From 9b17bb1cfe787184c5cc1448071848f411cd2990 Mon Sep 17 00:00:00 2001 From: TLSM Date: Thu, 16 Jun 2022 20:06:00 -0400 Subject: [PATCH 4/7] Fix shadowbanned 404 on own profile. --- files/routes/users.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/routes/users.py b/files/routes/users.py index cb24e9a0bf..4070f6685b 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -914,7 +914,7 @@ def u_username(username, v=None): if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": f"That username is reserved for: {u.reserved}"} return render_template("userpage_reserved.html", u=u, v=v) - if u.shadowbanned and not (v and v.admin_level >= 2): + if u.shadowbanned and not (v and v.admin_level >= 2) and not v.id == u.id: abort(404) if v and v.id not in (u.id,DAD_ID) and (u.patron or u.admin_level > 1): From b995b4ddfbf101e029b3a799a17c7c7eb1585361 Mon Sep 17 00:00:00 2001 From: TLSM Date: Fri, 17 Jun 2022 02:30:20 -0400 Subject: [PATCH 6/7] Amend 9b17bb1cfe78: fix userpage for logged-out. The previous fix to shadowbanned users not being able to view their own profile broke userpages for logged out users (and filled the log up with 500s) due to sloppy logic around accessing v.id. This has been remedied. --- files/routes/users.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/routes/users.py b/files/routes/users.py index 4070f6685b..15e8a852f4 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -914,7 +914,7 @@ def u_username(username, v=None): if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": f"That username is reserved for: {u.reserved}"} return render_template("userpage_reserved.html", u=u, v=v) - if u.shadowbanned and not (v and v.admin_level >= 2) and not v.id == u.id: + if u.shadowbanned and not (v and v.admin_level >= 2) and not (v and v.id == u.id): abort(404) if v and v.id not in (u.id,DAD_ID) and (u.patron or u.admin_level > 1):