diff --git a/files/classes/submission.py b/files/classes/submission.py
index 8932fa57a1..5d9c62593d 100644
--- a/files/classes/submission.py
+++ b/files/classes/submission.py
@@ -251,6 +251,7 @@ class Submission(Base):
'distinguish_level': self.distinguish_level,
'voted': self.voted if hasattr(self, 'voted') else 0,
'flags': flags,
+ 'club': self.club,
}
if self.ban_reason:
diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py
index 3abf47d7f0..ead7cf741c 100644
--- a/files/helpers/sanitize.py
+++ b/files/helpers/sanitize.py
@@ -169,7 +169,7 @@ def sanitize(sanitized, noimages=False):
old = i.group(0)
if 'marseylong1' in old or 'marseylong2' in old or 'marseyllama1' in old or 'marseyllama2' in old: new = old.lower().replace(">", " class='mb-0'>")
else: new = old.lower()
- for i in re.finditer('(?(https://youtube\.com/watch\?v\=(.*?))', sanitized):
url = i.group(1)
- yt_id = i.group(2).split('&')[0]
+ yt_id = i.group(2).split('&')[0].split('%')[0]
replacing = f'{url}'
- params = parse_qs(urlparse(url).query)
+ params = parse_qs(urlparse(url.replace('&','&')).query)
t = params.get('t', params.get('start', [0]))[0]
if isinstance(t, str): t = t.replace('s','')
@@ -229,21 +228,8 @@ def sanitize(sanitized, noimages=False):
htmlsource += '">'
sanitized = sanitized.replace(replacing, htmlsource)
-
- for i in re.finditer('{url}'
- htmlsource = f''
- sanitized = sanitized.replace(replacing, htmlsource)
-
for i in re.finditer('
(https:.*?\.mp4)
', sanitized):
- sanitized = sanitized.replace(i.group(0), f'
')
-
- for i in re.finditer('{url}'
- htmlsource = f''
- sanitized = sanitized.replace(replacing, htmlsource)
+ sanitized = sanitized.replace(i.group(0), f'
')
for rd in ["https://reddit.com/", "https://new.reddit.com/", "https://www.reddit.com/", "https://redd.it/"]:
sanitized = sanitized.replace(rd, "https://old.reddit.com/")
@@ -254,15 +240,13 @@ def sanitize(sanitized, noimages=False):
return sanitized
-def filter_title(title):
- title = title.strip()
- title = title.replace("\n", "")
- title = title.replace("\r", "")
- title = title.replace("\t", "")
+def filter_emojis_only(title):
+
+ title = title.replace('<','').replace('>','').replace("\n", "").replace("\r", "").replace("\t", "").strip()
title = bleach.clean(title, tags=[])
- for i in re.finditer('(? 1000: abort(403)
author.flairchanged = time.time() + 86400
elif kind == "pause":
@@ -764,7 +764,7 @@ def award_comment(cid, v):
elif kind == "flairlock":
new_name = note[:100].replace("𒐪","")
author.customtitleplain = new_name
- author.customtitle = filter_title(new_name)
+ author.customtitle = filter_emojis_only(new_name)
if len(author.customtitle) > 1000: abort(403)
author.flairchanged = time.time() + 86400
elif kind == "pause":
diff --git a/files/routes/comments.py b/files/routes/comments.py
index f51ec5fc35..fd09998027 100644
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@@ -9,7 +9,7 @@ from files.routes.front import comment_idlist
from pusher_push_notifications import PushNotifications
from flask import *
from files.__main__ import app, limiter
-from files.helpers.sanitize import filter_title
+from files.helpers.sanitize import filter_emojis_only
site = environ.get("DOMAIN").strip()
if site == 'pcmemes.net': cc = "SPLASH MOUNTAIN"
@@ -297,7 +297,7 @@ def api_comment(v):
parent_submission=parent_submission,
parent_comment_id=c.id,
level=level+1,
- body_html=filter_title(option),
+ body_html=filter_emojis_only(option),
upvotes=0
)
@@ -657,7 +657,7 @@ def edit_comment(cid, v):
parent_submission=c.parent_submission,
parent_comment_id=c.id,
level=c.level+1,
- body_html=filter_title(i.group(1)),
+ body_html=filter_emojis_only(i.group(1)),
upvotes=0
)
g.db.add(c_option)
diff --git a/files/routes/posts.py b/files/routes/posts.py
index 929032741c..99ebea6933 100644
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@@ -372,7 +372,7 @@ def edit_post(pid, v):
title = title.replace('I ', f'@{v.username} ')
title = censor_slurs2(title).upper().replace(' ME ', f' @{v.username} ')
- title_html = filter_title(title)
+ title_html = filter_emojis_only(title)
if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', title_html))) > 0: return {"error":"You can only type marseys!"}, 403
p.title = title
p.title_html = title_html
@@ -402,7 +402,7 @@ def edit_post(pid, v):
c = Comment(author_id=AUTOPOLLER_ID,
parent_submission=p.id,
level=1,
- body_html=filter_title(i.group(1)),
+ body_html=filter_emojis_only(i.group(1)),
upvotes=0
)
g.db.add(c)
@@ -681,7 +681,7 @@ def submit_post(v):
title = title.replace('I ', f'@{v.username} ')
title = censor_slurs2(title).upper().replace(' ME ', f' @{v.username} ')
- title_html = filter_title(title)
+ title_html = filter_emojis_only(title)
body = request.values.get("body", "").strip()
if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', title_html))) > 0: return {"error":"You can only type marseys!"}, 40
@@ -698,10 +698,8 @@ def submit_post(v):
for rd in ["https://reddit.com/", "https://new.reddit.com/", "https://www.reddit.com/", "https://redd.it/"]:
url = url.replace(rd, "https://old.reddit.com/")
-
- url = url.replace("old.reddit.com/gallery", "new.reddit.com/gallery")
- url = url.replace("https://mobile.twitter.com", "https://twitter.com").replace("https://m.facebook", "https://facebook").replace("https://m.wikipedia", "https://wikipedia").replace("https://m.youtube", "https://youtube")
+ url = url.replace("old.reddit.com/gallery", "new.reddit.com/gallery").replace("https://youtu.be/", "https://youtube.com/watch?v=").replace("https://music.youtube.com/watch?v=", "https://youtube.com/watch?v=").replace("https://open.spotify.com/", "https://open.spotify.com/embed/").replace("https://streamable.com/", "https://streamable.com/e/").replace("https://youtube.com/shorts/", "https://youtube.com/watch?v=").replace("https://mobile.twitter", "https://twitter").replace("https://m.facebook", "https://facebook").replace("https://m.wikipedia", "https://wikipedia").replace("https://m.youtube", "https://youtube").replace("https://www.youtube", "https://youtube")
if url.startswith("https://streamable.com/") and not url.startswith("https://streamable.com/e/"): url = url.replace("https://streamable.com/", "https://streamable.com/e/")
@@ -735,15 +733,14 @@ def submit_post(v):
elif "twitter.com" == domain:
try: embed = requests.get("https://publish.twitter.com/oembed", timeout=5, params={"url":url, "omit_script":"t"}).json()["html"]
except: embed = None
- elif "youtu" in domain:
- yt_id = re.match(re.compile("^.*(youtu.be\/|v\/|u\/\w\/|embed\/|watch\?v=|shorts\/|\&v=)([^#\&\?]*).*"), url).group(2)
+ elif url.startswith('https://youtube.com/watch?v='):
+ yt_id = url.split('https://youtube.com/watch?v=')[1].split('&')[0].split('%')[0]
params = parse_qs(urlparse(url).query)
t = params.get('t', params.get('start', [0]))[0]
if isinstance(t, str): t = t.replace('s','')
embed = f''
-
elif app.config['SERVER_NAME'] in domain and "/post/" in url and "context" not in url:
id = url.split("/post/")[1]
if "/" in id: id = id.split("/")[0]
@@ -923,7 +920,7 @@ def submit_post(v):
c = Comment(author_id=AUTOPOLLER_ID,
parent_submission=new_post.id,
level=1,
- body_html=filter_title(option),
+ body_html=filter_emojis_only(option),
upvotes=0
)
@@ -1098,7 +1095,7 @@ def submit_post(v):
if "Snapshots:\n\n" not in body: body += "Snapshots:\n\n"
body += f'**[{title}]({href})**:\n\n'
- if href.startswith('https://old.reddit.com'):
+ if href.startswith('https://old.reddit.com/'):
body += f'* [unddit.com](https://unddit.com/{href.replace("https://old.reddit.com/", "")})\n'
body += f'* [archive.org](https://web.archive.org/{href})\n'
body += f'* [archive.ph](https://archive.ph/?url={quote(href)}&run=1) (click to archive)\n\n'
diff --git a/files/routes/reporting.py b/files/routes/reporting.py
index f38a840222..2cc2b3763a 100644
--- a/files/routes/reporting.py
+++ b/files/routes/reporting.py
@@ -3,6 +3,7 @@ from files.helpers.get import *
from flask import g
from files.__main__ import app, limiter
from os import path
+from files.helpers.sanitize import filter_emojis_only
@app.post("/report/post/")
@limiter.limit("1/second")
@@ -13,15 +14,12 @@ def api_flag_post(pid, v):
if not v.shadowbanned:
reason = request.values.get("reason", "").strip()[:100]
- if "<" in reason: return {"error": f"Reasons can't contain <"}
if not reason.startswith('!'):
existing = g.db.query(Flag.id).filter_by(user_id=v.id, post_id=post.id).first()
if existing: return "", 409
- for i in re.finditer(':(.{1,30}?):', reason):
- if path.isfile(f'./files/assets/images/emojis/{i.group(1)}.webp'):
- reason = reason.replace(f':{i.group(1)}:', f'')
+ reason = filter_emojis_only(reason)
if len(reason) > 350: return {"error": f"Too long."}
@@ -45,26 +43,17 @@ def api_flag_comment(cid, v):
comment = get_comment(cid)
if not v.shadowbanned:
- existing = g.db.query(CommentFlag.id).filter_by(
- user_id=v.id, comment_id=comment.id).first()
-
+ existing = g.db.query(CommentFlag.id).filter_by( user_id=v.id, comment_id=comment.id).first()
if existing: return "", 409
- reason = request.values.get("reason", "").strip()[:100]
- if "<" in reason: return {"error": f"Reasons can't contain <"}
- for i in re.finditer(':(.{1,30}?):', reason):
- if path.isfile(f'./files/assets/images/emojis/{i.group(1)}.webp'):
- reason = reason.replace(f':{i.group(1)}:', f'')
+ reason = request.values.get("reason", "").strip()[:100]
+ reason = filter_emojis_only(reason)
if len(reason) > 350: return {"error": f"Too long."}
- flag = CommentFlag(comment_id=comment.id,
- user_id=v.id,
- reason=reason,
- )
+ flag = CommentFlag(comment_id=comment.id, user_id=v.id, reason=reason)
g.db.add(flag)
-
g.db.commit()
return {"message": "Comment reported!"}
diff --git a/files/routes/settings.py b/files/routes/settings.py
index 5dab1f9d63..06c6a9ae92 100644
--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@@ -10,7 +10,7 @@ from files.__main__ import app, cache, limiter
import youtube_dl
from .front import frontlist
import os
-from files.helpers.sanitize import filter_title
+from files.helpers.sanitize import filter_emojis_only
from files.helpers.discord import add_role
from shutil import copyfile
import requests
@@ -1074,7 +1074,7 @@ def settings_title_change(v):
v.customtitleplain = new_name
- v.customtitle = filter_title(new_name)
+ v.customtitle = filter_emojis_only(new_name)
if len(v.customtitle) < 1000:
g.db.add(v)
diff --git a/files/templates/authforms.html b/files/templates/authforms.html
index 558c7092cf..d46907db0b 100644
--- a/files/templates/authforms.html
+++ b/files/templates/authforms.html
@@ -10,16 +10,14 @@
{% block pagetitle %}{{'SITE_NAME' | app_config}}{% endblock %}
-
-
{% if v %}
-
- {% if v.agendaposter %}{% elif v.css %}{% endif %}
+
+ {% if v.agendaposter %}{% elif v.css %}{% endif %}
{% else %}
-
+
{% endif %}
diff --git a/files/templates/email/default.html b/files/templates/email/default.html
index 7b6b9bfbd6..b81768cd03 100644
--- a/files/templates/email/default.html
+++ b/files/templates/email/default.html
@@ -7,9 +7,7 @@
-
- {% if v.agendaposter %}{% elif v.css %}{% endif %}
+
+ {% if v.agendaposter %}{% elif v.css %}{% endif %}
{% else %}
-
+
{% endif %}
}.webp ":{i.group(1)}:"){kind=small}
')
+ reason = filter_emojis_only(reason)
if len(reason) > 350: return {"error": f"Too long."}
@@ -45,26 +43,17 @@ def api_flag_comment(cid, v):
comment = get_comment(cid)
if not v.shadowbanned:
- existing = g.db.query(CommentFlag.id).filter_by(
- user_id=v.id, comment_id=comment.id).first()
-
+ existing = g.db.query(CommentFlag.id).filter_by( user_id=v.id, comment_id=comment.id).first()
if existing: return "", 409
- reason = request.values.get("reason", "").strip()[:100]
- if "<" in reason: return {"error": f"Reasons can't contain <"}
- for i in re.finditer(':(.{1,30}?):', reason):
- if path.isfile(f'./files/assets/images/emojis/{i.group(1)}.webp'):
- reason = reason.replace(f':{i.group(1)}:', f'