devrama

2022-04-04 19:52:14 +02:00 · 2022-04-04 19:52:14 +02:00 · 02f8729c5f
parent 0b326f7bd5
commit 02f8729c5f
7 changed files with 39 additions and 9 deletions
--- a/files/main.py
+++ b/files/main.py
@ -116,8 +116,7 @@ def after_request(response):
 	response.headers.add("X-Frame-Options", "deny")
 	return response

-if "load_chat" in argv or app.config["SERVER_NAME"] == 'localhost':
+if "load_chat" in argv:
 	from files.routes.chat import *
-
-if "load_chat" not in argv:
+else:
 	from files.routes import *
--- a/files/routes/front.py
+++ b/files/routes/front.py
@ -147,6 +147,7 @@ def notifications(v):

 			if c not in listing: listing.append(c)

+	print(time.time() - t)
 	if request.headers.get("Authorization"): return {"data":[x.json for x in listing]}

 	return render_template("notifications.html",
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@ -1056,7 +1056,7 @@ def submit_post(v, sub=None):
 		if ban.reason: reason += f" {ban.reason}"
 		return error(reason)

-	if request.host == 'rdrama.net': club = False
+	if request.host == 'rdrama.net' and v.admin_level < 2: club = False
 	else: club = bool(request.values.get("club",""))
 	
 	if embed and len(embed) > 1500: embed = None
--- a/files/templates/post_actions_mobile.html
+++ b/files/templates/post_actions_mobile.html
@ -38,7 +38,7 @@
 	<button id="delete-{{p.id}}" class="{% if p.deleted_utc %}d-none{% endif %}  nobackground btn btn-link btn-block btn-lg text-left text-danger" data-bs-toggle="modal" data-bs-dismiss="modal" data-bs-target="#deletePostModal" onclick="delete_postModal('{{p.id}}')"><i class="far fa-trash-alt mr-3"></i>Delete</button>


-	{% if request.host != 'rdrama.net' %}
+	{% if request.host != 'rdrama.net' or v.admin_level > 1 %}
 		<button id="club3-{{p.id}}" class="{% if p.club %}d-none{% endif %} nobackground btn btn-link btn-block btn-lg text-danger text-left" role="button" onclick="post_toast2(this,'/toggle_club/{{p.id}}','club3-{{p.id}}','unclub3-{{p.id}}')" data-bs-dismiss="modal"><i class="fas fa-eye-slash mr-3"></i>Mark club</button>
 		<button id="unclub3-{{p.id}}" class="{% if not p.club %}d-none{% endif %} nobackground btn btn-link btn-block btn-lg text-success text-left" role="button" onclick="post_toast2(this,'/toggle_club/{{p.id}}','club3-{{p.id}}','unclub3-{{p.id}}')" data-bs-dismiss="modal"><i class="fas fa-eye mr-3"></i>Unmark club</button>
 	{% endif %}
--- a/files/templates/submit.html
+++ b/files/templates/submit.html
@ -179,7 +179,7 @@
 														<label class="custom-control-label" for="private">Draft</label>
 												</div>

-												{% if request.host != 'rdrama.net' %}
+												{% if request.host != 'rdrama.net' or v.admin_level > 1 %}
 													<div class="custom-control custom-checkbox">
 														<input autocomplete="off" type="checkbox" class="custom-control-input" id="club" name="club">
 														<label class="custom-control-label" for="club">{{CC_TITLE}} thread</label>
--- a/snappy_rDrama.txt
+++ b/snappy_rDrama.txt
@ -348,7 +348,7 @@ Anyone who refers to moderators as "Janitors" is involved in a propaganda and ha
 {[para]}
 Every straight man wants to fuck another mans daughter, but no man actually wants his daughter to get fucked, its more something that men just accept because you have to expect to go through what your wife's father had to endure, if you plan on having children. There are however the rare cases of men who do what I referred to in my mind as "Closing The Loop". Around that time when I was talking to my friends about this, about a week after the school scheduled for us to be given an inspirational speech by some rich white guy, basically all we heard were the same BS normie rhetoric which is just a denial of reality, you know like "Just be yourself and work hard", statements that outright deny reality and the inherent advantages, genetic or otherwise, that differentiate everyone. One thing in particular that he said proved to me how lucky this guy was, he had multiple children and they were all boys, he said that he even kept trying to have a daughter but he only got sons, one of his sons even went on to become a millionaire. Seriously how fucking lucky is that, all I could think while sitting in that class, is that this lucky bastard closed the loop, without even trying. He got to fuck the shit out of the daughters of many men, but he will never be forced to live through the awkward phase of having to let an extension of yourself be sexually dominated by another man, he'll never have to face the awkwardly repulsive thoughts that a lot of fathers probably have to face, like the fact that in these times your daughter is likely going to be taking it in the ass, and will probably have all sought's of sick shit done to her. At the end of the day there are only two ways to close the loop, to only have sons by luck, or don't have any children at all.
 {[para]}
-▼I just downvoted your post.
+▼# I just downvoted your post.
 
 # FAQ
 
@ -3688,3 +3688,33 @@ It is not surprising that admins would remove such a symbol and this "controvers
 People suggest the worst snappy quotes
 {[para]}
 You had your chance. Downvoted and reported. This conversation is over.
+{[para]}
+# I just hacked your web application.
+
+# FAQ
+
+## What does this mean?
+
+I have found a severe vulnerability (CVSS score >= 7) in your live web application.
+
+## Why did you do this?
+
+There are several reasons I may search for vulnerabilities in a web application. These include, but are not limited to:
+
+* Personal interest,
+* Fulfilling a challenge,
+* Monetary incentives.
+
+## Am I in danger?
+
+No - not yet. But you should fix the beforementioned vulnerability ASAP. Otherwise I will be forced to issue a security release, which may put your web application in jeopardy.
+
+## I don't believe my web application has a vulnerability. Can you prove it?
+
+Sure, mistakes happen. But only in exceedingly rare circumstances will acclaim a false vulnerability. If you would like to issue an appeal, shoot me a private message explaining why I am wrong. I tend to respond to rDrama PMs within several minutes. Do note, however, that over 99.9% of vulnerability appeals are rejected, and yours is likely no exception.
+
+## How can I prevent this from happening in the future?
+
+Fix the vulnerability and move on. But learn from this mistake: your mistakes will not be tolerated on rDrama. I will continue to find vulnerabilities until you improve your code. Remember: Safe code is privilege, not a right.
+
+:#marseyhacker2:
--- a/supervisord.conf
+++ b/supervisord.conf
@ -5,7 +5,7 @@ logfile=/tmp/supervisord.log

 [program:service]
 directory=/service
-command=gunicorn files.__main__:app -k geventwebsocket.gunicorn.workers.GeventWebSocketWorker -w 1 --reload -b 0.0.0.0:80 --max-requests 1000 --max-requests-jitter 500
+command=gunicorn files.__main__:app -k gevent -w 1 --reload -b 0.0.0.0:80 --max-requests 1000 --max-requests-jitter 500
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr