master
Aevann1 2021-09-21 23:54:44 +02:00
parent 535c3a75cd
commit eb69e6fbf8
5 changed files with 9 additions and 2 deletions

View File

@ -85,8 +85,6 @@ db_session = scoped_session(sessionmaker(bind=engine, autoflush=False))
@app.before_request @app.before_request
def before_request(): def before_request():
if request.content_length > 16 * 1024 * 1024: abort(413)
if request.method.lower() != "get" and app.config["READ_ONLY"]: return {"error":f"{app.config['SITE_NAME']} is currently in read-only mode."}, 500 if request.method.lower() != "get" and app.config["READ_ONLY"]: return {"error":f"{app.config['SITE_NAME']} is currently in read-only mode."}, 500
if app.config["BOT_DISABLE"] and request.headers.get("X-User-Type")=="Bot": abort(503) if app.config["BOT_DISABLE"] and request.headers.get("X-User-Type")=="Bot": abort(503)

View File

@ -644,6 +644,8 @@ def admin_removed(v):
@admin_level_required(4) @admin_level_required(4)
@validate_formkey @validate_formkey
def admin_image_ban(v): def admin_image_ban(v):
if request.content_length > 16 * 1024 * 1024: abort(413)
i=request.files['file'] i=request.files['file']

View File

@ -129,6 +129,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
@is_not_banned @is_not_banned
@validate_formkey @validate_formkey
def api_comment(v): def api_comment(v):
if request.content_length > 16 * 1024 * 1024: abort(413)
parent_submission = request.values.get("submission") parent_submission = request.values.get("submission")
parent_fullname = request.values.get("parent_fullname") parent_fullname = request.values.get("parent_fullname")
@ -592,6 +593,7 @@ def api_comment(v):
@auth_required @auth_required
@validate_formkey @validate_formkey
def edit_comment(cid, v): def edit_comment(cid, v):
if request.content_length > 16 * 1024 * 1024: abort(413)
c = get_comment(cid, v=v) c = get_comment(cid, v=v)

View File

@ -588,6 +588,7 @@ def thumbs(new_post):
@is_not_banned @is_not_banned
@validate_formkey @validate_formkey
def submit_post(v): def submit_post(v):
if request.content_length > 16 * 1024 * 1024: abort(413)
title = request.values.get("title", "") title = request.values.get("title", "")
url = request.values.get("url", "") url = request.values.get("url", "")

View File

@ -40,6 +40,8 @@ def removebackground(v):
@auth_required @auth_required
@validate_formkey @validate_formkey
def settings_profile_post(v): def settings_profile_post(v):
if request.content_length > 16 * 1024 * 1024: abort(413)
updated = False updated = False
if request.values.get("background", v.background) != v.background: if request.values.get("background", v.background) != v.background:
@ -497,6 +499,7 @@ def settings_log_out_others(v):
@auth_required @auth_required
@validate_formkey @validate_formkey
def settings_images_profile(v): def settings_images_profile(v):
if request.content_length > 16 * 1024 * 1024: abort(413)
if request.headers.get("cf-ipcountry") == "T1": return "Image uploads are not allowed through TOR.", 403 if request.headers.get("cf-ipcountry") == "T1": return "Image uploads are not allowed through TOR.", 403
@ -522,6 +525,7 @@ def settings_images_profile(v):
@auth_required @auth_required
@validate_formkey @validate_formkey
def settings_images_banner(v): def settings_images_banner(v):
if request.content_length > 16 * 1024 * 1024: abort(413)
if request.headers.get("cf-ipcountry") == "T1": return "Image uploads are not allowed through TOR.", 403 if request.headers.get("cf-ipcountry") == "T1": return "Image uploads are not allowed through TOR.", 403