From 02f8729c5fde14e174e75f5dc8af8365580a9585 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Mon, 4 Apr 2022 19:52:14 +0200 Subject: [PATCH] devrama --- files/__main__.py | 5 ++-- files/routes/front.py | 1 + files/routes/posts.py | 2 +- files/templates/post_actions_mobile.html | 2 +- files/templates/submit.html | 2 +- snappy_rDrama.txt | 34 ++++++++++++++++++++++-- supervisord.conf | 2 +- 7 files changed, 39 insertions(+), 9 deletions(-) diff --git a/files/__main__.py b/files/__main__.py index 4f18844d0..0fa7bf302 100644 --- a/files/__main__.py +++ b/files/__main__.py @@ -116,8 +116,7 @@ def after_request(response): response.headers.add("X-Frame-Options", "deny") return response -if "load_chat" in argv or app.config["SERVER_NAME"] == 'localhost': +if "load_chat" in argv: from files.routes.chat import * - -if "load_chat" not in argv: +else: from files.routes import * \ No newline at end of file diff --git a/files/routes/front.py b/files/routes/front.py index cefab4ccf..0a43fb4d9 100644 --- a/files/routes/front.py +++ b/files/routes/front.py @@ -147,6 +147,7 @@ def notifications(v): if c not in listing: listing.append(c) + print(time.time() - t) if request.headers.get("Authorization"): return {"data":[x.json for x in listing]} return render_template("notifications.html", diff --git a/files/routes/posts.py b/files/routes/posts.py index 59ddaca5f..79812b5a6 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -1056,7 +1056,7 @@ def submit_post(v, sub=None): if ban.reason: reason += f" {ban.reason}" return error(reason) - if request.host == 'rdrama.net': club = False + if request.host == 'rdrama.net' and v.admin_level < 2: club = False else: club = bool(request.values.get("club","")) if embed and len(embed) > 1500: embed = None diff --git a/files/templates/post_actions_mobile.html b/files/templates/post_actions_mobile.html index e523261c2..c6044229b 100644 --- a/files/templates/post_actions_mobile.html +++ b/files/templates/post_actions_mobile.html @@ -38,7 +38,7 @@ - {% if request.host != 'rdrama.net' %} + {% if request.host != 'rdrama.net' or v.admin_level > 1 %} {% endif %} diff --git a/files/templates/submit.html b/files/templates/submit.html index b8e31bc3a..1f1352023 100644 --- a/files/templates/submit.html +++ b/files/templates/submit.html @@ -179,7 +179,7 @@ - {% if request.host != 'rdrama.net' %} + {% if request.host != 'rdrama.net' or v.admin_level > 1 %}
diff --git a/snappy_rDrama.txt b/snappy_rDrama.txt index 07e4ec3b8..edeb5f4d7 100644 --- a/snappy_rDrama.txt +++ b/snappy_rDrama.txt @@ -348,7 +348,7 @@ Anyone who refers to moderators as "Janitors" is involved in a propaganda and ha {[para]} Every straight man wants to fuck another mans daughter, but no man actually wants his daughter to get fucked, its more something that men just accept because you have to expect to go through what your wife's father had to endure, if you plan on having children. There are however the rare cases of men who do what I referred to in my mind as "Closing The Loop". Around that time when I was talking to my friends about this, about a week after the school scheduled for us to be given an inspirational speech by some rich white guy, basically all we heard were the same BS normie rhetoric which is just a denial of reality, you know like "Just be yourself and work hard", statements that outright deny reality and the inherent advantages, genetic or otherwise, that differentiate everyone. One thing in particular that he said proved to me how lucky this guy was, he had multiple children and they were all boys, he said that he even kept trying to have a daughter but he only got sons, one of his sons even went on to become a millionaire. Seriously how fucking lucky is that, all I could think while sitting in that class, is that this lucky bastard closed the loop, without even trying. He got to fuck the shit out of the daughters of many men, but he will never be forced to live through the awkward phase of having to let an extension of yourself be sexually dominated by another man, he'll never have to face the awkwardly repulsive thoughts that a lot of fathers probably have to face, like the fact that in these times your daughter is likely going to be taking it in the ass, and will probably have all sought's of sick shit done to her. At the end of the day there are only two ways to close the loop, to only have sons by luck, or don't have any children at all. {[para]} -▼I just downvoted your post. +▼# I just downvoted your post. # FAQ @@ -3687,4 +3687,34 @@ It is not surprising that admins would remove such a symbol and this "controvers {[para]} People suggest the worst snappy quotes {[para]} -You had your chance. Downvoted and reported. This conversation is over. \ No newline at end of file +You had your chance. Downvoted and reported. This conversation is over. +{[para]} +# I just hacked your web application. + +# FAQ + +## What does this mean? + +I have found a severe vulnerability (CVSS score >= 7) in your live web application. + +## Why did you do this? + +There are several reasons I may search for vulnerabilities in a web application. These include, but are not limited to: + +* Personal interest, +* Fulfilling a challenge, +* Monetary incentives. + +## Am I in danger? + +No - not yet. But you should fix the beforementioned vulnerability ASAP. Otherwise I will be forced to issue a security release, which may put your web application in jeopardy. + +## I don't believe my web application has a vulnerability. Can you prove it? + +Sure, mistakes happen. But only in exceedingly rare circumstances will acclaim a false vulnerability. If you would like to issue an appeal, shoot me a private message explaining why I am wrong. I tend to respond to rDrama PMs within several minutes. Do note, however, that over 99.9% of vulnerability appeals are rejected, and yours is likely no exception. + +## How can I prevent this from happening in the future? + +Fix the vulnerability and move on. But learn from this mistake: your mistakes will not be tolerated on rDrama. I will continue to find vulnerabilities until you improve your code. Remember: Safe code is privilege, not a right. + +:#marseyhacker2: \ No newline at end of file diff --git a/supervisord.conf b/supervisord.conf index 64b74eb6a..7e2992d02 100644 --- a/supervisord.conf +++ b/supervisord.conf @@ -5,7 +5,7 @@ logfile=/tmp/supervisord.log [program:service] directory=/service -command=gunicorn files.__main__:app -k geventwebsocket.gunicorn.workers.GeventWebSocketWorker -w 1 --reload -b 0.0.0.0:80 --max-requests 1000 --max-requests-jitter 500 +command=gunicorn files.__main__:app -k gevent -w 1 --reload -b 0.0.0.0:80 --max-requests 1000 --max-requests-jitter 500 stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr