diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index ec33d66560..3def8839bf 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -242,11 +242,13 @@ def sanitize(sanitized, edit=False): sanitized = reddit_regex.sub(r'\1/\2', sanitized) sanitized = sub_regex.sub(r'\1/\2', sanitized) + v = getattr(g, 'v', None) + matches = [ m for m in mention_regex.finditer(sanitized) if m ] names = set( m.group(2) for m in matches ) - users = get_users(names,graceful=True) + if len(names) > 3 and not v.admin_level: abort(406) + users = get_users(names, graceful=True) - v = getattr(g, 'v', None) for u in users: if not u: continue m = [ m for m in matches if u.username.lower() == m.group(2).lower() or u.original_username.lower() == m.group(2).lower() ] diff --git a/files/routes/errors.py b/files/routes/errors.py index a0d5191a65..0180f9eaa8 100644 --- a/files/routes/errors.py +++ b/files/routes/errors.py @@ -21,6 +21,11 @@ def error_401(e): argval = quote(f"{path}?{qs}", safe='') return redirect(f"/login?redirect={argval}") +@app.errorhandler(406) +def error_406(e): + if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "You can't ping more than 3 people!"}, 406 + else: return render_template('errors/406.html', err=True), 406 + @app.errorhandler(403) def error_403(e): diff --git a/files/templates/errors/406.html b/files/templates/errors/406.html new file mode 100644 index 0000000000..7bfa166cd7 --- /dev/null +++ b/files/templates/errors/406.html @@ -0,0 +1,21 @@ +{% extends "default.html" %} + +{% block title %} +
Hiiiii it's carp! I think this error means that there's a timeout error. And I think that means something took too long to load so it decided not to work at all. If you keep seeing this on the same page but not other pages, then something is probably wrong with that specific function. It may not be called a function, but that sounds right to me. Anyway, ping me and I'll whine to someone smarter to fix it. Don't bother them. Thanks ily <3