From 174adfd1795ec00b3c5e54986811049c6fb949ae Mon Sep 17 00:00:00 2001
From: Aevann <randomname42029@gmail.com>
Date: Fri, 1 Sep 2023 11:15:33 +0300
Subject: [PATCH] fix delete button in modal sending multiple requests which
 triggers ratelimit when mass-deleting way too early

---
 files/assets/js/comments_v.js            | 48 +++++++++++++-----------
 files/assets/js/delete_post_modal.js     | 48 +++++++++++++-----------
 files/routes/posts.py                    |  2 +-
 files/templates/comments.html            |  4 +-
 files/templates/post_actions.html        |  2 +-
 files/templates/post_actions_mobile.html |  2 +-
 6 files changed, 57 insertions(+), 49 deletions(-)

diff --git a/files/assets/js/comments_v.js b/files/assets/js/comments_v.js
index 9b45bf036..09e59fb15 100644
--- a/files/assets/js/comments_v.js
+++ b/files/assets/js/comments_v.js
@@ -98,30 +98,34 @@ function toggleEdit(id){
 };
 
 
-function delete_commentModal(t, id) {
-	document.getElementById("deleteCommentButton").addEventListener('click', function() {
-		postToast(t, `/delete/comment/${id}`,
-			{
-			},
-			() => {
-				if (location.pathname == '/admin/reported/comments')
-				{
-					document.getElementById("post-info-"+id).remove()
-					document.getElementById("comment-"+id).remove()
-				}
-				else
-				{
-					document.getElementsByClassName(`comment-${id}-only`)[0].classList.add('deleted');
-					document.getElementById(`delete-${id}`).classList.add('d-none');
-					document.getElementById(`undelete-${id}`).classList.remove('d-none');
-					document.getElementById(`delete2-${id}`).classList.add('d-none');
-					document.getElementById(`undelete2-${id}`).classList.remove('d-none');
-				}
-			}
-		);
-	});
+const deleteCommentButton = document.getElementById("deleteCommentButton");
+
+function delete_commentModal(id) {
+	deleteCommentButton.dataset.id = id
 }
 
+deleteCommentButton.onclick = () => {
+	const id = deleteCommentButton.dataset.id
+	postToast(deleteCommentButton, `/delete/comment/${id}`,
+		{},
+		() => {
+			if (location.pathname == '/admin/reported/comments')
+			{
+				document.getElementById("post-info-"+id).remove()
+				document.getElementById("comment-"+id).remove()
+			}
+			else
+			{
+				document.getElementsByClassName(`comment-${id}-only`)[0].classList.add('deleted');
+				document.getElementById(`delete-${id}`).classList.add('d-none');
+				document.getElementById(`undelete-${id}`).classList.remove('d-none');
+				document.getElementById(`delete2-${id}`).classList.add('d-none');
+				document.getElementById(`undelete2-${id}`).classList.remove('d-none');
+			}
+		}
+	);
+};
+
 function post_reply(id) {
 	close_inline_speed_emoji_modal();
 
diff --git a/files/assets/js/delete_post_modal.js b/files/assets/js/delete_post_modal.js
index 94977b4ba..5da6b6add 100644
--- a/files/assets/js/delete_post_modal.js
+++ b/files/assets/js/delete_post_modal.js
@@ -1,23 +1,27 @@
-function delete_postModal(t, id) {
-	document.getElementById("deletePostButton").addEventListener('click', function() {
-		postToast(t, `/delete_post/${id}`,
-			{
-			},
-			() => {
-				if (location.pathname == '/admin/reported/posts')
-				{
-					document.getElementById("reports-"+id).remove()
-					document.getElementById("post-"+id).remove()
-				}
-				else
-				{
-					document.getElementById(`post-${id}`).classList.add('deleted');
-					document.getElementById(`delete-${id}`).classList.add('d-none');
-					document.getElementById(`undelete-${id}`).classList.remove('d-none');
-					document.getElementById(`delete2-${id}`).classList.add('d-none');
-					document.getElementById(`undelete2-${id}`).classList.remove('d-none');
-				}
-			}
-		);
-	});
+const deletePostButton = document.getElementById("deletePostButton");
+
+function delete_postModal(id) {
+	deletePostButton.dataset.id = id
 }
+
+deletePostButton.onclick = () => {
+	const id = deletePostButton.dataset.id
+	postToast(deletePostButton, `/delete/post/${id}`,
+		{},
+		() => {
+			if (location.pathname == '/admin/reported/posts')
+			{
+				document.getElementById("reports-"+id).remove()
+				document.getElementById("post-"+id).remove()
+			}
+			else
+			{
+				document.getElementById(`post-${id}`).classList.add('deleted');
+				document.getElementById(`delete-${id}`).classList.add('d-none');
+				document.getElementById(`undelete-${id}`).classList.remove('d-none');
+				document.getElementById(`delete2-${id}`).classList.add('d-none');
+				document.getElementById(`undelete2-${id}`).classList.remove('d-none');
+			}
+		}
+	);
+};
diff --git a/files/routes/posts.py b/files/routes/posts.py
index d26dc4d81..36a93a60e 100644
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@@ -683,7 +683,7 @@ def submit_post(v, sub=None):
 		p.voted = 1
 		return {"post_id": p.id, "success": True}
 
-@app.post("/delete_post/<int:pid>")
+@app.post("/delete/post/<int:pid>")
 @limiter.limit('1/second', scope=rpath)
 @limiter.limit('1/second', scope=rpath, key_func=get_ID)
 @limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
diff --git a/files/templates/comments.html b/files/templates/comments.html
index ce1306888..9e699fd37 100644
--- a/files/templates/comments.html
+++ b/files/templates/comments.html
@@ -408,7 +408,7 @@
 							{% if c.author_id == v.id %}
 								<button type="button" id="undelete-{{c.id}}" class="btn caction py-0 nobackground px-1 text-muted {% if not c.deleted_utc %}d-none{% endif %}" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/undelete/comment/{{c.id}}','delete-{{c.id}}','undelete-{{c.id}}','d-none')" data-toggleelement=".comment-{{c.id}}-only" data-toggleattr="deleted"><i class="fas fa-trash-alt fa-fw"></i>Undelete</button>
 
-								<button type="button" id="delete-{{c.id}}" class="btn caction py-0 nobackground px-1 text-muted {% if c.deleted_utc %}d-none{% endif %}" data-bs-toggle="modal" data-bs-target="#deleteCommentModal" data-nonce="{{g.nonce}}" data-onclick="delete_commentModal(this, '{{c.id}}')"><i class="fas fa-trash-alt fa-fw"></i>Delete</button>
+								<button type="button" id="delete-{{c.id}}" class="btn caction py-0 nobackground px-1 text-muted {% if c.deleted_utc %}d-none{% endif %}" data-bs-toggle="modal" data-bs-target="#deleteCommentModal" data-nonce="{{g.nonce}}" data-onclick="delete_commentModal('{{c.id}}')"><i class="fas fa-trash-alt fa-fw"></i>Delete</button>
 							{% endif %}
 						{% endif %}
 
@@ -600,7 +600,7 @@
 
 							<button type="button" id="undelete2-{{c.id}}" class="{% if not c.deleted_utc %}d-none{% endif %} list-group-item text-success" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/undelete/comment/{{c.id}}', 'delete2-{{c.id}}', 'undelete2-{{c.id}}','d-none')" data-toggleelement=".comment-{{c.id}}-only" data-toggleattr="deleted" data-bs-dismiss="modal"><i class="fas fa-trash-alt text-success mr-2"></i>Undelete</button>
 
-							<button type="button" id="delete2-{{c.id}}" class="{% if c.deleted_utc %}d-none{% endif %} list-group-item text-danger" data-bs-toggle="modal" data-bs-dismiss="modal" data-bs-target="#deleteCommentModal" data-nonce="{{g.nonce}}" data-onclick="delete_commentModal(this, '{{c.id}}')"><i class="fas fa-trash-alt text-danger mr-2"></i>Delete</button>
+							<button type="button" id="delete2-{{c.id}}" class="{% if c.deleted_utc %}d-none{% endif %} list-group-item text-danger" data-bs-toggle="modal" data-bs-dismiss="modal" data-bs-target="#deleteCommentModal" data-nonce="{{g.nonce}}" data-onclick="delete_commentModal('{{c.id}}')"><i class="fas fa-trash-alt text-danger mr-2"></i>Delete</button>
 						{% else %}
 							{% if c.body %}
 								<button type="button" data-bs-dismiss="modal" data-nonce="{{g.nonce}}" data-onclick="expandMarkdown('{{c.fullname}}')" class="list-group-item"><i class="fas text-expand-icon-{{c.fullname}} fa-expand-alt mr-2"></i><span class="expand-text-{{c.fullname}}">View source</span></button>
diff --git a/files/templates/post_actions.html b/files/templates/post_actions.html
index 0dafd30f0..945e721ec 100644
--- a/files/templates/post_actions.html
+++ b/files/templates/post_actions.html
@@ -31,7 +31,7 @@
 
 		<button type="button" id="undelete2-{{p.id}}" class="{% if not p.deleted_utc %}d-none{% endif %} list-inline-item" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/undelete_post/{{p.id}}', 'delete2-{{p.id}}', 'undelete2-{{p.id}}','d-none')" data-toggleelement="#post-{{p.id}}" data-toggleattr="deleted"><i class="fas fa-trash-alt"></i>Undelete</button>
 
-		<button type="button" id="delete2-{{p.id}}" class="{% if p.deleted_utc %}d-none{% endif %} list-inline-item" data-bs-toggle="modal" data-bs-dismiss="modal" data-bs-target="#deletePostModal" data-nonce="{{g.nonce}}" data-onclick="delete_postModal(this, '{{p.id}}')"><i class="fas fa-trash-alt"></i>Delete</button>
+		<button type="button" id="delete2-{{p.id}}" class="{% if p.deleted_utc %}d-none{% endif %} list-inline-item" data-bs-toggle="modal" data-bs-dismiss="modal" data-bs-target="#deletePostModal" data-nonce="{{g.nonce}}" data-onclick="delete_postModal('{{p.id}}')"><i class="fas fa-trash-alt"></i>Delete</button>
 {% endif %}
 
 {% if v %}
diff --git a/files/templates/post_actions_mobile.html b/files/templates/post_actions_mobile.html
index 46bc73cea..0bdf855ec 100644
--- a/files/templates/post_actions_mobile.html
+++ b/files/templates/post_actions_mobile.html
@@ -39,7 +39,7 @@
 {% if v.id==p.author_id %}
 	<button type="button" id="undelete-{{p.id}}" class="{% if not p.deleted_utc %}d-none{% endif %} nobackground btn btn-link btn-block btn-lg text-left text-success" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/undelete_post/{{p.id}}', 'delete-{{p.id}}', 'undelete-{{p.id}}','d-none')" data-toggleelement="#post-{{p.id}}" data-toggleattr="deleted" data-bs-dismiss="modal"><i class="fas fa-trash-alt text-center mr-2"></i>Undelete</button>
 
-	<button type="button" id="delete-{{p.id}}" class="{% if p.deleted_utc %}d-none{% endif %} nobackground btn btn-link btn-block btn-lg text-left text-danger" data-bs-toggle="modal" data-bs-dismiss="modal" data-bs-target="#deletePostModal" data-nonce="{{g.nonce}}" data-onclick="delete_postModal(this, '{{p.id}}')"><i class="fas fa-trash-alt mr-2"></i>Delete</button>
+	<button type="button" id="delete-{{p.id}}" class="{% if p.deleted_utc %}d-none{% endif %} nobackground btn btn-link btn-block btn-lg text-left text-danger" data-bs-toggle="modal" data-bs-dismiss="modal" data-bs-target="#deletePostModal" data-nonce="{{g.nonce}}" data-onclick="delete_postModal('{{p.id}}')"><i class="fas fa-trash-alt mr-2"></i>Delete</button>
 {% else %}
 	{% if not p.ghost %}
 		<button type="button" id="unblock2-{{p.id}}" class="nobackground btn btn-link btn-block btn-lg text-success text-left {% if not p.is_blocking %}d-none{% endif %}" data-bs-dismiss="modal" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/settings/unblock?username={{p.author_name}}','block2-{{p.id}}','unblock2-{{p.id}}','d-none')"><i class="fas fa-eye mr-2 text-success"></i>Unblock user</button>