From 0e1177843e7388ca6a60cefb56a914395facf123 Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Thu, 23 Jun 2022 00:12:47 +0200
Subject: [PATCH] remove the need for alert flag on sanitize()

---
 files/helpers/alerts.py   |  6 +++---
 files/helpers/const.py    |  8 +++-----
 files/helpers/sanitize.py | 38 +++++++++++++-------------------------
 3 files changed, 19 insertions(+), 33 deletions(-)

diff --git a/files/helpers/alerts.py b/files/helpers/alerts.py
index 24162d639..bc0b3f709 100644
--- a/files/helpers/alerts.py
+++ b/files/helpers/alerts.py
@@ -55,7 +55,7 @@ def notif_comment(text, autojanny=False):
 		author_id = NOTIFICATIONS_ID
 		alert = False
 
-	text_html = sanitize(text, alert=alert)
+	text_html = sanitize(text)
 
 	try: existing = g.db.query(Comment.id).filter_by(author_id=author_id, parent_submission=None, body_html=text_html).one_or_none()
 	except:
@@ -85,7 +85,7 @@ def notif_comment2(p):
 	else:
 		text = f"@{p.author.username} has mentioned you: [{p.title}](/post/{p.id})"
 		if p.sub: text += f" in <a href='/h/{p.sub}'>/h/{p.sub}"
-		text_html = sanitize(text, alert=True)
+		text_html = sanitize(text)
 		return create_comment(text_html)
 
 
@@ -117,7 +117,7 @@ def NOTIFY_USERS(text, v):
 	return notify_users - bots
 
 def notify_mod_action(by_id, msg):
-	body_html = sanitize(NOTIF_MODACTION_PREFIX + msg, alert=True)
+	body_html = sanitize(NOTIF_MODACTION_PREFIX + msg)
 	new_comment = Comment(
 		author_id=NOTIFICATIONS_ID,
 		parent_submission=None,
diff --git a/files/helpers/const.py b/files/helpers/const.py
index 2a5d0ca81..9706fd54c 100644
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
@@ -829,13 +829,11 @@ db.close()
 if SITE_NAME == 'PCM':
 	valid_username_chars = 'a-zA-Z0-9_\-А-я'
 	valid_username_regex = re.compile("^[a-zA-Z0-9_\-А-я]{3,25}$", flags=re.A)
-	mention_regex = re.compile('(^|\s|<p>)@(([a-zA-Z0-9_\-А-я]){3,25})', flags=re.A)
-	mention_regex2 = re.compile('<p>@(([a-zA-Z0-9_\-А-я]){3,25})', flags=re.A)
+	mention_regex = re.compile('(^|\s|<p>)@(([a-zA-Z0-9_\-А-я]){3,25})(?![^<]*<\/(code|pre|a)>)', flags=re.A)
 else:
 	valid_username_chars = 'a-zA-Z0-9_\-'
 	valid_username_regex = re.compile("^[a-zA-Z0-9_\-]{3,25}$", flags=re.A)
-	mention_regex = re.compile('(^|\s|<p>)@(([a-zA-Z0-9_\-]){1,25})', flags=re.A)
-	mention_regex2 = re.compile('<p>@(([a-zA-Z0-9_\-]){1,25})', flags=re.A)
+	mention_regex = re.compile('(^|\s|<p>)@(([a-zA-Z0-9_\-]){1,25})(?![^<]*<\/(code|pre|a)>)', flags=re.A)
 
 valid_password_regex = re.compile("^.{8,100}$", flags=re.A)
 
@@ -865,7 +863,7 @@ fishylinks_regex = re.compile("https?://\S+", flags=re.A)
 
 spoiler_regex = re.compile('''\|\|(.+)\|\|''', flags=re.A)
 reddit_regex = re.compile('(^|\s|<p>)\/?((r|u)\/(\w|-){3,25})(?![^<]*<\/(code|pre|a)>)', flags=re.A)
-sub_regex = re.compile('(^|\s|<p>)\/?(h\/(\w|-){3,25})', flags=re.A)
+sub_regex = re.compile('(^|\s|<p>)\/?(h\/(\w|-){3,25})(?![^<]*<\/(code|pre|a)>)', flags=re.A)
 
 strikethrough_regex = re.compile('''~{1,2}([^~]+)~{1,2}''', flags=re.A)
 
diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py
index 8649e990b..77b258926 100644
--- a/files/helpers/sanitize.py
+++ b/files/helpers/sanitize.py
@@ -162,7 +162,7 @@ def render_emoji(html, regexp, edit, marseys_used, b=False):
 	return html
 
 
-def sanitize(sanitized, alert=False, edit=False):
+def sanitize(sanitized, edit=False):
 
 	signal.signal(signal.SIGALRM, handler)
 	signal.alarm(1)
@@ -186,32 +186,20 @@ def sanitize(sanitized, alert=False, edit=False):
 
 	sanitized = sanitized.replace('‎','').replace('​','').replace("\ufeff", "").replace("𒐪","")
 
-	if alert:
-		matches = { g.group(1):g for g in mention_regex2.finditer(sanitized) if g }
-		users = get_users(matches.keys(),graceful=True)
+	sanitized = reddit_regex.sub(r'\1<a href="https://old.reddit.com/\2" rel="nofollow noopener noreferrer">/\2</a>', sanitized)
+	sanitized = sub_regex.sub(r'\1<a href="/\2">/\2</a>', sanitized)
 
-		captured = []
-		for u in users:
-			if u:
-				i = matches.get(u.username) or matches.get(u.original_username)
-				if i.group(0) not in captured:
-					captured.append(i.group(0))
-					sanitized = sanitized.replace(i.group(0), f'''<p><a href="/id/{u.id}"><img loading="lazy" src="/pp/{u.id}">@{u.username}</a>''')
-	else:
-		sanitized = reddit_regex.sub(r'\1<a href="https://old.reddit.com/\2" rel="nofollow noopener noreferrer">/\2</a>', sanitized)
-		sanitized = sub_regex.sub(r'\1<a href="/\2">/\2</a>', sanitized)
+	matches = [ m for m in mention_regex.finditer(sanitized) if m ]
+	names = set( m.group(2) for m in matches )
+	users = get_users(names,graceful=True)
 
-		matches = [ m for m in mention_regex.finditer(sanitized) if m ]
-		names = set( m.group(2) for m in matches )
-		users = get_users(names,graceful=True)
-
-		v = getattr(g, 'v', None)
-		for u in users:
-			if not u: continue
-			m = [ m for m in matches if u.username.lower() == m.group(2).lower() or u.original_username.lower() == m.group(2).lower() ]
-			for i in m:
-				if not (v and v.any_block_exists(u)) or (v and v.admin_level >= 2):
-					sanitized = sanitized.replace(i.group(0), f'''{i.group(1)}<a href="/id/{u.id}"><img loading="lazy" src="/pp/{u.id}">@{u.username}</a>''', 1)
+	v = getattr(g, 'v', None)
+	for u in users:
+		if not u: continue
+		m = [ m for m in matches if u.username.lower() == m.group(2).lower() or u.original_username.lower() == m.group(2).lower() ]
+		for i in m:
+			if not (v and v.any_block_exists(u)) or (v and v.admin_level >= 2):
+				sanitized = sanitized.replace(i.group(0), f'''{i.group(1)}<a href="/id/{u.id}"><img loading="lazy" src="/pp/{u.id}">@{u.username}</a>''', 1)
 
 
 	sanitized = normalize_url(sanitized)