diff --git a/files/helpers/const.py b/files/helpers/const.py index 21ddb79faf..d729e6c1ba 100644 --- a/files/helpers/const.py +++ b/files/helpers/const.py @@ -701,7 +701,7 @@ for k, val in AWARDS.items(): AWARDS3 = {} for k, val in AWARDS2.items(): - if val['price'] == 300: AWARDS3[k] = val + if val['price'] <= 500: AWARDS3[k] = val DOUBLE_XP_ENABLED = -1 # set to unixtime for when DXP begins, -1 to disable @@ -964,8 +964,7 @@ image_regex = re.compile("(^|\s)(https:\/\/[\w\-.#&/=\?@%;+]{5,250}(\.png|\.jpg| link_fix_regex = re.compile("(?!.*(http|\/))(.*\[[^\]]+\]\()([^)]+\))", flags=re.A) -css_regex = re.compile('''url\(['"]?(.*?)['"]?\)''', flags=re.I|re.A) -css_regex2 = re.compile('''['"](http.*?)['"]''', flags=re.I|re.A) +css_regex = re.compile('https?:\/\/[\w:~,()\-.#&\/=?@%;+]*', flags=re.I|re.A) procoins_li = (0,2500,5000,10000,25000,50000,125000,250000) diff --git a/files/helpers/wrappers.py b/files/helpers/wrappers.py index f3b31015ee..51be31a3ff 100644 --- a/files/helpers/wrappers.py +++ b/files/helpers/wrappers.py @@ -3,6 +3,7 @@ from .alerts import * from files.helpers.const import * from files.__main__ import db_session from random import randint +import user_agents def get_logged_in_user(): @@ -53,11 +54,12 @@ def get_logged_in_user(): if session["session_id"] in loggedout: del loggedout[session["session_id"]] loggedin[v.id] = timestamp else: - loggedout[session["session_id"]] = timestamp + loggedout[session["session_id"]] = (timestamp, str(user_agents.parse(request.headers.get("User-Agent")))) g.loggedin_counter = len([x for x in loggedin.values() if timestamp-x<15*60]) cache.set(f'{SITE}_loggedin', loggedin) - g.loggedout_counter = len([x for x in loggedout.values() if timestamp-x<15*60]) + + g.loggedout_counter = len([x for x in loggedout.values() if timestamp-x[0]<15*60]) cache.set(f'{SITE}_loggedout', loggedout) g.v = v diff --git a/files/routes/admin.py b/files/routes/admin.py index 47424e752e..ab410917c4 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -28,10 +28,14 @@ month = datetime.now().strftime('%B') @admin_level_required(2) def loggedin_list(v): ids = [x for x,val in cache.get(f'{SITE}_loggedin').items() if time.time()-val<15*60] - users = g.db.query(User).filter(User.id.in_(ids)) \ - .order_by(User.admin_level.desc(), User.truecoins.desc()).all() + users = g.db.query(User).filter(User.id.in_(ids)).order_by(User.admin_level.desc(), User.truecoins.desc()).all() return render_template("loggedin.html", v=v, users=users) +@app.get('/admin/loggedout') +@admin_level_required(2) +def loggedout_list(v): + users = [val[1] for x,val in cache.get(f'{SITE}_loggedout').items() if time.time()-val[0]<15*60] + return render_template("loggedout.html", v=v, users=users) @app.get('/admin/merge//') @admin_level_required(3) @@ -966,7 +970,8 @@ def admin_removed_comments(v): def agendaposter(user_id, v): user = g.db.query(User).filter_by(id=user_id).one_or_none() - days = request.values.get("days") or 30 + days = min(request.values.get("days", 30), 30) + expiry = float(days) expiry = int(time.time() + expiry*60*60*24) diff --git a/files/routes/login.py b/files/routes/login.py index 07c6d19910..3cc58bdb52 100644 --- a/files/routes/login.py +++ b/files/routes/login.py @@ -128,7 +128,7 @@ def login_post(): return redirect("/login") if not account.validate_2fa(request.values.get("2fa_token", "").strip()): - hash = generate_hash(f"{account.id}+{time}+2fachallenge") + hash = generate_hash(f"{account.id}+{now}+2fachallenge") return render_template("login_2fa.html", v=account, time=now, diff --git a/files/routes/reporting.py b/files/routes/reporting.py index eb2ae792dc..4b4fe600c3 100644 --- a/files/routes/reporting.py +++ b/files/routes/reporting.py @@ -40,7 +40,10 @@ def api_flag_post(pid, v): ) g.db.add(ma) elif reason.startswith('/h/') and v.admin_level > 1: - post.sub = reason[3:] + sub = reason[3:].strip().lower() + sub = g.db.query(Sub).filter_by(name=sub).one_or_none() + if not sub: abort(404) + post.sub = sub.name g.db.add(post) ma=ModAction( kind="move_hole", diff --git a/files/routes/settings.py b/files/routes/settings.py index 7bc8763a72..8486c8856f 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -638,9 +638,8 @@ def settings_profilecss(v): profilecss = request.values.get("profilecss").strip().replace('\\', '').strip()[:4000] - urls = list(css_regex.finditer(profilecss)) + list(css_regex2.finditer(profilecss)) - for i in urls: - url = i.group(1) + for i in css_regex.finditer(profilecss): + url = i.group(0) if not is_safe_url(url): domain = tldextract.extract(url).registered_domain error = f"The domain '{domain}' is not allowed, please use one of these domains\n\n{approved_embed_hosts}." diff --git a/files/routes/subs.py b/files/routes/subs.py index f59d0b26ad..9c9a8c3168 100644 --- a/files/routes/subs.py +++ b/files/routes/subs.py @@ -332,9 +332,8 @@ def post_sub_css(v, sub): css = request.values.get('css', '').strip() - urls = list(css_regex.finditer(css)) + list(css_regex2.finditer(css)) - for i in urls: - url = i.group(1) + for i in css_regex.finditer(css): + url = i.group(0) if not is_safe_url(url): domain = tldextract.extract(url).registered_domain error = f"The domain '{domain}' is not allowed, please use one of these domains\n\n{approved_embed_hosts}." diff --git a/files/templates/comments.html b/files/templates/comments.html index cbe119dd67..1e1818a8bd 100644 --- a/files/templates/comments.html +++ b/files/templates/comments.html @@ -199,7 +199,7 @@ 👻 {% else %} {% if SITE_NAME=='rDrama' and c.author.house %} - House {{c.author.house}} + House {{c.author.house}} {% endif %} {% if c.author.verified %} diff --git a/files/templates/loggedout.html b/files/templates/loggedout.html new file mode 100644 index 0000000000..a210ef0249 --- /dev/null +++ b/files/templates/loggedout.html @@ -0,0 +1,19 @@ +{% extends "settings2.html" %} + +{% block content %} +
+ + + + + + +{% for user in users %} + + + + +{% endfor %} +
#Details
{{loop.index}}{{user}}
+ +{% endblock %} diff --git a/files/templates/submission.html b/files/templates/submission.html index b0a304ce3e..721af93340 100644 --- a/files/templates/submission.html +++ b/files/templates/submission.html @@ -705,7 +705,7 @@ 👻 {% else %} {% if SITE_NAME=='rDrama' and p.author.house %} - House {{p.author.house}} + House {{p.author.house}} {% endif %} {% if p.author.verified %} diff --git a/files/templates/submission_listing.html b/files/templates/submission_listing.html index b6785efcc0..8138e3f433 100644 --- a/files/templates/submission_listing.html +++ b/files/templates/submission_listing.html @@ -181,7 +181,7 @@ 👻 {% else %} {% if SITE_NAME=='rDrama' and p.author.house %} - House {{p.author.house}} + House {{p.author.house}} {% endif %} {% if p.author.verified %} diff --git a/files/templates/userpage.html b/files/templates/userpage.html index a4ffd74e54..11273509ed 100644 --- a/files/templates/userpage.html +++ b/files/templates/userpage.html @@ -61,7 +61,7 @@ {% endif %} {% if SITE_NAME=='rDrama' and u.house %} - House {{u.house}} + House {{u.house}} {% endif %} {% if u.verified %} @@ -386,7 +386,7 @@ {% endif %} {% if SITE_NAME=='rDrama' and u.house %} - House {{u.house}} + House {{u.house}} {% endif %} {% if u.verified %} diff --git a/requirements.txt b/requirements.txt index 4df1e66100..6211c1cf6e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -22,6 +22,7 @@ requests SQLAlchemy tinycss2 tldextract +user-agents psycopg2-binary pusher_push_notifications pyenchant