fdMerge branch 'frost' of https://github.com/Aevann1/Drama into frost

2022-05-26 20:32:17 +00:00 · 2022-05-26 20:32:17 +00:00 · e5dfd0603c
parent 1d9d6787c6 4c8e88b758
commit e5dfd0603c
13 changed files with 48 additions and 21 deletions
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
@ -701,7 +701,7 @@ for k, val in AWARDS.items():

 AWARDS3 = {}
 for k, val in AWARDS2.items():
-	if val['price'] == 300: AWARDS3[k] = val
+	if val['price'] <= 500: AWARDS3[k] = val

 DOUBLE_XP_ENABLED = -1 # set to unixtime for when DXP begins, -1 to disable

@ -964,8 +964,7 @@ image_regex = re.compile("(^|\s)(https:\/\/[\w\-.#&/=\?@%;+]{5,250}(\.png|\.jpg|

 link_fix_regex = re.compile("(?!.*(http|\/))(.*\[[^\]]+\]\()([^)]+\))", flags=re.A)

-css_regex = re.compile('''url\(['"]?(.*?)['"]?\)''', flags=re.I|re.A)
-css_regex2 = re.compile('''['"](http.*?)['"]''', flags=re.I|re.A)
+css_regex = re.compile('https?:\/\/[\w:~,()\-.#&\/=?@%;+]*', flags=re.I|re.A)

 procoins_li = (0,2500,5000,10000,25000,50000,125000,250000)

--- a/files/helpers/wrappers.py
+++ b/files/helpers/wrappers.py
@ -3,6 +3,7 @@ from .alerts import *
 from files.helpers.const import *
 from files.__main__ import db_session
 from random import randint
+import user_agents

 def get_logged_in_user():

@ -53,11 +54,12 @@ def get_logged_in_user():
 		if session["session_id"] in loggedout: del loggedout[session["session_id"]]
 		loggedin[v.id] = timestamp
 	else:
-		loggedout[session["session_id"]] = timestamp
+		loggedout[session["session_id"]] = (timestamp, str(user_agents.parse(request.headers.get("User-Agent"))))
 	
 	g.loggedin_counter = len([x for x in loggedin.values() if timestamp-x<15*60])
 	cache.set(f'{SITE}_loggedin', loggedin)
-	g.loggedout_counter = len([x for x in loggedout.values() if timestamp-x<15*60])
+
+	g.loggedout_counter = len([x for x in loggedout.values() if timestamp-x[0]<15*60])
 	cache.set(f'{SITE}_loggedout', loggedout)

 	g.v = v
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@ -28,10 +28,14 @@ month = datetime.now().strftime('%B')
@admin_level_required(2)
 def loggedin_list(v):
 	ids = [x for x,val in cache.get(f'{SITE}_loggedin').items() if time.time()-val<15*60]
-	users = g.db.query(User).filter(User.id.in_(ids)) \
-		.order_by(User.admin_level.desc(), User.truecoins.desc()).all()
+	users = g.db.query(User).filter(User.id.in_(ids)).order_by(User.admin_level.desc(), User.truecoins.desc()).all()
 	return render_template("loggedin.html", v=v, users=users)

+@app.get('/admin/loggedout')
+@admin_level_required(2)
+def loggedout_list(v):
+	users = [val[1] for x,val in cache.get(f'{SITE}_loggedout').items() if time.time()-val[0]<15*60]
+	return render_template("loggedout.html", v=v, users=users)

@app.get('/admin/merge/<id1>/<id2>')
@admin_level_required(3)
@ -966,7 +970,8 @@ def admin_removed_comments(v):
 def agendaposter(user_id, v):
 	user = g.db.query(User).filter_by(id=user_id).one_or_none()

-	days = request.values.get("days") or 30
+	days = min(request.values.get("days", 30), 30)
+
 	expiry = float(days)
 	expiry = int(time.time() + expiry*60*60*24)

--- a/files/routes/login.py
+++ b/files/routes/login.py
@ -128,7 +128,7 @@ def login_post():
 			return redirect("/login")

 		if not account.validate_2fa(request.values.get("2fa_token", "").strip()):
-			hash = generate_hash(f"{account.id}+{time}+2fachallenge")
+			hash = generate_hash(f"{account.id}+{now}+2fachallenge")
 			return render_template("login_2fa.html",
 								   v=account,
 								   time=now,
--- a/files/routes/reporting.py
+++ b/files/routes/reporting.py
@ -40,7 +40,10 @@ def api_flag_post(pid, v):
 		)
 		g.db.add(ma)
 	elif reason.startswith('/h/') and v.admin_level > 1:
-		post.sub = reason[3:]
+		sub = reason[3:].strip().lower()
+		sub = g.db.query(Sub).filter_by(name=sub).one_or_none()
+		if not sub: abort(404)
+		post.sub = sub.name
 		g.db.add(post)
 		ma=ModAction(
 			kind="move_hole",
--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@ -638,9 +638,8 @@ def settings_profilecss(v):
 	profilecss = request.values.get("profilecss").strip().replace('\\', '').strip()[:4000]


-	urls = list(css_regex.finditer(profilecss)) + list(css_regex2.finditer(profilecss))
-	for i in urls:
-		url = i.group(1)
+	for i in css_regex.finditer(profilecss):
+		url = i.group(0)
 		if not is_safe_url(url):
 			domain = tldextract.extract(url).registered_domain
 			error = f"The domain '{domain}' is not allowed, please use one of these domains\n\n{approved_embed_hosts}."
--- a/files/routes/subs.py
+++ b/files/routes/subs.py
@ -332,9 +332,8 @@ def post_sub_css(v, sub):
 	css = request.values.get('css', '').strip()


-	urls = list(css_regex.finditer(css)) + list(css_regex2.finditer(css))
-	for i in urls:
-		url = i.group(1)
+	for i in css_regex.finditer(css):
+		url = i.group(0)
 		if not is_safe_url(url):
 			domain = tldextract.extract(url).registered_domain
 			error = f"The domain '{domain}' is not allowed, please use one of these domains\n\n{approved_embed_hosts}."
--- a/files/templates/comments.html
+++ b/files/templates/comments.html
@ -199,7 +199,7 @@
 					👻
 				{% else %}
 					{% if SITE_NAME=='rDrama' and c.author.house %}
-						<img src="/assets/images/{{SITE_NAME}}/houses/{{c.author.house}}.webp?v=7" height="20" data-bs-toggle="tooltip" data-bs-placement="bottom" title="House {{c.author.house}}" alt="House {{c.author.house}}">
+						<img loading="lazy" src="/assets/images/{{SITE_NAME}}/houses/{{c.author.house}}.webp?v=7" height="20" data-bs-toggle="tooltip" data-bs-placement="bottom" title="House {{c.author.house}}" alt="House {{c.author.house}}">
 					{% endif %}

 					{% if c.author.verified %}<i class="fas fa-badge-check align-middle ml-1 {% if c.author.verified=='Glowiefied' %}glow{% endif %}" style="color:{% if c.author.verifiedcolor %}#{{c.author.verifiedcolor}}{% else %}#1DA1F2{% endif %}" data-bs-toggle="tooltip" data-bs-placement="bottom" title="{{c.author.verified}}"></i>
--- a/files/templates/loggedout.html
+++ b/files/templates/loggedout.html
@ -0,0 +1,19 @@
+{% extends "settings2.html" %}
+
+{% block content %}
+<div class="overflow-x-auto"><table class="table table-striped mb-5">
+<thead class="bg-primary text-white">
+	<tr>
+		<th>#</th>
+		<th>Details</th>
+	</tr>
+</thead>
+{% for user in users %}
+	<tr>
+		<td>{{loop.index}}</td>
+		<td>{{user}}</td>
+	</tr>
+{% endfor %}
+</table>
+
+{% endblock %}
--- a/files/templates/submission.html
+++ b/files/templates/submission.html
@ -705,7 +705,7 @@
 							👻
 						{% else %}
 							{% if SITE_NAME=='rDrama' and p.author.house %}
-								<img src="/assets/images/{{SITE_NAME}}/houses/{{p.author.house}}.webp?v=7" height="20" data-bs-toggle="tooltip" data-bs-placement="bottom" title="House {{p.author.house}}" alt="House {{p.author.house}}">
+								<img loading="lazy" src="/assets/images/{{SITE_NAME}}/houses/{{p.author.house}}.webp?v=7" height="20" data-bs-toggle="tooltip" data-bs-placement="bottom" title="House {{p.author.house}}" alt="House {{p.author.house}}">
 							{% endif %}

 							{% if p.author.verified %}<i class="fas fa-badge-check align-middle ml-1 {% if p.author.verified=='Glowiefied' %}glow{% endif %}" style="color:{% if p.author.verifiedcolor %}#{{p.author.verifiedcolor}}{% else %}#1DA1F2{% endif %}" data-bs-toggle="tooltip" data-bs-placement="bottom" title="{{p.author.verified}}"></i>
--- a/files/templates/submission_listing.html
+++ b/files/templates/submission_listing.html
@ -181,7 +181,7 @@
 					👻
 				{% else %}
 					{% if SITE_NAME=='rDrama' and p.author.house %}
-						<img src="/assets/images/{{SITE_NAME}}/houses/{{p.author.house}}.webp?v=7" height="20" data-bs-toggle="tooltip" data-bs-placement="bottom" title="House {{p.author.house}}" alt="House {{p.author.house}}">
+						<img loading="lazy" src="/assets/images/{{SITE_NAME}}/houses/{{p.author.house}}.webp?v=7" height="20" data-bs-toggle="tooltip" data-bs-placement="bottom" title="House {{p.author.house}}" alt="House {{p.author.house}}">
 					{% endif %}

 					{% if p.author.verified %}<i class="fas fa-badge-check align-middle ml-1 {% if p.author.verified=='Glowiefied' %}glow{% endif %}" style="color:{% if p.author.verifiedcolor %}#{{p.author.verifiedcolor}}{% else %}#1DA1F2{% endif %}" data-bs-toggle="tooltip" data-bs-placement="bottom" title="{{p.author.verified}}"></i>
--- a/files/templates/userpage.html
+++ b/files/templates/userpage.html
@ -61,7 +61,7 @@
 								{% endif %}

 								{% if SITE_NAME=='rDrama' and u.house %}
-									<img class="ml-3" id="profile--house" src="/assets/images/{{SITE_NAME}}/houses/{{u.house}}.webp?v=7" height="20" data-bs-toggle="tooltip" data-bs-placement="bottom" title="House {{u.house}}" alt="House {{u.house}}">
+									<img loading="lazy" class="ml-3" id="profile--house" src="/assets/images/{{SITE_NAME}}/houses/{{u.house}}.webp?v=7" height="20" data-bs-toggle="tooltip" data-bs-placement="bottom" title="House {{u.house}}" alt="House {{u.house}}">
 								{% endif %}

 								{% if u.verified %}
@ -386,7 +386,7 @@
 				{% endif %}

 				{% if SITE_NAME=='rDrama' and u.house %}
-					<img class="ml-2" id="profile--house" src="/assets/images/{{SITE_NAME}}/houses/{{u.house}}.webp?v=7" height="20" data-bs-toggle="tooltip" data-bs-placement="bottom" title="House {{u.house}}" alt="House {{u.house}}">
+					<img loading="lazy" class="ml-2" id="profile--house" src="/assets/images/{{SITE_NAME}}/houses/{{u.house}}.webp?v=7" height="20" data-bs-toggle="tooltip" data-bs-placement="bottom" title="House {{u.house}}" alt="House {{u.house}}">
 				{% endif %}

 				{% if u.verified %}
--- a/requirements.txt
+++ b/requirements.txt
@ -22,6 +22,7 @@ requests
 SQLAlchemy
 tinycss2
 tldextract
+user-agents
 psycopg2-binary
 pusher_push_notifications
 pyenchant