From ceaceffcd6fc2483c9ec653d675c655f15a806fc Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Mon, 4 Apr 2022 23:14:21 +0200 Subject: [PATCH 1/2] sfd --- files/routes/front.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/files/routes/front.py b/files/routes/front.py index c18f61cd9..eec98eec7 100644 --- a/files/routes/front.py +++ b/files/routes/front.py @@ -131,13 +131,13 @@ def notifications(v): for c in comments: if c.parent_submission: if c.replies2 == None: - c.replies2 = c.child_comments.filter(or_(Comment.author_id == v.id, Comment.id.in_(cids))).all() + c.replies2 = c.child_comments.filter(or_(Comment.author_id == v.id, Comment.id.in_(cids))).order_by(Comment.id.desc()).all() for x in c.replies2: if x.replies2 == None: x.replies2 = [] while c.parent_comment and (c.parent_comment.author_id == v.id or c.parent_comment.id in cids): c = c.parent_comment if c.replies2 == None: - c.replies2 = c.child_comments.filter(or_(Comment.author_id == v.id, Comment.id.in_(cids))).all() + c.replies2 = c.child_comments.filter(or_(Comment.author_id == v.id, Comment.id.in_(cids))).order_by(Comment.id.desc()).all() for x in c.replies2: if x.replies2 == None: x.replies2 = [] else: From 4c2f7d56675b887620dad1a975e83f49a5f74299 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Mon, 4 Apr 2022 23:15:25 +0200 Subject: [PATCH 2/2] fsd --- files/routes/posts.py | 3 ++- files/routes/reporting.py | 10 ++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/files/routes/posts.py b/files/routes/posts.py index ba364dfb1..87425c727 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -261,7 +261,8 @@ def post_id(pid, anything=None, v=None, sub=None): @limiter.limit("1/second;30/minute;200/hour;1000/day") @auth_desired def viewmore(v, pid, sort, offset): - pid = int(pid) + try: pid = int(pid) + except: abort(400) post = get_post(pid, v=v) if post.club and not (v and (v.paid_dues or v.id == post.author_id)): abort(403) diff --git a/files/routes/reporting.py b/files/routes/reporting.py index eb332db8e..f5cb46d5d 100644 --- a/files/routes/reporting.py +++ b/files/routes/reporting.py @@ -70,10 +70,12 @@ def api_flag_comment(cid, v): @limiter.limit("1/second;30/minute;200/hour;1000/day") @admin_level_required(2) def remove_report_post(v, pid, uid): - - pid = int(pid) - uid = int(uid) - + + try: + pid = int(pid) + uid = int(uid) + except: abort(400) + report = g.db.query(Flag).filter_by(post_id=pid, user_id=uid).one() g.db.delete(report)