From 2595706b4946b8336eabe18b41b18bc35b5b15e9 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Thu, 26 May 2022 20:36:37 +0200 Subject: [PATCH 1/9] fsd --- files/helpers/const.py | 2 +- files/templates/comments.html | 2 +- files/templates/submission.html | 2 +- files/templates/submission_listing.html | 2 +- files/templates/userpage.html | 4 ++-- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/files/helpers/const.py b/files/helpers/const.py index 21ddb79faf..3e8232e0f6 100644 --- a/files/helpers/const.py +++ b/files/helpers/const.py @@ -701,7 +701,7 @@ for k, val in AWARDS.items(): AWARDS3 = {} for k, val in AWARDS2.items(): - if val['price'] == 300: AWARDS3[k] = val + if val['price'] == 500: AWARDS3[k] = val DOUBLE_XP_ENABLED = -1 # set to unixtime for when DXP begins, -1 to disable diff --git a/files/templates/comments.html b/files/templates/comments.html index cbe119dd67..1e1818a8bd 100644 --- a/files/templates/comments.html +++ b/files/templates/comments.html @@ -199,7 +199,7 @@ 👻 {% else %} {% if SITE_NAME=='rDrama' and c.author.house %} - House {{c.author.house}} + House {{c.author.house}} {% endif %} {% if c.author.verified %} diff --git a/files/templates/submission.html b/files/templates/submission.html index b0a304ce3e..721af93340 100644 --- a/files/templates/submission.html +++ b/files/templates/submission.html @@ -705,7 +705,7 @@ 👻 {% else %} {% if SITE_NAME=='rDrama' and p.author.house %} - House {{p.author.house}} + House {{p.author.house}} {% endif %} {% if p.author.verified %} diff --git a/files/templates/submission_listing.html b/files/templates/submission_listing.html index b6785efcc0..8138e3f433 100644 --- a/files/templates/submission_listing.html +++ b/files/templates/submission_listing.html @@ -181,7 +181,7 @@ 👻 {% else %} {% if SITE_NAME=='rDrama' and p.author.house %} - House {{p.author.house}} + House {{p.author.house}} {% endif %} {% if p.author.verified %} diff --git a/files/templates/userpage.html b/files/templates/userpage.html index a4ffd74e54..11273509ed 100644 --- a/files/templates/userpage.html +++ b/files/templates/userpage.html @@ -61,7 +61,7 @@ {% endif %} {% if SITE_NAME=='rDrama' and u.house %} - House {{u.house}} + House {{u.house}} {% endif %} {% if u.verified %} @@ -386,7 +386,7 @@ {% endif %} {% if SITE_NAME=='rDrama' and u.house %} - House {{u.house}} + House {{u.house}} {% endif %} {% if u.verified %} From 64c3b489e3ac31d5ea9a9420d7ba28a1705543c9 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Thu, 26 May 2022 20:37:10 +0200 Subject: [PATCH 2/9] fds --- files/helpers/const.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/helpers/const.py b/files/helpers/const.py index 3e8232e0f6..824c7c08a5 100644 --- a/files/helpers/const.py +++ b/files/helpers/const.py @@ -701,7 +701,7 @@ for k, val in AWARDS.items(): AWARDS3 = {} for k, val in AWARDS2.items(): - if val['price'] == 500: AWARDS3[k] = val + if val['price'] <= 500: AWARDS3[k] = val DOUBLE_XP_ENABLED = -1 # set to unixtime for when DXP begins, -1 to disable From 1e8c00f6fe24a7a047552914e9d350a3359d60b1 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Thu, 26 May 2022 21:15:24 +0200 Subject: [PATCH 3/9] fsd --- files/routes/login.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/routes/login.py b/files/routes/login.py index 07c6d19910..3cc58bdb52 100644 --- a/files/routes/login.py +++ b/files/routes/login.py @@ -128,7 +128,7 @@ def login_post(): return redirect("/login") if not account.validate_2fa(request.values.get("2fa_token", "").strip()): - hash = generate_hash(f"{account.id}+{time}+2fachallenge") + hash = generate_hash(f"{account.id}+{now}+2fachallenge") return render_template("login_2fa.html", v=account, time=now, From f7dea74b3738f1acc97d92cc600ccabb1c582420 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Thu, 26 May 2022 21:19:33 +0200 Subject: [PATCH 4/9] fds --- files/routes/reporting.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/files/routes/reporting.py b/files/routes/reporting.py index eb2ae792dc..4b4fe600c3 100644 --- a/files/routes/reporting.py +++ b/files/routes/reporting.py @@ -40,7 +40,10 @@ def api_flag_post(pid, v): ) g.db.add(ma) elif reason.startswith('/h/') and v.admin_level > 1: - post.sub = reason[3:] + sub = reason[3:].strip().lower() + sub = g.db.query(Sub).filter_by(name=sub).one_or_none() + if not sub: abort(404) + post.sub = sub.name g.db.add(post) ma=ModAction( kind="move_hole", From f72015382a60e417d96bf3c55a11f481c72026ab Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Thu, 26 May 2022 22:04:39 +0200 Subject: [PATCH 5/9] crgd is a king --- files/helpers/const.py | 3 +-- files/routes/admin.py | 3 ++- files/routes/settings.py | 5 ++--- files/routes/subs.py | 5 ++--- 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/files/helpers/const.py b/files/helpers/const.py index 824c7c08a5..d729e6c1ba 100644 --- a/files/helpers/const.py +++ b/files/helpers/const.py @@ -964,8 +964,7 @@ image_regex = re.compile("(^|\s)(https:\/\/[\w\-.#&/=\?@%;+]{5,250}(\.png|\.jpg| link_fix_regex = re.compile("(?!.*(http|\/))(.*\[[^\]]+\]\()([^)]+\))", flags=re.A) -css_regex = re.compile('''url\(['"]?(.*?)['"]?\)''', flags=re.I|re.A) -css_regex2 = re.compile('''['"](http.*?)['"]''', flags=re.I|re.A) +css_regex = re.compile('https?:\/\/[\w:~,()\-.#&\/=?@%;+]*', flags=re.I|re.A) procoins_li = (0,2500,5000,10000,25000,50000,125000,250000) diff --git a/files/routes/admin.py b/files/routes/admin.py index 47424e752e..cdb4c65f09 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -966,7 +966,8 @@ def admin_removed_comments(v): def agendaposter(user_id, v): user = g.db.query(User).filter_by(id=user_id).one_or_none() - days = request.values.get("days") or 30 + days = min(request.values.get("days", 30), 30) + expiry = float(days) expiry = int(time.time() + expiry*60*60*24) diff --git a/files/routes/settings.py b/files/routes/settings.py index 7bc8763a72..8486c8856f 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -638,9 +638,8 @@ def settings_profilecss(v): profilecss = request.values.get("profilecss").strip().replace('\\', '').strip()[:4000] - urls = list(css_regex.finditer(profilecss)) + list(css_regex2.finditer(profilecss)) - for i in urls: - url = i.group(1) + for i in css_regex.finditer(profilecss): + url = i.group(0) if not is_safe_url(url): domain = tldextract.extract(url).registered_domain error = f"The domain '{domain}' is not allowed, please use one of these domains\n\n{approved_embed_hosts}." diff --git a/files/routes/subs.py b/files/routes/subs.py index f59d0b26ad..9c9a8c3168 100644 --- a/files/routes/subs.py +++ b/files/routes/subs.py @@ -332,9 +332,8 @@ def post_sub_css(v, sub): css = request.values.get('css', '').strip() - urls = list(css_regex.finditer(css)) + list(css_regex2.finditer(css)) - for i in urls: - url = i.group(1) + for i in css_regex.finditer(css): + url = i.group(0) if not is_safe_url(url): domain = tldextract.extract(url).registered_domain error = f"The domain '{domain}' is not allowed, please use one of these domains\n\n{approved_embed_hosts}." From 0ac85b3192b768233f2e4326d47a069fda3de08a Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Thu, 26 May 2022 22:14:47 +0200 Subject: [PATCH 6/9] fsd --- files/routes/admin.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/files/routes/admin.py b/files/routes/admin.py index cdb4c65f09..c801231c92 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -18,6 +18,7 @@ from files.helpers.discord import add_role from datetime import datetime import requests from urllib.parse import quote, urlencode +import httpagentparser GUMROAD_ID = environ.get("GUMROAD_ID", "tfcvri").strip() GUMROAD_TOKEN = environ.get("GUMROAD_TOKEN", "").strip() @@ -939,6 +940,9 @@ def admin_removed(v): @app.get("/admin/removed/comments") @admin_level_required(2) def admin_removed_comments(v): + + + print(request.headers, flush=true) try: page = int(request.values.get("page", 1)) except: page = 1 From 8ba5f07bb6c1cf24f2f4fc5fcf40cf7e4e187000 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Thu, 26 May 2022 22:17:09 +0200 Subject: [PATCH 7/9] sdf --- files/routes/admin.py | 1 - 1 file changed, 1 deletion(-) diff --git a/files/routes/admin.py b/files/routes/admin.py index c801231c92..00738ec041 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -18,7 +18,6 @@ from files.helpers.discord import add_role from datetime import datetime import requests from urllib.parse import quote, urlencode -import httpagentparser GUMROAD_ID = environ.get("GUMROAD_ID", "tfcvri").strip() GUMROAD_TOKEN = environ.get("GUMROAD_TOKEN", "").strip() From 630996faee236ea13d8259a4091edd6bc7e7f95d Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Thu, 26 May 2022 22:31:08 +0200 Subject: [PATCH 8/9] gfd --- files/helpers/wrappers.py | 6 ++++-- files/routes/admin.py | 11 ++++++----- files/templates/loggedout.html | 19 +++++++++++++++++++ 3 files changed, 29 insertions(+), 7 deletions(-) create mode 100644 files/templates/loggedout.html diff --git a/files/helpers/wrappers.py b/files/helpers/wrappers.py index f3b31015ee..51be31a3ff 100644 --- a/files/helpers/wrappers.py +++ b/files/helpers/wrappers.py @@ -3,6 +3,7 @@ from .alerts import * from files.helpers.const import * from files.__main__ import db_session from random import randint +import user_agents def get_logged_in_user(): @@ -53,11 +54,12 @@ def get_logged_in_user(): if session["session_id"] in loggedout: del loggedout[session["session_id"]] loggedin[v.id] = timestamp else: - loggedout[session["session_id"]] = timestamp + loggedout[session["session_id"]] = (timestamp, str(user_agents.parse(request.headers.get("User-Agent")))) g.loggedin_counter = len([x for x in loggedin.values() if timestamp-x<15*60]) cache.set(f'{SITE}_loggedin', loggedin) - g.loggedout_counter = len([x for x in loggedout.values() if timestamp-x<15*60]) + + g.loggedout_counter = len([x for x in loggedout.values() if timestamp-x[0]<15*60]) cache.set(f'{SITE}_loggedout', loggedout) g.v = v diff --git a/files/routes/admin.py b/files/routes/admin.py index 00738ec041..ab410917c4 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -28,10 +28,14 @@ month = datetime.now().strftime('%B') @admin_level_required(2) def loggedin_list(v): ids = [x for x,val in cache.get(f'{SITE}_loggedin').items() if time.time()-val<15*60] - users = g.db.query(User).filter(User.id.in_(ids)) \ - .order_by(User.admin_level.desc(), User.truecoins.desc()).all() + users = g.db.query(User).filter(User.id.in_(ids)).order_by(User.admin_level.desc(), User.truecoins.desc()).all() return render_template("loggedin.html", v=v, users=users) +@app.get('/admin/loggedout') +@admin_level_required(2) +def loggedout_list(v): + users = [val[1] for x,val in cache.get(f'{SITE}_loggedout').items() if time.time()-val[0]<15*60] + return render_template("loggedout.html", v=v, users=users) @app.get('/admin/merge//') @admin_level_required(3) @@ -939,9 +943,6 @@ def admin_removed(v): @app.get("/admin/removed/comments") @admin_level_required(2) def admin_removed_comments(v): - - - print(request.headers, flush=true) try: page = int(request.values.get("page", 1)) except: page = 1 diff --git a/files/templates/loggedout.html b/files/templates/loggedout.html new file mode 100644 index 0000000000..a210ef0249 --- /dev/null +++ b/files/templates/loggedout.html @@ -0,0 +1,19 @@ +{% extends "settings2.html" %} + +{% block content %} +
+ + + + + + +{% for user in users %} + + + + +{% endfor %} +
#Details
{{loop.index}}{{user}}
+ +{% endblock %} From 4c8e88b758ccc281321fd481820d76a2a0e14b58 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Thu, 26 May 2022 22:32:06 +0200 Subject: [PATCH 9/9] sfd --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index 4df1e66100..6211c1cf6e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -22,6 +22,7 @@ requests SQLAlchemy tinycss2 tldextract +user-agents psycopg2-binary pusher_push_notifications pyenchant