diff --git a/files/helpers/const.py b/files/helpers/const.py index 045adcbeb..8954d6632 100644 --- a/files/helpers/const.py +++ b/files/helpers/const.py @@ -155,6 +155,11 @@ EMOJI_SRCS = ['files/assets/emojis.json'] PIN_LIMIT = 3 POST_RATE_LIMIT = '1/second;2/minute;10/hour;50/day' +POST_TITLE_LENGTH_LIMIT = 500 # do not make larger than 500 without altering the table +POST_TITLE_HTML_LENGTH_LIMIT = 1500 # do not make larger than 1500 without altering the table +POST_BODY_LENGTH_LIMIT = 20000 # do not make larger than 20000 without altering the table +POST_BODY_HTML_LENGTH_LIMIT = 40000 # do not make larger than 40000 without altering the table + LOGGEDIN_ACTIVE_TIME = 15 * 60 PFP_DEFAULT_MARSEY = True NOTIFICATION_SPAM_AGE_THRESHOLD = 0.5 * 86400 diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 79a8d531e..89cf58a5a 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -193,13 +193,13 @@ def sanitize_raw_title(sanitized): if not sanitized: return "" sanitized = sanitized.replace('\u200e','').replace('\u200b','').replace("\ufeff", "").replace("\r","").replace("\n", "") sanitized = sanitized.strip() - return sanitized[:500] # should really be a constant + return sanitized[:POST_TITLE_LENGTH_LIMIT] def sanitize_raw_body(sanitized): if not sanitized: return "" sanitized = sanitized.replace('\u200e','').replace('\u200b','').replace("\ufeff", "").replace("\r\n", "\n") sanitized = sanitized.strip() - return sanitized[:20000] # this also should really be a constant + return sanitized[:POST_BODY_LENGTH_LIMIT] @with_sigalrm_timeout(5) @@ -432,10 +432,10 @@ def filter_emojis_only(title, golden=True, count_marseys=False, graceful=False, title = strikethrough_regex.sub(r'\1\2', title) - title = bleach.clean(title, tags=['img','del','span'], attributes=allowed_attributes_emojis, protocols=['http','https']) + title = bleach.clean(title, tags=['img','del','span'], attributes=allowed_attributes_emojis, protocols=['http','https']).replace('\n','').strip() - if len(title) > 1500 and not graceful: abort(400) - else: return title.replace('\n','').strip() + if len(title) > POST_TITLE_HTML_LENGTH_LIMIT and not graceful: abort(400) + else: return title def normalize_url(url): url = reddit_domain_regex.sub(r'\1https://old.reddit.com/\3/', url) diff --git a/files/routes/posts.py b/files/routes/posts.py index df1583043..40910bf07 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -442,7 +442,7 @@ def edit_post(pid, v): g.db.add(v) send_repeatable_notification(CARP_ID, p.permalink) - if len(body_html) > 40000: return {"error":"Submission body_html too long! (max 40k characters)"}, 400 + if len(body_html) > POST_BODY_HTML_LENGTH_LIMIT: return {"error":"Submission body_html too long! (max 40k characters)"}, 400 p.body_html = body_html @@ -679,7 +679,7 @@ def submit_post(v, sub=None): title_html = filter_emojis_only(title, graceful=True, count_marseys=True, torture=torture) if v.marseyawarded and not marseyaward_title_regex.fullmatch(title_html): return error("You can only type marseys!") - if len(title_html) > 1500: + if len(title_html) > POST_TITLE_HTML_LENGTH_LIMIT: return error("Rendered title is too big!") sub = request.values.get("sub", "").lower().replace('/h/','').strip()