sanitize raw bodies

master
justcool393 2022-10-05 01:16:56 -07:00
parent 19b2f71c3b
commit 88ae00deef
2 changed files with 10 additions and 7 deletions

View File

@ -190,11 +190,17 @@ def with_sigalrm_timeout(timeout: int):
def sanitize_raw_title(sanitized): def sanitize_raw_title(sanitized):
if not sanitized: return None if not sanitized: return ""
sanitized = sanitized.replace('\u200e','').replace('\u200b','').replace("\ufeff", "").replace("\r","").replace("\n", "") sanitized = sanitized.replace('\u200e','').replace('\u200b','').replace("\ufeff", "").replace("\r","").replace("\n", "")
sanitized = sanitized.strip() sanitized = sanitized.strip()
return sanitized[:500] # should really be a constant return sanitized[:500] # should really be a constant
def sanitize_raw_body(sanitized):
if not sanitized: return ""
sanitized = sanitized.replace('\u200e','').replace('\u200b','').replace("\ufeff", "").replace("\r\n", "\n")
sanitized = sanitized.strip()
return sanitized[:20000] # this also should really be a constant
@with_sigalrm_timeout(5) @with_sigalrm_timeout(5)
def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_marseys=False, torture=False): def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_marseys=False, torture=False):

View File

@ -665,9 +665,7 @@ def submit_post(v, sub=None):
title = sanitize_raw_title(request.values.get("title", "")) title = sanitize_raw_title(request.values.get("title", ""))
body = request.values.get("body", "").strip().replace('','') body = sanitize_raw_body(request.values.get("body", ""))
body = body.replace('\r\n', '\n')[:20000]
def error(error): def error(error):
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": error}, 403 if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": error}, 403
@ -784,7 +782,7 @@ def submit_post(v, sub=None):
embed = str(int(id)) embed = str(int(id))
if not url and not request.values.get("body") and not request.files.get("file") and not request.files.get("file-url"): if not url and not body and not request.files.get("file") and not request.files.get("file-url"):
return error("Please enter a url or some text.") return error("Please enter a url or some text.")
dup = g.db.query(Submission).filter( dup = g.db.query(Submission).filter(
@ -861,7 +859,6 @@ def submit_post(v, sub=None):
body = body.replace(i.group(0), "") body = body.replace(i.group(0), "")
body += process_files() body += process_files()
body = body.strip() body = body.strip()
torture = (v.agendaposter and not v.marseyawarded and sub != 'chudrama') torture = (v.agendaposter and not v.marseyawarded and sub != 'chudrama')
@ -898,7 +895,7 @@ def submit_post(v, sub=None):
app_id=v.client.application.id if v.client else None, app_id=v.client.application.id if v.client else None,
is_bot = is_bot, is_bot = is_bot,
url=url, url=url,
body=body[:20000], body=body,
body_html=body_html, body_html=body_html,
embed_url=embed, embed_url=embed,
title=title, title=title,