dont use abort in chat

master
Aevann 2023-01-27 09:07:58 +02:00
parent 23843cd7a8
commit 83b22560eb
3 changed files with 14 additions and 5 deletions

View File

@ -192,4 +192,4 @@ def command_regex_matcher(match, upper=False):
reason_regex = re.compile('(/(post|comment)/[0-9]+)', flags=re.A) reason_regex = re.compile('(/(post|comment)/[0-9]+)', flags=re.A)
discord_username_regex = re.compile("(\s|^).{2,32}#[0-9]{4}(?=\s|$)", flags=re.A) discord_username_regex = re.compile("(\s|^|>).{2,32}#[0-9]{4}(?=[^0-9]|$)", flags=re.A)

View File

@ -265,7 +265,7 @@ def handle_youtube_links(url):
return html return html
@with_sigalrm_timeout(10) @with_sigalrm_timeout(10)
def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_marseys=False, torture=False, sidebar=False, snappy=False): def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_marseys=False, torture=False, sidebar=False, snappy=False, chat=False):
sanitized = sanitized.strip() sanitized = sanitized.strip()
sanitized = utm_regex.sub('', sanitized) sanitized = utm_regex.sub('', sanitized)
@ -422,14 +422,20 @@ def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_marseys
d = tldextract.extract(href).registered_domain + url.path d = tldextract.extract(href).registered_domain + url.path
domain_list.add(d.lower()) domain_list.add(d.lower())
def error(error):
if chat:
return error, 403
else:
abort(403, error)
banned_domains = g.db.query(BannedDomain).all() banned_domains = g.db.query(BannedDomain).all()
for x in banned_domains: for x in banned_domains:
for y in domain_list: for y in domain_list:
if y.startswith(x.domain): if y.startswith(x.domain):
abort(403, f'Remove the banned link "{x.domain}" and try again!\nReason for link ban: "{x.reason}"') return error(f'Remove the banned link "{x.domain}" and try again!\nReason for link ban: "{x.reason}"')
if discord_username_regex.match(sanitized): if discord_username_regex.match(sanitized):
abort(403, "Stop grooming!") return error("Stop grooming!")
if '<pre>' not in sanitized and not sidebar: if '<pre>' not in sanitized and not sidebar:
sanitized = sanitized.replace('\n','') sanitized = sanitized.replace('\n','')

View File

@ -68,7 +68,10 @@ def speak(data, v):
if image: text += f'\n\n![]({image})' if image: text += f'\n\n![]({image})'
if not text: return '', 400 if not text: return '', 400
text_html = sanitize(text, count_marseys=True) text_html = sanitize(text, count_marseys=True, chat=True)
if isinstance(text_html , tuple):
return text_html
quotes = data['quotes'] quotes = data['quotes']
id = str(uuid.uuid4()) id = str(uuid.uuid4())