forked from rDrama/rDrama
security: don't leak post contents to embeds and other stuff for removed/deleted posts
parent
775686028b
commit
31725a0684
|
@ -334,6 +334,8 @@ class Submission(Base):
|
||||||
@lazy
|
@lazy
|
||||||
def realbody(self, v, listing=False):
|
def realbody(self, v, listing=False):
|
||||||
if self.club and not (v and (v.paid_dues or v.id == self.author_id)): return f"<p>{CC} ONLY</p>"
|
if self.club and not (v and (v.paid_dues or v.id == self.author_id)): return f"<p>{CC} ONLY</p>"
|
||||||
|
if self.deleted_utc != 0 and not (v and (v.admin_level >= 2) or v.id == self.author.id): return "[Deleted by user]"
|
||||||
|
if self.is_banned and not (v and v.admin_level >= 2): return "[Removed by admins]";
|
||||||
|
|
||||||
body = self.body_html or ""
|
body = self.body_html or ""
|
||||||
|
|
||||||
|
@ -401,6 +403,8 @@ class Submission(Base):
|
||||||
|
|
||||||
@lazy
|
@lazy
|
||||||
def plainbody(self, v):
|
def plainbody(self, v):
|
||||||
|
if self.deleted_utc != 0 and not (v and (v.admin_level >= 2) or v.id == self.author.id): return "[Deleted by user]"
|
||||||
|
if self.is_banned and not (v and v.admin_level >= 2): return "[Removed by admins]"
|
||||||
if self.club and not (v and (v.paid_dues or v.id == self.author_id)): return f"<p>{CC} ONLY</p>"
|
if self.club and not (v and (v.paid_dues or v.id == self.author_id)): return f"<p>{CC} ONLY</p>"
|
||||||
|
|
||||||
body = self.body
|
body = self.body
|
||||||
|
|
Loading…
Reference in New Issue