forked from MarseyWorld/MarseyWorld
Merge branch 'frost' of https://github.com/Aevann1/rDrama into frost
commit
e92da1cacc
|
|
@ -335,7 +335,7 @@ class Submission(Base):
|
|||
def realbody(self, v, listing=False):
|
||||
if self.club and not (v and (v.paid_dues or v.id == self.author_id)): return f"<p>{CC} ONLY</p>"
|
||||
if self.deleted_utc != 0 and not (v and (v.admin_level >= 2) or v.id == self.author.id): return "[Deleted by user]"
|
||||
if self.is_banned and not (v and v.admin_level >= 2): return "[Removed by admins]";
|
||||
if self.is_banned and not (v and v.admin_level >= 2): return "[Removed by admins]"
|
||||
|
||||
body = self.body_html or ""
|
||||
|
||||
|
|
|
|||
|
|
@ -139,13 +139,13 @@ def execute_snappy(post, v):
|
|||
body += addition
|
||||
archive_url(href)
|
||||
|
||||
body = body.strip()
|
||||
body = body.strip()[:POST_BODY_LENGTH_LIMIT]
|
||||
body_html = sanitize(body)
|
||||
|
||||
if len(body_html) == 0:
|
||||
return
|
||||
|
||||
if len(body_html) < 40000:
|
||||
if len(body_html) < POST_BODY_HTML_LENGTH_LIMIT:
|
||||
c = Comment(author_id=SNAPPY_ID,
|
||||
distinguish_level=6,
|
||||
parent_submission=post.id,
|
||||
|
|
|
|||
|
|
@ -155,6 +155,11 @@ EMOJI_SRCS = ['files/assets/emojis.json']
|
|||
|
||||
PIN_LIMIT = 3
|
||||
POST_RATE_LIMIT = '1/second;2/minute;10/hour;50/day'
|
||||
POST_TITLE_LENGTH_LIMIT = 500 # do not make larger than 500 without altering the table
|
||||
POST_TITLE_HTML_LENGTH_LIMIT = 1500 # do not make larger than 1500 without altering the table
|
||||
POST_BODY_LENGTH_LIMIT = 20000 # do not make larger than 20000 without altering the table
|
||||
POST_BODY_HTML_LENGTH_LIMIT = 40000 # do not make larger than 40000 without altering the table
|
||||
|
||||
LOGGEDIN_ACTIVE_TIME = 15 * 60
|
||||
PFP_DEFAULT_MARSEY = True
|
||||
NOTIFICATION_SPAM_AGE_THRESHOLD = 0.5 * 86400
|
||||
|
|
|
|||
|
|
@ -189,6 +189,19 @@ def with_sigalrm_timeout(timeout: int):
|
|||
return inner
|
||||
|
||||
|
||||
def sanitize_raw_title(sanitized):
|
||||
if not sanitized: return ""
|
||||
sanitized = sanitized.replace('\u200e','').replace('\u200b','').replace("\ufeff", "").replace("\r","").replace("\n", "")
|
||||
sanitized = sanitized.strip()
|
||||
return sanitized[:POST_TITLE_LENGTH_LIMIT]
|
||||
|
||||
def sanitize_raw_body(sanitized):
|
||||
if not sanitized: return ""
|
||||
sanitized = sanitized.replace('\u200e','').replace('\u200b','').replace("\ufeff", "").replace("\r\n", "\n")
|
||||
sanitized = sanitized.strip()
|
||||
return sanitized[:POST_BODY_LENGTH_LIMIT]
|
||||
|
||||
|
||||
@with_sigalrm_timeout(5)
|
||||
def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_marseys=False, torture=False):
|
||||
sanitized = sanitized.strip()
|
||||
|
|
@ -419,10 +432,10 @@ def filter_emojis_only(title, golden=True, count_marseys=False, graceful=False,
|
|||
|
||||
title = strikethrough_regex.sub(r'\1<del>\2</del>', title)
|
||||
|
||||
title = bleach.clean(title, tags=['img','del','span'], attributes=allowed_attributes_emojis, protocols=['http','https'])
|
||||
title = bleach.clean(title, tags=['img','del','span'], attributes=allowed_attributes_emojis, protocols=['http','https']).replace('\n','').strip()
|
||||
|
||||
if len(title) > 1500 and not graceful: abort(400)
|
||||
else: return title.replace('\n','').strip()
|
||||
if len(title) > POST_TITLE_HTML_LENGTH_LIMIT and not graceful: abort(400)
|
||||
else: return title
|
||||
|
||||
def normalize_url(url):
|
||||
url = reddit_domain_regex.sub(r'\1https://old.reddit.com/\3/', url)
|
||||
|
|
|
|||
|
|
@ -374,11 +374,9 @@ def morecomments(v, cid):
|
|||
def edit_post(pid, v):
|
||||
p = get_post(pid)
|
||||
|
||||
title = request.values.get("title", "").strip().replace('','')
|
||||
title = sanitize_raw_title(request.values.get("title", ""))
|
||||
|
||||
body = request.values.get("body", "").strip().replace('','')
|
||||
|
||||
body = body.replace('\r\n', '\n')[:20000]
|
||||
body = sanitize_raw_body(request.values.get("body", ""))
|
||||
|
||||
if v.id != p.author_id and v.admin_level < 2:
|
||||
abort(403)
|
||||
|
|
@ -389,6 +387,8 @@ def edit_post(pid, v):
|
|||
elif v.bird and len(body) > 140:
|
||||
return {"error":"You have to type less than 140 characters!"}, 403
|
||||
|
||||
if not title:
|
||||
return {"error": "Please enter a better title."}, 400
|
||||
if title != p.title:
|
||||
torture = (v.agendaposter and not v.marseyawarded and p.sub != 'chudrama' and v.id == p.author_id)
|
||||
|
||||
|
|
@ -397,12 +397,11 @@ def edit_post(pid, v):
|
|||
if v.id == p.author_id and v.marseyawarded and not marseyaward_title_regex.fullmatch(title_html):
|
||||
return {"error":"You can only type marseys!"}, 403
|
||||
|
||||
p.title = title[:500]
|
||||
p.title = title
|
||||
p.title_html = title_html
|
||||
|
||||
body += process_files()
|
||||
|
||||
body = body.strip()
|
||||
body = body.strip()[:POST_BODY_LENGTH_LIMIT] # process_files() may be adding stuff to the body
|
||||
|
||||
if body != p.body:
|
||||
for i in poll_regex.finditer(body):
|
||||
|
|
@ -440,7 +439,7 @@ def edit_post(pid, v):
|
|||
g.db.add(v)
|
||||
send_repeatable_notification(CARP_ID, p.permalink)
|
||||
|
||||
if len(body_html) > 40000: return {"error":"Submission body_html too long! (max 40k characters)"}, 400
|
||||
if len(body_html) > POST_BODY_HTML_LENGTH_LIMIT: return {"error":f"Submission body_html too long! (max {POST_BODY_HTML_LENGTH_LIMIT} characters)"}, 400
|
||||
|
||||
p.body_html = body_html
|
||||
|
||||
|
|
@ -661,18 +660,24 @@ def submit_post(v, sub=None):
|
|||
|
||||
if '\\' in url: abort(400)
|
||||
|
||||
title = request.values.get("title", "").strip()[:500].replace('','')
|
||||
title = sanitize_raw_title(request.values.get("title", ""))
|
||||
|
||||
body = request.values.get("body", "").strip().replace('','')
|
||||
|
||||
body = body.replace('\r\n', '\n')[:20000]
|
||||
body = sanitize_raw_body(request.values.get("body", ""))
|
||||
|
||||
def error(error):
|
||||
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": error}, 403
|
||||
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": error}, 400
|
||||
|
||||
SUBS = [x[0] for x in g.db.query(Sub.name).order_by(Sub.name).all()]
|
||||
return render_template("submit.html", SUBS=SUBS, v=v, error=error, title=title, url=url, body=body), 400
|
||||
|
||||
if not title:
|
||||
return error("Please enter a better title.")
|
||||
torture = (v.agendaposter and not v.marseyawarded and sub != 'chudrama')
|
||||
title_html = filter_emojis_only(title, graceful=True, count_marseys=True, torture=torture)
|
||||
if v.marseyawarded and not marseyaward_title_regex.fullmatch(title_html):
|
||||
return error("You can only type marseys!")
|
||||
if len(title_html) > POST_TITLE_HTML_LENGTH_LIMIT:
|
||||
return error("Rendered title is too big!")
|
||||
|
||||
sub = request.values.get("sub", "").lower().replace('/h/','').strip()
|
||||
|
||||
|
|
@ -696,15 +701,6 @@ def submit_post(v, sub=None):
|
|||
return error(f"You must choose a {HOLE_NAME} for your post!")
|
||||
|
||||
if v.is_suspended: return error("You can't perform this action while banned.")
|
||||
|
||||
torture = (v.agendaposter and not v.marseyawarded and sub != 'chudrama')
|
||||
|
||||
title_html = filter_emojis_only(title, graceful=True, count_marseys=True, torture=torture)
|
||||
|
||||
if v.marseyawarded and not marseyaward_title_regex.fullmatch(title_html):
|
||||
return error("You can only type marseys!")
|
||||
|
||||
if len(title_html) > 1500: return error("Rendered title is too big!")
|
||||
|
||||
if v.longpost and (len(body) < 280 or ' [](' in body or body.startswith('[](')):
|
||||
return error("You have to type more than 280 characters!")
|
||||
|
|
@ -784,16 +780,9 @@ def submit_post(v, sub=None):
|
|||
embed = str(int(id))
|
||||
|
||||
|
||||
if not url and not request.values.get("body") and not request.files.get("file") and not request.files.get("file-url"):
|
||||
if not url and not body and not request.files.get("file") and not request.files.get("file-url"):
|
||||
return error("Please enter a url or some text.")
|
||||
|
||||
if not title:
|
||||
return error("Please enter a better title.")
|
||||
|
||||
|
||||
elif len(title) > 500:
|
||||
return error("There's a 500 character limit for titles.")
|
||||
|
||||
dup = g.db.query(Submission).filter(
|
||||
Submission.author_id == v.id,
|
||||
Submission.deleted_utc == 0,
|
||||
|
|
@ -868,8 +857,7 @@ def submit_post(v, sub=None):
|
|||
body = body.replace(i.group(0), "")
|
||||
|
||||
body += process_files()
|
||||
|
||||
body = body.strip()
|
||||
body = body.strip()[:POST_BODY_LENGTH_LIMIT] # process_files() adds content to the body, so we need to re-strip
|
||||
|
||||
torture = (v.agendaposter and not v.marseyawarded and sub != 'chudrama')
|
||||
|
||||
|
|
@ -878,7 +866,7 @@ def submit_post(v, sub=None):
|
|||
if v.marseyawarded and marseyaward_body_regex.search(body_html):
|
||||
return error("You can only type marseys!")
|
||||
|
||||
if len(body_html) > 40000: return error("Submission body_html too long! (max 40k characters)")
|
||||
if len(body_html) > POST_BODY_HTML_LENGTH_LIMIT: return error(f"Submission body_html too long! (max {POST_BODY_HTML_LENGTH_LIMIT} characters)")
|
||||
|
||||
club = False
|
||||
if FEATURES['COUNTRY_CLUB']:
|
||||
|
|
@ -905,10 +893,10 @@ def submit_post(v, sub=None):
|
|||
app_id=v.client.application.id if v.client else None,
|
||||
is_bot = is_bot,
|
||||
url=url,
|
||||
body=body[:20000],
|
||||
body=body,
|
||||
body_html=body_html,
|
||||
embed_url=embed,
|
||||
title=title[:500],
|
||||
title=title,
|
||||
title_html=title_html,
|
||||
sub=sub,
|
||||
ghost=ghost
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue