From fad12c858f9325a26e2290d6b1aa35ed96bacefd Mon Sep 17 00:00:00 2001
From: Aevann1 <Aevann1@protonmail.com>
Date: Sat, 31 Jul 2021 08:24:27 +0200
Subject: [PATCH] dffdfd

---
 drama/routes/comments.py | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/drama/routes/comments.py b/drama/routes/comments.py
index 846122ffbc..5c87ef3607 100644
--- a/drama/routes/comments.py
+++ b/drama/routes/comments.py
@@ -189,7 +189,7 @@ def api_comment(v):
 	body = request.form.get("body", "")[0:10000]
 	body = body.strip()
 
-	if not body and not request.files.get('file'): return {"error":"You need to actually write something!"}, 400
+	if not body and not request.files.get('file'): return jsonify({"error":"You need to actually write something!"}), 400
 	
 	for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|PNG|JPG|JPEG|GIF))', body, re.MULTILINE): body = body.replace(i.group(1), f'![]({i.group(1)})')
 	body = body.replace("\n", "\n\n").replace("\n\n\n\n\n\n", "\n\n").replace("\n\n\n\n", "\n\n")
@@ -210,7 +210,7 @@ def api_comment(v):
 			v.ban(days=30, reason="Digitally malicious content")
 		if any([x.reason==7 for x in bans]):
 			v.ban( reason="Sexualizing minors")
-		return {"error": reason}, 401
+		return jsonify({"error": reason}), 401
 
 	# check existing
 	existing = g.db.query(Comment).join(CommentAux).filter(Comment.author_id == v.id,
@@ -220,10 +220,11 @@ def api_comment(v):
 															 CommentAux.body == body
 															 ).options(contains_eager(Comment.comment_aux)).first()
 	if existing:
-		return {"error": f"You already made that comment: {existing.permalink}"}, 409
+		return jsonify({"error": f"You already made that comment: {existing.permalink}"}), 409
 
 	if parent.author.any_block_exists(v) and not v.admin_level>=3:
-		return {"error": "You can't reply to users who have blocked you, or users you have blocked."}, 403
+		return jsonify(
+			{"error": "You can't reply to users who have blocked you, or users you have blocked."}), 403
 
 	# get bot status
 	is_bot = request.headers.get("X-User-Type","")=="Bot"
@@ -274,7 +275,7 @@ def api_comment(v):
 				g.db.add(ma)
 
 			g.db.commit()
-			return {"error": "Too much spam!"}, 403
+			return jsonify({"error": "Too much spam!"}), 403
 
 	# check badlinks
 	soup = BeautifulSoup(body_html, features="html.parser")
@@ -295,7 +296,7 @@ def api_comment(v):
 				BadLink.link)).first()
 
 		if badlink:
-			return {"error": f"Remove the following link and try again: `{check_url}`. Reason: {badlink.reason_text}"}, 403
+			return jsonify({"error": f"Remove the following link and try again: `{check_url}`. Reason: {badlink.reason_text}"}), 403
 	# create comment
 	parent_id = parent_fullname.split("_")[1]
 	c = Comment(author_id=v.id,
@@ -312,8 +313,9 @@ def api_comment(v):
 	if request.files.get("file"):
 		file=request.files["file"]
 		if not file.content_type.startswith('image/'):
-			return {"error": "That wasn't an image!"}, 400
+			return jsonify({"error": "That wasn't an image!"}), 400
 		
+		name = f'comment/{c.id}/{secrets.token_urlsafe(8)}'
 		url = upload_file(file)
 		
 		body = request.form.get("body") + f"\n![]({url})"
@@ -546,9 +548,12 @@ def api_comment(v):
 
 	v.comment_count = v.comments.filter(Comment.parent_submission != None).filter_by(is_banned=False, deleted_utc=0).count()
 	g.db.add(v)
-
 	if request.headers.get("Authorization"): return c.json
-	else: return render_template("comments.html", v=v, comments=[c], render_replies=False)
+	else: render_template("comments.html",
+							v=v,
+							comments=[c],
+							render_replies=False,
+							)