From db4a1a39d1529aa136339ed3083fc1ac5e79e523 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Thu, 17 Mar 2022 18:45:54 +0200 Subject: [PATCH 1/2] yolo i guess --- files/helpers/sanitize.py | 45 ++++++++++++++++++++++++++++++--------- files/routes/admin.py | 10 --------- 2 files changed, 35 insertions(+), 20 deletions(-) diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 65be0a660a..a19637df08 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -10,6 +10,8 @@ from json import loads, dump from random import random, choice import signal import time +from urllib.parse import ParseResult, urlunparse, urlparse + allowed_tags = tags = ['b', 'blockquote', @@ -115,7 +117,13 @@ def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False): sanitized = strikethrough_regex.sub(r'\1', sanitized) - sanitized = sanitized.replace("\ufeff", "").replace("𒐪","").replace("","").replace('‎','') + sanitized = sanitized.replace("\ufeff", "").replace("𒐪","").replace("","").replace('‎','').replace("https://youtu.be/", "https://youtube.com/watch?v=").replace("https://music.youtube.com/watch?v=", "https://youtube.com/watch?v=").replace("https://streamable.com/", "https://streamable.com/e/").replace("https://youtube.com/shorts/", "https://youtube.com/watch?v=").replace("https://mobile.twitter", "https://twitter").replace("https://m.facebook", "https://facebook").replace("m.wikipedia.org", "wikipedia.org").replace("https://m.youtube", "https://youtube").replace("https://www.youtube", "https://youtube").replace("old.reddit.com/gallery", "reddit.com/gallery") + + if "https://youtube.com/watch?v=" in sanitized: sanitized = sanitized.replace("?t=", "&t=") + + for rd in ["://reddit.com", "://new.reddit.com", "://www.reddit.com", "://redd.it", "://libredd.it"]: + sanitized = sanitized.replace(rd, "://old.reddit.com") + if alert: captured = [] @@ -195,6 +203,32 @@ def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False): except: tag.string = "" + parsed_url = urlparse(tag.get("href")) + + domain = parsed_url.netloc + if domain == 'old.reddit.com': + new_url = ParseResult(scheme="https", + netloc=parsed_url.netloc, + path=parsed_url.path, + params=parsed_url.params, + query=None, + fragment=parsed_url.fragment) + else: + qd = parse_qs(parsed_url.query) + filtered = {k: val for k, val in qd.items() if not k.startswith('utm_') and not k.startswith('ref_')} + + new_url = ParseResult(scheme="https", + netloc=parsed_url.netloc, + path=parsed_url.path, + params=parsed_url.params, + query=urlencode(filtered, doseq=True), + fragment=parsed_url.fragment) + + + new_url = urlunparse(new_url) + if tag.string == tag["href"]: tag.string = new_url + tag["href"] = new_url + sanitized = str(soup) @@ -276,10 +310,6 @@ def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False): sanitized = re.sub(f'(?', sanitized, flags=re.I|re.A) if comment: marseys_used.add(emoji) - sanitized = sanitized.replace("https://youtu.be/", "https://youtube.com/watch?v=").replace("https://music.youtube.com/watch?v=", "https://youtube.com/watch?v=").replace("https://streamable.com/", "https://streamable.com/e/").replace("https://youtube.com/shorts/", "https://youtube.com/watch?v=").replace("https://mobile.twitter", "https://twitter").replace("https://m.facebook", "https://facebook").replace("m.wikipedia.org", "wikipedia.org").replace("https://m.youtube", "https://youtube").replace("https://www.youtube", "https://youtube") - - if "https://youtube.com/watch?v=" in sanitized: sanitized = sanitized.replace("?t=", "&t=") - captured = [] for i in youtube_regex.finditer(sanitized): if i.group(0) in captured: continue @@ -299,11 +329,6 @@ def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False): sanitized = sanitized.replace(replacing, htmlsource) - for rd in ["://reddit.com", "://new.reddit.com", "://www.reddit.com", "://redd.it", "://libredd.it"]: - sanitized = sanitized.replace(rd, "://old.reddit.com") - - sanitized = sanitized.replace("old.reddit.com/gallery", "reddit.com/gallery") - sanitized = unlinked_regex.sub(r'\1\2', sanitized) diff --git a/files/routes/admin.py b/files/routes/admin.py index 69819fe74c..f1b12f19aa 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -23,16 +23,6 @@ GUMROAD_TOKEN = environ.get("GUMROAD_TOKEN", "").strip() month = datetime.now().strftime('%B') -@app.get('/admin/default') -@admin_level_required(3) -def default(v): - for u in g.db.query(User).filter(User.profileurl == None).all(): - u.profileurl = '/e/' + random.choice(marseys_const) + '.webp' - g.db.add(u) - print(u.username, flush=True) - g.db.commit() - return 'done' - @app.get('/admin/merge//') @admin_level_required(3) def merge(v, id1, id2): From b7135461b7a4b599b51d8a903a09fff68af174ab Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Thu, 17 Mar 2022 19:42:28 +0200 Subject: [PATCH 2/2] fsd --- files/templates/authforms.html | 4 ++-- files/templates/default.html | 4 ++-- files/templates/gif_modal.html | 2 +- files/templates/log.html | 4 ++-- files/templates/login.html | 2 +- files/templates/login_2fa.html | 2 +- files/templates/settings.html | 2 +- files/templates/settings2.html | 4 ++-- files/templates/sign_up.html | 2 +- files/templates/sign_up_failed_ref.html | 2 +- files/templates/submit.html | 4 ++-- 11 files changed, 16 insertions(+), 16 deletions(-) diff --git a/files/templates/authforms.html b/files/templates/authforms.html index 4320d9d103..f4f92f6b81 100644 --- a/files/templates/authforms.html +++ b/files/templates/authforms.html @@ -15,7 +15,7 @@ {% if v %} - + {% if v.agendaposter %} - + {% endif %} diff --git a/files/templates/default.html b/files/templates/default.html index ef10e4d6b0..f7e9d0c3ab 100644 --- a/files/templates/default.html +++ b/files/templates/default.html @@ -7,7 +7,7 @@ {% if v %} - + {% if v.agendaposter %} - + {% endif %} diff --git a/files/templates/gif_modal.html b/files/templates/gif_modal.html index e321b0e6cb..a4d0b3d10a 100644 --- a/files/templates/gif_modal.html +++ b/files/templates/gif_modal.html @@ -1,5 +1,5 @@