forked from MarseyWorld/MarseyWorld
sanitize raw bodies
parent
19b2f71c3b
commit
88ae00deef
|
|
@ -190,11 +190,17 @@ def with_sigalrm_timeout(timeout: int):
|
||||||
|
|
||||||
|
|
||||||
def sanitize_raw_title(sanitized):
|
def sanitize_raw_title(sanitized):
|
||||||
if not sanitized: return None
|
if not sanitized: return ""
|
||||||
sanitized = sanitized.replace('\u200e','').replace('\u200b','').replace("\ufeff", "").replace("\r","").replace("\n", "")
|
sanitized = sanitized.replace('\u200e','').replace('\u200b','').replace("\ufeff", "").replace("\r","").replace("\n", "")
|
||||||
sanitized = sanitized.strip()
|
sanitized = sanitized.strip()
|
||||||
return sanitized[:500] # should really be a constant
|
return sanitized[:500] # should really be a constant
|
||||||
|
|
||||||
|
def sanitize_raw_body(sanitized):
|
||||||
|
if not sanitized: return ""
|
||||||
|
sanitized = sanitized.replace('\u200e','').replace('\u200b','').replace("\ufeff", "").replace("\r\n", "\n")
|
||||||
|
sanitized = sanitized.strip()
|
||||||
|
return sanitized[:20000] # this also should really be a constant
|
||||||
|
|
||||||
|
|
||||||
@with_sigalrm_timeout(5)
|
@with_sigalrm_timeout(5)
|
||||||
def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_marseys=False, torture=False):
|
def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_marseys=False, torture=False):
|
||||||
|
|
|
||||||
|
|
@ -665,9 +665,7 @@ def submit_post(v, sub=None):
|
||||||
|
|
||||||
title = sanitize_raw_title(request.values.get("title", ""))
|
title = sanitize_raw_title(request.values.get("title", ""))
|
||||||
|
|
||||||
body = request.values.get("body", "").strip().replace('','')
|
body = sanitize_raw_body(request.values.get("body", ""))
|
||||||
|
|
||||||
body = body.replace('\r\n', '\n')[:20000]
|
|
||||||
|
|
||||||
def error(error):
|
def error(error):
|
||||||
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": error}, 403
|
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": error}, 403
|
||||||
|
|
@ -784,7 +782,7 @@ def submit_post(v, sub=None):
|
||||||
embed = str(int(id))
|
embed = str(int(id))
|
||||||
|
|
||||||
|
|
||||||
if not url and not request.values.get("body") and not request.files.get("file") and not request.files.get("file-url"):
|
if not url and not body and not request.files.get("file") and not request.files.get("file-url"):
|
||||||
return error("Please enter a url or some text.")
|
return error("Please enter a url or some text.")
|
||||||
|
|
||||||
dup = g.db.query(Submission).filter(
|
dup = g.db.query(Submission).filter(
|
||||||
|
|
@ -861,7 +859,6 @@ def submit_post(v, sub=None):
|
||||||
body = body.replace(i.group(0), "")
|
body = body.replace(i.group(0), "")
|
||||||
|
|
||||||
body += process_files()
|
body += process_files()
|
||||||
|
|
||||||
body = body.strip()
|
body = body.strip()
|
||||||
|
|
||||||
torture = (v.agendaposter and not v.marseyawarded and sub != 'chudrama')
|
torture = (v.agendaposter and not v.marseyawarded and sub != 'chudrama')
|
||||||
|
|
@ -898,7 +895,7 @@ def submit_post(v, sub=None):
|
||||||
app_id=v.client.application.id if v.client else None,
|
app_id=v.client.application.id if v.client else None,
|
||||||
is_bot = is_bot,
|
is_bot = is_bot,
|
||||||
url=url,
|
url=url,
|
||||||
body=body[:20000],
|
body=body,
|
||||||
body_html=body_html,
|
body_html=body_html,
|
||||||
embed_url=embed,
|
embed_url=embed,
|
||||||
title=title,
|
title=title,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue