forked from rDrama/rDrama
Merge branch 'frost' of https://github.com/Aevann1/rDrama into frost
commit
4355768995
|
@ -751,9 +751,8 @@ def alt_votes_get(v):
|
|||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@admin_level_required(PERMS['USER_LINK'])
|
||||
def admin_link_accounts(v):
|
||||
|
||||
u1 = int(request.values.get("u1"))
|
||||
u2 = int(request.values.get("u2"))
|
||||
u1 = get_account(request.values.get("u1")).id
|
||||
u2 = get_account(request.values.get("u2")).id
|
||||
|
||||
new_alt = Alt(
|
||||
user1=u1,
|
||||
|
|
|
@ -266,7 +266,10 @@ if SITE not in ('pcmemes.net', 'watchpeopledie.co'):
|
|||
if not hat_regex.fullmatch(new_name): abort(400, "Invalid name!")
|
||||
if not description_regex.fullmatch(description): abort(400, "Invalid description!")
|
||||
|
||||
try:
|
||||
hat.price = int(request.values.get('price'))
|
||||
except:
|
||||
abort(400, "Invalid hat price")
|
||||
hat.name = new_name
|
||||
hat.description = description
|
||||
g.db.add(hat)
|
||||
|
|
|
@ -12,7 +12,11 @@ from files.__main__ import app
|
|||
def giphy(v=None, path=None):
|
||||
|
||||
searchTerm = request.values.get("searchTerm", "").strip()
|
||||
limit = 48
|
||||
try:
|
||||
limit = int(request.values.get("limit", 48))
|
||||
except:
|
||||
pass
|
||||
if searchTerm and limit:
|
||||
url = f"https://api.giphy.com/v1/gifs/search?q={searchTerm}&api_key={GIPHY_KEY}&limit={limit}"
|
||||
elif searchTerm and not limit:
|
||||
|
|
|
@ -302,7 +302,11 @@ def sign_up_post(v):
|
|||
|
||||
session.pop("signup_token")
|
||||
|
||||
ref_id = 0
|
||||
try:
|
||||
ref_id = int(request.values.get("referred_by", 0))
|
||||
except:
|
||||
pass
|
||||
|
||||
users_count = g.db.query(User).count()
|
||||
if users_count == 4:
|
||||
|
@ -409,10 +413,12 @@ def post_forgot():
|
|||
|
||||
@app.get("/reset")
|
||||
def get_reset():
|
||||
|
||||
user_id = request.values.get("id")
|
||||
|
||||
timestamp = 0
|
||||
try:
|
||||
timestamp = int(request.values.get("time",0))
|
||||
except:
|
||||
pass
|
||||
token = request.values.get("token")
|
||||
|
||||
now = int(time.time())
|
||||
|
@ -448,8 +454,11 @@ def post_reset(v):
|
|||
if v: return redirect('/')
|
||||
|
||||
user_id = request.values.get("user_id")
|
||||
|
||||
timestamp = 0
|
||||
try:
|
||||
timestamp = int(request.values.get("time"))
|
||||
except:
|
||||
abort(400)
|
||||
token = request.values.get("token")
|
||||
|
||||
password = request.values.get("password")
|
||||
|
@ -534,11 +543,13 @@ def request_2fa_disable():
|
|||
|
||||
@app.get("/reset_2fa")
|
||||
def reset_2fa():
|
||||
|
||||
now=int(time.time())
|
||||
t = request.values.get("t")
|
||||
if not t: abort(400)
|
||||
try:
|
||||
t = int(t)
|
||||
except:
|
||||
abort(400)
|
||||
|
||||
if now > t+3600*24:
|
||||
return render_template("message.html",
|
||||
|
|
|
@ -97,8 +97,10 @@ def request_api_keys(v):
|
|||
@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
||||
@auth_required
|
||||
def delete_oauth_app(v, aid):
|
||||
|
||||
try:
|
||||
aid = int(aid)
|
||||
except:
|
||||
abort(404)
|
||||
app = g.db.get(OauthApp, aid)
|
||||
if not app: abort(404)
|
||||
|
||||
|
@ -118,8 +120,10 @@ def delete_oauth_app(v, aid):
|
|||
@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
||||
@is_not_permabanned
|
||||
def edit_oauth_app(v, aid):
|
||||
|
||||
try:
|
||||
aid = int(aid)
|
||||
except:
|
||||
abort(404)
|
||||
app = g.db.get(OauthApp, aid)
|
||||
if not app: abort(404)
|
||||
|
||||
|
|
|
@ -9,13 +9,12 @@ from files.__main__ import app
|
|||
@app.post("/vote/post/option/<option_id>")
|
||||
@is_not_permabanned
|
||||
def vote_option(option_id, v):
|
||||
|
||||
try:
|
||||
option_id = int(option_id)
|
||||
|
||||
except:
|
||||
abort(404)
|
||||
option = g.db.get(SubmissionOption, option_id)
|
||||
|
||||
if not option: abort(404)
|
||||
|
||||
sub = option.post.sub
|
||||
|
||||
if sub in ('furry','vampire','racist','femboy') and not v.house.lower().startswith(sub):
|
||||
|
@ -54,15 +53,13 @@ def vote_option(option_id, v):
|
|||
@app.get("/votes/post/option/<option_id>")
|
||||
@auth_required
|
||||
def option_votes(option_id, v):
|
||||
|
||||
try:
|
||||
option_id = int(option_id)
|
||||
|
||||
except:
|
||||
abort(404)
|
||||
option = g.db.get(SubmissionOption, option_id)
|
||||
|
||||
if not option: abort(404)
|
||||
|
||||
if option.post.ghost: abort(403)
|
||||
|
||||
ups = g.db.query(SubmissionOptionVote).filter_by(option_id=option_id).order_by(SubmissionOptionVote.created_utc).all()
|
||||
|
||||
return render_template("poll_votes.html",
|
||||
|
@ -75,15 +72,13 @@ def option_votes(option_id, v):
|
|||
@app.post("/vote/comment/option/<option_id>")
|
||||
@is_not_permabanned
|
||||
def vote_option_comment(option_id, v):
|
||||
|
||||
try:
|
||||
option_id = int(option_id)
|
||||
|
||||
except:
|
||||
abort(404)
|
||||
option = g.db.get(CommentOption, option_id)
|
||||
|
||||
if not option: abort(404)
|
||||
|
||||
sub = option.comment.post.sub
|
||||
|
||||
if sub in ('furry','vampire','racist','femboy') and not v.house.lower().startswith(sub):
|
||||
abort(403, f"You need to be a member of House {sub.capitalize()} to vote on polls in /h/{sub}")
|
||||
|
||||
|
@ -111,9 +106,10 @@ def vote_option_comment(option_id, v):
|
|||
@app.get("/votes/comment/option/<option_id>")
|
||||
@auth_required
|
||||
def option_votes_comment(option_id, v):
|
||||
|
||||
try:
|
||||
option_id = int(option_id)
|
||||
|
||||
except:
|
||||
abort(404)
|
||||
option = g.db.get(CommentOption, option_id)
|
||||
|
||||
if not option: abort(404)
|
||||
|
|
|
@ -272,8 +272,9 @@ def post_id(pid, anything=None, v=None, sub=None):
|
|||
def viewmore(v, pid, sort, offset):
|
||||
post = get_post(pid, v=v)
|
||||
if post.club and not (v and (v.paid_dues or v.id == post.author_id)): abort(403)
|
||||
|
||||
try:
|
||||
offset = int(offset)
|
||||
except: abort(400)
|
||||
try: ids = set(int(x) for x in request.values.get("ids").split(','))
|
||||
except: abort(400)
|
||||
|
||||
|
|
|
@ -143,12 +143,10 @@ def flag_comment(cid, v):
|
|||
@limiter.limit("4/second;100/minute;300/hour;2000/day")
|
||||
@admin_level_required(PERMS['FLAGS_REMOVE'])
|
||||
def remove_report_post(v, pid, uid):
|
||||
|
||||
try:
|
||||
pid = int(pid)
|
||||
uid = int(uid)
|
||||
except: abort(400)
|
||||
|
||||
report = g.db.query(Flag).filter_by(post_id=pid, user_id=uid).one_or_none()
|
||||
|
||||
if report:
|
||||
|
@ -170,10 +168,10 @@ def remove_report_post(v, pid, uid):
|
|||
@limiter.limit("4/second;100/minute;300/hour;2000/day")
|
||||
@admin_level_required(PERMS['FLAGS_REMOVE'])
|
||||
def remove_report_comment(v, cid, uid):
|
||||
|
||||
try:
|
||||
cid = int(cid)
|
||||
uid = int(uid)
|
||||
|
||||
except: abort(400)
|
||||
report = g.db.query(CommentFlag).filter_by(comment_id=cid, user_id=uid).one_or_none()
|
||||
|
||||
if report:
|
||||
|
|
|
@ -169,7 +169,6 @@ def log(v):
|
|||
@app.get("/log/<id>")
|
||||
@auth_required
|
||||
def log_item(id, v):
|
||||
|
||||
try: id = int(id)
|
||||
except: abort(404)
|
||||
|
||||
|
|
|
@ -1203,7 +1203,11 @@ def kofi():
|
|||
id = data['kofi_transaction_id']
|
||||
created_utc = int(time.mktime(time.strptime(data['timestamp'].split('.')[0], "%Y-%m-%dT%H:%M:%SZ")))
|
||||
type = data['type']
|
||||
amount = 0
|
||||
try:
|
||||
amount = int(float(data['amount']))
|
||||
except:
|
||||
abort(400, 'invalid amount')
|
||||
email = data['email']
|
||||
|
||||
transaction = Transaction(
|
||||
|
|
Loading…
Reference in New Issue