diff --git a/files/__main__.py b/files/__main__.py index c1121e5b5..49de05b05 100644 --- a/files/__main__.py +++ b/files/__main__.py @@ -134,11 +134,10 @@ def teardown_request(error): @app.after_request def after_request(response): - if session.get("favorite_emojis"): del session["favorite_emojis"] response.headers.add("Strict-Transport-Security", "max-age=31536000") response.headers.add("X-Frame-Options", "deny") - response.headers.add("Content-Security-Policy", "script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com; connect-src 'self' tls-use1.fpapi.io api.fpjs.io 02ddcc80-b8db-42be-9022-44c546b4dce6.pushnotifications.pusher.com; object-src 'none';") return response + from files.routes import * \ No newline at end of file diff --git a/files/routes/comments.py b/files/routes/comments.py index 23ab85e8a..e55fb5a5c 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -157,7 +157,10 @@ def api_comment(v): else: top_comment_id = parent.top_comment_id else: abort(400) - body = request.values.get("body", "").strip()[:10000] + body = request.values.get("body", "").strip()[:10000].replace(' ','\n') + for i in re.finditer('(^|\n)(?!.*http)(.*)', body): + body = body.replace(i.group(2), i.group(2).upper()) + body = body.replace('\n\n','%&$').replace('\n',' ').replace('%&$','\n\n') if v.marseyawarded: if time.time() > v.marseyawarded: @@ -192,7 +195,7 @@ def api_comment(v): file=request.files["file"] if not file.content_type.startswith('image/'): return {"error": "That wasn't an image!"}, 400 - name = f'/images/{time.time()}'.replace('.','') + '.webp' + name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' file.save(name) url = request.host_url[:-1] + process_image(name) @@ -615,7 +618,11 @@ def edit_comment(cid, v): if c.is_banned or c.deleted_utc > 0: abort(403) - body = request.values.get("body", "").strip()[:10000] + body = request.values.get("body", "").strip()[:10000].replace(' ','\n') + for i in re.finditer('(^|\n)(?!.*http)(.*)', body): + body = body.replace(i.group(2), i.group(2).upper()) + body = body.replace('\n\n','%&$').replace('\n',' ').replace('%&$','\n\n') + if len(body) < 1: return {"error":"You have to actually type something!"}, 400 if body != c.body and body != "": @@ -721,7 +728,7 @@ def edit_comment(cid, v): file=request.files["file"] if not file.content_type.startswith('image/'): return {"error": "That wasn't an image!"}, 400 - name = f'/images/{time.time()}'.replace('.','') + '.webp' + name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' file.save(name) url = request.host_url[:-1] + process_image(name) diff --git a/files/routes/posts.py b/files/routes/posts.py index 7598798ef..359b262c1 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -335,8 +335,12 @@ def edit_post(pid, v): if p.author_id != v.id and not (v.admin_level > 1 and v.admin_level > 2): abort(403) - title = request.values.get("title", "").strip() - body = request.values.get("body", "").strip() + title = request.values.get("title", "").strip().upper() + + body = request.values.get("body", "").strip().replace(' ','\n') + for i in re.finditer('(^|\n)(?!.*http)(.*)', body): + body = body.replace(i.group(2), i.group(2).upper()) + body = body.replace('\n\n','%&$').replace('\n',' ').replace('%&$','\n\n') if len(body) > 10000: return {"error":"Character limit is 10000!"}, 403 @@ -377,7 +381,7 @@ def edit_post(pid, v): file=request.files["file"] if not file.content_type.startswith('image/'): return {"error": "That wasn't an image!"}, 400 - name = f'/images/{time.time()}'.replace('.','') + '.webp' + name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' file.save(name) url = request.host_url[:-1] + process_image(name) @@ -646,7 +650,7 @@ def thumbnail_thread(pid): db.close() return - name = f'/images/{time.time()}'.replace('.','') + '.webp' + name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' with open(name, "wb") as file: for chunk in image_req.iter_content(1024): @@ -669,7 +673,8 @@ def submit_post(v): if request.content_length > 8 * 1024 * 1024: return "Max file size is 8 MB.", 413 elif request.content_length > 4 * 1024 * 1024: return "Max file size is 4 MB.", 413 - title = request.values.get("title", "").strip()[:500] + title = request.values.get("title", "").strip()[:500].upper() + url = request.values.get("url", "").strip() if v.agendaposter and not v.marseyawarded: @@ -678,7 +683,10 @@ def submit_post(v): title = censor_slurs2(title).upper().replace(' ME ', f' @{v.username} ') title_html = filter_emojis_only(title) - body = request.values.get("body", "").strip() + body = request.values.get("body", "").strip().replace(' ','\n') + for i in re.finditer('(^|\n)(?!.*http)(.*)', body): + body = body.replace(i.group(2), i.group(2).upper()) + body = body.replace('\n\n','%&$').replace('\n',' ').replace('%&$','\n\n') if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', title_html))) > 0: return {"error":"You can only type marseys!"}, 40 @@ -864,7 +872,7 @@ def submit_post(v): file=request.files["file2"] if not file.content_type.startswith('image/'): return {"error": "That wasn't an image!"}, 400 - name = f'/images/{time.time()}'.replace('.','') + '.webp' + name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' file.save(name) url = request.host_url[:-1] + process_image(name) @@ -952,7 +960,7 @@ def submit_post(v): ), 403 if file.content_type.startswith('image/'): - name = f'/images/{time.time()}'.replace('.','') + '.webp' + name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' file.save(name) new_post.url = request.host_url[:-1] + process_image(name) diff --git a/files/routes/settings.py b/files/routes/settings.py index ea82237d9..e9aeb6a0e 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -124,7 +124,7 @@ def settings_profile_post(v): if request.headers.get("Authorization"): return {"error": f"Image files only"}, 400 else: return render_template("settings_profile.html", v=v, error=f"Image files only."), 400 - name = f'/images/{time.time()}'.replace('.','') + '.webp' + name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' file.save(name) url = request.host_url[:-1] + process_image(name) @@ -314,7 +314,7 @@ def settings_profile_post(v): if request.headers.get("Authorization"): return {"error": f"Image files only"}, 400 else: return render_template("settings_profile.html", v=v, error=f"Image files only."), 400 - name = f'/images/{time.time()}'.replace('.','') + '.webp' + name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' file.save(name) url = request.host_url[:-1] + process_image(name) @@ -720,7 +720,7 @@ def settings_images_profile(v): file = request.files["profile"] - name = f'/images/{time.time()}'.replace('.','') + '.webp' + name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' file.save(name) highres = request.host_url[:-1] + process_image(name) @@ -756,7 +756,7 @@ def settings_images_banner(v): file = request.files["banner"] - name = f'/images/{time.time()}'.replace('.','') + '.webp' + name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' file.save(name) bannerurl = request.host_url[:-1] + process_image(name) diff --git a/files/routes/users.py b/files/routes/users.py index adc32dca1..0d299f601 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -817,7 +817,18 @@ def user_profile_uid(id): try: id = int(id, 36) except: abort(404) x=get_account(id) - return redirect(x.profile_url) + + purl = x.profile_url + if not 'images/' in purl: return redirect(purl) + + path = purl.split('images/')[1] + resp = make_response(send_from_directory('/images', path)) + resp.headers.remove("Cache-Control") + resp.headers.add("Cache-Control", "public, max-age=2628000") + if request.path.endswith('.webp'): + resp.headers.remove("Content-Type") + resp.headers.add("Content-Type", "image/webp") + return resp @app.get("/@/pic") @limiter.exempt diff --git a/files/templates/authforms.html b/files/templates/authforms.html index 7f3535bf4..198c27589 100644 --- a/files/templates/authforms.html +++ b/files/templates/authforms.html @@ -13,11 +13,11 @@ {% if v %} - + {% if v.agendaposter %}{% elif v.css %}{% endif %} {% else %} - + {% endif %} diff --git a/files/templates/log.html b/files/templates/log.html index 3dca852e4..472d39ec0 100644 --- a/files/templates/log.html +++ b/files/templates/log.html @@ -6,11 +6,11 @@ {% block content %} {% if v %} - + {% if v.agendaposter %}{% elif v.css %}{% endif %} {% else %} - + {% endif %}
diff --git a/files/templates/login_2fa.html b/files/templates/login_2fa.html index a1b4dfb76..543ee6ebd 100644 --- a/files/templates/login_2fa.html +++ b/files/templates/login_2fa.html @@ -12,7 +12,7 @@ 2-Step Login - {{'SITE_NAME' | app_config}} - + diff --git a/files/templates/settings2.html b/files/templates/settings2.html index 836a5defa..09f259690 100644 --- a/files/templates/settings2.html +++ b/files/templates/settings2.html @@ -36,10 +36,10 @@ {% if v %} - + {% else %} - + {% endif %} diff --git a/files/templates/sign_up_failed_ref.html b/files/templates/sign_up_failed_ref.html index bb424ceca..e6cc16c76 100644 --- a/files/templates/sign_up_failed_ref.html +++ b/files/templates/sign_up_failed_ref.html @@ -29,7 +29,7 @@ {% if ref_user %}{{ref_user.username}} invites you to {{'SITE_NAME' | app_config}}{% else %}{{'SITE_NAME' | app_config}}{% endif %} - +