forked from MarseyWorld/MarseyWorld
sanitize raw bodies
parent
19b2f71c3b
commit
88ae00deef
|
|
@ -190,11 +190,17 @@ def with_sigalrm_timeout(timeout: int):
|
|||
|
||||
|
||||
def sanitize_raw_title(sanitized):
|
||||
if not sanitized: return None
|
||||
if not sanitized: return ""
|
||||
sanitized = sanitized.replace('\u200e','').replace('\u200b','').replace("\ufeff", "").replace("\r","").replace("\n", "")
|
||||
sanitized = sanitized.strip()
|
||||
return sanitized[:500] # should really be a constant
|
||||
|
||||
def sanitize_raw_body(sanitized):
|
||||
if not sanitized: return ""
|
||||
sanitized = sanitized.replace('\u200e','').replace('\u200b','').replace("\ufeff", "").replace("\r\n", "\n")
|
||||
sanitized = sanitized.strip()
|
||||
return sanitized[:20000] # this also should really be a constant
|
||||
|
||||
|
||||
@with_sigalrm_timeout(5)
|
||||
def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_marseys=False, torture=False):
|
||||
|
|
|
|||
|
|
@ -665,9 +665,7 @@ def submit_post(v, sub=None):
|
|||
|
||||
title = sanitize_raw_title(request.values.get("title", ""))
|
||||
|
||||
body = request.values.get("body", "").strip().replace('','')
|
||||
|
||||
body = body.replace('\r\n', '\n')[:20000]
|
||||
body = sanitize_raw_body(request.values.get("body", ""))
|
||||
|
||||
def error(error):
|
||||
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": error}, 403
|
||||
|
|
@ -784,7 +782,7 @@ def submit_post(v, sub=None):
|
|||
embed = str(int(id))
|
||||
|
||||
|
||||
if not url and not request.values.get("body") and not request.files.get("file") and not request.files.get("file-url"):
|
||||
if not url and not body and not request.files.get("file") and not request.files.get("file-url"):
|
||||
return error("Please enter a url or some text.")
|
||||
|
||||
dup = g.db.query(Submission).filter(
|
||||
|
|
@ -861,7 +859,6 @@ def submit_post(v, sub=None):
|
|||
body = body.replace(i.group(0), "")
|
||||
|
||||
body += process_files()
|
||||
|
||||
body = body.strip()
|
||||
|
||||
torture = (v.agendaposter and not v.marseyawarded and sub != 'chudrama')
|
||||
|
|
@ -898,7 +895,7 @@ def submit_post(v, sub=None):
|
|||
app_id=v.client.application.id if v.client else None,
|
||||
is_bot = is_bot,
|
||||
url=url,
|
||||
body=body[:20000],
|
||||
body=body,
|
||||
body_html=body_html,
|
||||
embed_url=embed,
|
||||
title=title,
|
||||
|
|
|
|||
Loading…
Reference in New Issue