master
Aevann1 2022-04-17 23:46:29 +02:00
parent e06cc3c382
commit 9c0441aef9
7 changed files with 52 additions and 46 deletions

View File

@ -478,7 +478,7 @@ class Submission(Base):
@property
@lazy
def is_image(self):
if self.url and (self.url.lower().endswith('.webp') or self.url.lower().endswith('.jpg') or self.url.lower().endswith('.png') or self.url.lower().endswith('.gif') or self.url.lower().endswith('.jpeg') or self.url.lower().endswith('?maxwidth=9999') or self.url.lower().endswith('&fidelity=high')) and embed_check_regex.fullmatch(self.url):
if self.url and (self.url.lower().endswith('.webp') or self.url.lower().endswith('.jpg') or self.url.lower().endswith('.png') or self.url.lower().endswith('.gif') or self.url.lower().endswith('.jpeg') or self.url.lower().endswith('?maxwidth=9999') or self.url.lower().endswith('&fidelity=high')) and (self.url.startswith('/') or self.url.startswith(f'{SITE_FULL}/') or embed_check_regex.fullmatch(self.url)):
return True
return False

View File

@ -12,7 +12,6 @@ SITE_NAME = environ.get("SITE_NAME", '').strip()
if SITE == "localhost": SITE_FULL = 'http://' + SITE
else: SITE_FULL = 'https://' + SITE
SITE_FULL2 = 'http://' + SITE
if SITE == 'pcmemes.net': CC = "SPLASH MOUNTAIN"
else: CC = "COUNTRY CLUB"
@ -757,46 +756,53 @@ proxies = {"http":"http://127.0.0.1:18080","https":"http://127.0.0.1:18080"}
blackjack = environ.get("BLACKJACK", "").strip()
approved_embed_hosts = [
'i.imgur.com',
'i\.ibb\.co',
'pomf2\.lain\.la',
'imgur.com',
'ibb\.co',
'lain\.la',
'pngfind\.com',
'i\.kym-cdn\.com',
'i2\.kym-cdn\.com',
'i\.redd\.it',
'cdn\.substack\.com',
'cdn\.discordapp\.com',
'2\.bp\.blogspot\.com',
'files\.catbox\.moe',
'i\.pinimg\.com',
'kym-cdn\.com',
'redd\.it',
'substack\.com',
'blogspot\.com',
'catbox\.moe',
'pinimg\.com',
'kindpng\.com',
'cdn\.shopify\.com',
'media\.discordapp\.net',
'pbs\.twimg\.com',
'upload\.wikimedia\.org',
'i0\.wp\.com',
'shopify\.com',
'discordapp\.com',
'discordapp\.net',
'twimg\.com',
'wikimedia\.org',
'wp\.com',
'wordpress\.com',
'seekpng\.com',
'i\.dailymail\.co\.uk',
'de\.catbox\.moe',
'www\.cdc\.gov',
'm\.media-amazon\.com',
'www\.washingtonpost\.com',
'i\.imgflip\.com',
'farm2\.static\.flickr\.com',
'img-9gag-fun\.9cache\.com',
'i\.ytimg\.com',
'a57\.foxnews\.com',
'external-content\.duckduckgo\.com',
'blogs-images\.forbes\.com',
'images\.gr-assets\.com',
'c\.tenor\.com',
'media\.giphy\.com'
'dailymail\.co\.uk',
'cdc\.gov',
'media-amazon\.com',
'washingtonpost\.com',
'imgflip\.com',
'flickr\.com',
'9cache\.com',
'ytimg\.com',
'foxnews\.com',
'duckduckgo\.com',
'forbes\.com',
'gr-assets\.com',
'tenor\.com',
'giphy\.com',
'makeagif\.com',
'gfycat\.com',
'tumblr\.com',
'yarn\.co',
'gifer\.com',
'prnt\.sc',
'staticflickr\.com',
'kiwifarms\.net'
]
hosts = "|".join(approved_embed_hosts)
image_check_regex = re.compile(f'!\[\]\(((?!https:\/\/({hosts})\/).*?)\)', flags=re.A)
image_check_regex = re.compile(f'!\[\]\(((?!https:\/\/([a-z0-9-]\.)*({hosts})\/).*?)\)', flags=re.A)
embed_check_regex = regex.compile(f'(?<!<(code|pre|a)>)https:\/\/({hosts})\/[\w:~,()\-.#&\/=?@%;+]*', flags=regex.A)
embed_check_regex = regex.compile(f'(?<!<(code|pre|a)>)https:\/\/([a-z0-9-]\.)*({hosts})\/[\w:~,()\-.#&\/=?@%;+]*', flags=regex.A)
video_regex = regex.compile(f'((?<!<(code|pre|a)>)https:\/\/({hosts})\/[\w:~,()\-.#&\/=?@%;+]*?\.(mp4|webm|mov))', flags=regex.A)
video_regex = regex.compile(f'((?<!<(code|pre|a)>)https:\/\/([a-z0-9-]\.)*({hosts})\/[\w:~,()\-.#&\/=?@%;+]*?\.(mp4|webm|mov))', flags=regex.A)

View File

@ -37,7 +37,7 @@ def allowed_attributes(tag, name, value):
if tag == 'img':
if name in ['src','data-src']:
if value.startswith('/') or embed_check_regex.fullmatch(value): return True
if value.startswith('/') or value.startswith(f'{SITE_FULL}/') or embed_check_regex.fullmatch(value): return True
else: return False
if name == 'loading' and value == 'lazy': return True
@ -70,7 +70,7 @@ url_re = build_url_re(tlds=TLDS, protocols=['http', 'https'])
def callback(attrs, new=False):
href = attrs[(None, "href")]
if not href.startswith(SITE_FULL) and not href.startswith('/') and not href.startswith(SITE_FULL2):
if not href.startswith('/') and not href.startswith(f'{SITE_FULL}/'):
attrs[(None, "target")] = "_blank"
attrs[(None, "rel")] = "nofollow noopener noreferrer"

View File

@ -354,7 +354,7 @@ def award_post(pid, v):
g.db.commit()
if request.referrer and len(request.referrer) > 1:
if request.referrer == f'{SITE_FULL}/submit': return redirect(post.permalink)
elif request.referrer.startswith(SITE_FULL): return redirect(request.referrer)
elif request.referrer.startswith(f'{SITE_FULL}/'): return redirect(request.referrer)
return redirect(SITE_FULL)
@ -590,7 +590,7 @@ def award_comment(cid, v):
g.db.add(author)
g.db.commit()
if request.referrer and len(request.referrer) > 1 and request.referrer.startswith(SITE_FULL):
if request.referrer and len(request.referrer) > 1 and request.referrer.startswith(f'{SITE_FULL}/'):
return redirect(request.referrer)
return redirect(SITE_FULL)

View File

@ -60,6 +60,6 @@ def allow_nsfw():
session["over_18"] = int(time.time()) + 3600
redir = request.values.get("redir")
if redir:
if redir.startswith(SITE_FULL): return redirect(redir)
if redir.startswith(f'{SITE_FULL}/'): return redirect(redir)
if redir.startswith('/'): return redirect(f'{SITE_FULL}{redir}')
return redirect('/')

View File

@ -11,10 +11,10 @@ def login_get(v):
redir = request.values.get("redirect")
if redir:
redir = redir.replace("/logged_out", "").strip()
if not redir.startswith(SITE_FULL) and not redir.startswith('/'): redir = None
if not redir.startswith(f'{SITE_FULL}/') and not redir.startswith('/'): redir = None
if v and redir:
if redir.startswith(SITE_FULL): return redirect(redir)
if redir.startswith(f'{SITE_FULL}/'): return redirect(redir)
elif redir.startswith('/'): return redirect(f'{SITE_FULL}{redir}')
return render_template("login.html", failed=False, redirect=redir)
@ -150,10 +150,10 @@ def login_post():
redir = request.values.get("redirect")
if redir:
redir = redir.replace("/logged_out", "").strip()
if not redir.startswith(SITE_FULL) and not redir.startswith('/'): redir = '/'
if not redir.startswith(f'{SITE_FULL}/') and not redir.startswith('/'): redir = '/'
if redir:
if redir.startswith(SITE_FULL): return redirect(redir)
if redir.startswith(f'{SITE_FULL}/'): return redirect(redir)
if redir.startswith('/'): return redirect(f'{SITE_FULL}{redir}')
return redirect('/')

View File

@ -472,7 +472,7 @@ def sub_toggle(v):
g.db.add(v)
g.db.commit()
if request.referrer and len(request.referrer) > 1 and request.referrer.startswith(SITE_FULL):
if request.referrer and len(request.referrer) > 1 and request.referrer.startswith(f'{SITE_FULL}/'):
return redirect(request.referrer)
return redirect('/')