carpathianflorist
/
MarseyWorld
forked from MarseyWorld/MarseyWorld
1
0
Fork 0
Code Pull Requests Activity

disallow #21262c from being used as a name color or a flair color

master
Aevann1 2022-06-10 22:52:20 +02:00
parent 87ba1ba50e
commit 9fb33d064a
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
files/routes/settings.py
View File

@ -351,9 +351,10 @@ def changelogsub(v):
@auth_required @auth_required
def namecolor(v): def namecolor(v):
color = str(request.values.get("color", "")).strip() color = request.values.get("color", "").strip().lower()
if color.startswith('#'): color = color[1:] if color.startswith('#'): color = color[1:]
if len(color) != 6: return render_template("settings_security.html", v=v, error="Invalid color code") if len(color) != 6: return render_template("settings_security.html", v=v, error="Invalid color code")
if color == '21262c': return render_template("settings_security.html", v=v, error="This color is not allowed")
v.namecolor = color v.namecolor = color
g.db.add(v) g.db.add(v)
g.db.commit() g.db.commit()
@ -420,9 +421,10 @@ def gumroad(v):
@auth_required @auth_required
def titlecolor(v): def titlecolor(v):
titlecolor = str(request.values.get("titlecolor", "")).strip() titlecolor = request.values.get("titlecolor", "").strip().lower()
if titlecolor.startswith('#'): titlecolor = titlecolor[1:] if titlecolor.startswith('#'): titlecolor = titlecolor[1:]
if len(titlecolor) != 6: return render_template("settings_profile.html", v=v, error="Invalid color code") if len(titlecolor) != 6: return render_template("settings_profile.html", v=v, error="Invalid color code")
if titlecolor == '21262c': return render_template("settings_profile.html", v=v, error="This color is not allowed")
v.titlecolor = titlecolor v.titlecolor = titlecolor
g.db.add(v) g.db.add(v)
g.db.commit() g.db.commit()