carpathianflorist
/
MarseyWorld
forked from MarseyWorld/MarseyWorld
1
0
Fork 0
Code Pull Requests Activity

message: sanitize replies too

master
justcool393 2022-10-20 18:24:03 -05:00
parent 52b8a22917
commit c0fe4d03c0
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
files/routes/users.py
View File

@ -582,9 +582,7 @@ def message2(v, username):
@limiter.limit("1/second;6/minute;50/hour;200/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
@auth_required
def messagereply(v):
body = request.values.get("body", "").strip().replace('','')
body = body.replace('\r\n', '\n')[:COMMENT_BODY_LENGTH_LIMIT]
body = sanitize_raw_body(request.values.get("body"), False)
if not body and not request.files.get("file"): abort(400, "Message is empty!")
if 'linkedin.com' in body: abort(403, "This domain 'linkedin.com' is banned")