get: check stripped out names before querying the db and return None if graceful in other places

2022-10-27 19:55:05 -05:00 · 2022-10-27 19:55:05 -05:00 · 16ba59d8b3
parent 5ff6fea4dc
commit 16ba59d8b3
1 changed files with 23 additions and 10 deletions
--- a/files/helpers/get.py
+++ b/files/helpers/get.py
@ -4,6 +4,9 @@ from flask import g

 def get_id(username:str, graceful=False) -> Optional[int]:
 	username = username.replace('\\', '').replace('_', '\_').replace('%', '').strip()
+	if not username:
+		if graceful: return None
+		abort(404)
 	user = g.db.query(
 		User.id
 		).filter(
@ -14,17 +17,20 @@ def get_id(username:str, graceful=False) -> Optional[int]:
 		).one_or_none()

 	if not user:
-		if not graceful: abort(404)
-		else: return None
+		if graceful: return None
+		abort(404)

 	return user[0]

 def get_user(username:str, v:Optional[User]=None, graceful=False, rendered=False, include_blocks=False, include_shadowbanned=True) -> Optional[User]:
 	if not username:
-		if not graceful: abort(404)
-		else: return None
+		if graceful: return None
+		abort(404)

 	username = username.replace('\\', '').replace('_', '\_').replace('%', '').replace('(', '').replace(')', '').strip()
+	if not username:
+		if graceful: return None
+		abort(404)
 	user = g.db.query(
 		User
 		).filter(
@ -37,8 +43,8 @@ def get_user(username:str, v:Optional[User]=None, graceful=False, rendered=False
 	user = user.one_or_none()

 	if not user or (user.shadowbanned and not (include_shadowbanned or (v and v.can_see_shadowbanned))):
-		if not graceful: abort(404)
-		else: return None
+		if graceful: return None
+		abort(404)

 	if rendered and v and include_blocks:
 		if v.id == user.id:
@ -68,6 +74,9 @@ def get_users(usernames:List[str], graceful=False) -> List[User]:
 		return n.replace('\\', '').replace('_', '\_').replace('%', '').strip()

 	usernames = [clean(n) for n in usernames]
+	if not any(usernames):
+		if graceful and len(usernames) == 0: return []
+		abort(404)
 	users = g.db.query(User).filter(
 		or_(
 			User.username.ilike(any_(usernames)),
@ -84,8 +93,8 @@ def get_account(id:Union[str, int], v=None, graceful=False, include_blocks=False
 	try: 
 		id = int(id)
 	except:
-		if not graceful: abort(404)
-		else: return None
+		if graceful: return None
+		abort(404)

 	user = g.db.get(User, id)

@ -114,7 +123,9 @@ def get_account(id:Union[str, int], v=None, graceful=False, include_blocks=False

 def get_post(i:Union[str, int], v=None, graceful=False) -> Optional[Submission]:
 	try: i = int(i)
-	except: abort(404)
+	except:
+		if graceful: return None
+		else: abort(404)

 	if not i:
 		if graceful: return None
@ -204,7 +215,9 @@ def get_posts(pids:List[int], v:Optional[User]=None) -> List[Submission]:

 def get_comment(i:Union[str, int], v=None, graceful=False) -> Optional[Comment]:
 	try: i = int(i)
-	except: abort(404)
+	except:
+		if graceful: return None
+		abort(404)

 	if not i:
 		if graceful: return None