissible fade show my-3" role="alert"> <div class="alert alert-danger alert-dismissible fade show my-3" role="alert">
<i class="fas fa-exclamation-circle my-auto"></i> <i class="fas fa-exclamation-circle my-auto"></i>
<span> <span>
{{error if error else request.args.get('error')}} {{error if error else request.values.get('error')}}
</span> </span>
<button type="button" class="close" data-dismiss="alert" aria-label="Close"> <button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true"><i class="far fa-times"></i></span> <span aria-hidden="true"><i class="far fa-times"></i></span>
</button> </button>
</div> </div>
{% endif %} {% endif %}
{% if request.args.get('msg') or msg %} {% if request.values.get('msg') or msg %}
<div class="alert alert-success alert-dismissible fade show my-3" role="alert"> <div class="alert alert-success alert-dismissible fade show my-3" role="alert">
<i class="fas fa-check-circle my-auto" aria-hidden="true"></i> <i class="fas fa-check-circle my-auto" aria-hidden="true"></i>
<span> <span>
{{msg if msg else request.args.get('msg')}} {{msg if msg else request.values.get('msg')}}
</span> </span>
<button type="button" class="close" data-dismiss="alert" aria-label="Close"> <button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true"><i class="far fa-times"></i></span> <span aria-hidden="true"><i class="far fa-times"></i></span>

View File

@ -22,7 +22,7 @@
</div> </div>
<div class="flex-grow-1 d-fl d-none d-md-block"> <div class="flex-grow-1 d-fl d-none d-md-block">
<form class="form-inline search flex-nowrap mx-0 mx-lg-auto" action="/search/posts/" method="get"> <form class="form-inline search flex-nowrap mx-0 mx-lg-auto" action="/search/posts/" method="get">
<input class="form-control w-100" type="search" placeholder="Search" aria-label="Search" name="q" value="{{request.args.get('q', '')}}"> <input class="form-control w-100" type="search" placeholder="Search" aria-label="Search" name="q" value="{{request.values.get('q', '')}}">
<span class="input-group-append"> <span class="input-group-append">
<span class="input-group-text border-0 bg-transparent" style="margin-left: -2.5rem;"> <span class="input-group-text border-0 bg-transparent" style="margin-left: -2.5rem;">
<i class="fa fa-search" aria-hidden="true"></i> <i class="fa fa-search" aria-hidden="true"></i>

View File

@ -76,7 +76,7 @@
<h1 class="h4 font-weight-normal text-center">Whoops! You can't refer yourself!</h1> <h1 class="h4 font-weight-normal text-center">Whoops! You can't refer yourself!</h1>
<p class="text-center text-muted mb-md-5">Send this link to a friend instead :)</p> <p class="text-center text-muted mb-md-5">Send this link to a friend instead :)</p>
<label>Referral code</label> <label>Referral code</label>
<input type="text" class="form-control copy-link" readonly value="/signup?ref={{request.args.get('ref')}}" data-clipboard-text="/signup?ref={{request.args.get('ref')}}"> <input type="text" class="form-control copy-link" readonly value="/signup?ref={{request.values.get('ref')}}" data-clipboard-text="/signup?ref={{request.values.get('ref')}}">
<div class="text-center mt-5 mb-3"> <div class="text-center mt-5 mb-3">
Already have an account? <a href="/login" class="font-weight-bold text-small toggle-login">Log in.</a> Already have an account? <a href="/login" class="font-weight-bold text-small toggle-login">Log in.</a>

View File

@ -305,7 +305,7 @@
<div id="urlblock"> <div id="urlblock">
<label for="URL" class="mt-3">URL</label> <label for="URL" class="mt-3">URL</label>
<input class="form-control" id="post-URL" aria-describedby="URLHelp" type="url" name="url" placeholder="Optional if you have text." value="{{request.args.get('url','')}}" required oninput="checkForRequired();autoSuggestTitle();hide_image()"> <input class="form-control" id="post-URL" aria-describedby="URLHelp" type="url" name="url" placeholder="Optional if you have text." value="{{request.values.get('url','')}}" required oninput="checkForRequired();autoSuggestTitle();hide_image()">
<small class="form-text text-muted">To post an image, use a direct image link such as i.imgur.com</small> <small class="form-text text-muted">To post an image, use a direct image link such as i.imgur.com</small>
</div> </div>