diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index ba7681ced..81106c176 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -165,7 +165,7 @@ def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False): ] ).clean(sanitized) - soup = BeautifulSoup(sanitized, 'xml') + soup = BeautifulSoup(sanitized, 'html.parser') for tag in soup.find_all("img"): if tag.get("src") and tag.get("class") != ['pp20']: diff --git a/files/routes/comments.py b/files/routes/comments.py index 6e7f3c7b7..fb6cd282f 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -222,15 +222,17 @@ def api_comment(v): try: badge_def = loads(body) name = badge_def["name"] - badge = g.db.query(BadgeDef).filter_by(name=name).one_or_none() - if not badge: - badge = BadgeDef(name=name, description=badge_def["description"]) - g.db.add(badge) - g.db.flush() - filename = f'files/assets/images/badges/{badge.id}.webp' - copyfile(oldname, filename) - process_image(filename, 200) - requests.post(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/purge_cache', headers=CF_HEADERS, data={'files': [f"https://{request.host}/static/assets/images/badges/{badge.id}.webp"]}) + + existing = g.db.query(BadgeDef).filter_by(name=name).one_or_none() + if existing: return {"error": "A badge with this name already exists!"} + + badge = BadgeDef(name=name, description=badge_def["description"]) + g.db.add(badge) + g.db.flush() + filename = f'files/assets/images/badges/{badge.id}.webp' + copyfile(oldname, filename) + process_image(filename, 200) + requests.post(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/purge_cache', headers=CF_HEADERS, data={'files': [f"https://{request.host}/static/assets/images/badges/{badge.id}.webp"]}) except Exception as e: return {"error": str(e)}, 400 elif v.admin_level > 2 and parent_post.id == 37838: @@ -240,14 +242,17 @@ def api_comment(v): if "author" in marsey: author_id = get_user(marsey["author"]).id elif "author_id" in marsey: author_id = marsey["author_id"] else: abort(400) - if not g.db.query(Marsey.name).filter_by(name=name).one_or_none(): - marsey = Marsey(name=marsey["name"], author_id=author_id, tags=marsey["tags"], count=0) - g.db.add(marsey) - filename = f'files/assets/images/emojis/{name}.webp' - copyfile(oldname, filename) - process_image(filename, 200) - requests.post(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/purge_cache', headers=CF_HEADERS, data={'files': [f"https://{request.host}/static/assets/images/emojis/{name}.webp"]}) - cache.delete_memoized(marsey_list) + + existing = g.db.query(Marsey.name).filter_by(name=name).one_or_none() + if existing: return {"error": "A marsey with this name already exists!"} + + marsey = Marsey(name=marsey["name"], author_id=author_id, tags=marsey["tags"], count=0) + g.db.add(marsey) + filename = f'files/assets/images/emojis/{name}.webp' + copyfile(oldname, filename) + process_image(filename, 200) + requests.post(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/purge_cache', headers=CF_HEADERS, data={'files': [f"https://{request.host}/static/assets/images/emojis/{name}.webp"]}) + cache.delete_memoized(marsey_list) except Exception as e: return {"error": str(e)}, 400 body += f"\n\n![]({image})"