diff --git a/files/routes/comments.py b/files/routes/comments.py index 7dab9975e..8ad018d39 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -168,7 +168,7 @@ def api_comment(v): if time.time() > v.longpost: v.longpost = None g.db.add(v) - elif len(body) < 280: return {"error":"You have to type more than 280 characters!"}, 403 + elif len(body) < 280 or ' [](' in body or body.startswith('[]('): return {"error":"You have to type more than 280 characters!"}, 403 if not body and not request.files.get('file'): return {"error":"You need to actually write something!"}, 400 @@ -194,7 +194,7 @@ def api_comment(v): if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', body_html))) > 0: return {"error":"You can only type marseys!"}, 403 - if v.longpost and len(body) < 280: return {"error":"You have to type more than 280 characters!"}, 403 + if v.longpost and (len(body) < 280 or ' [](' in body or body.startswith('[](')): return {"error":"You have to type more than 280 characters!"}, 403 bans = filter_comment_html(body_html) @@ -621,7 +621,7 @@ def edit_comment(cid, v): if time.time() > v.longpost: v.longpost = None g.db.add(v) - elif len(body) < 280: return {"error":"You have to type more than 280 characters!"}, 403 + elif len(body) < 280 or ' [](' in body or body.startswith('[]('): return {"error":"You have to type more than 280 characters!"}, 403 for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE): if "wikipedia" not in i.group(1): body = body.replace(i.group(1), f'![]({i.group(1)})') @@ -630,7 +630,7 @@ def edit_comment(cid, v): if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', body_html))) > 0: return {"error":"You can only type marseys!"}, 403 - if v.longpost and len(body) < 280: return {"error":"You have to type more than 280 characters!"}, 403 + if v.longpost and (len(body) < 280 or ' [](' in body or body.startswith('[](')): return {"error":"You have to type more than 280 characters!"}, 403 bans = filter_comment_html(body_html) diff --git a/files/routes/posts.py b/files/routes/posts.py index 93fe7851c..16850c809 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -238,7 +238,7 @@ def edit_post(pid, v): if time.time() > v.longpost: v.longpost = None g.db.add(v) - elif len(body) < 280: return {"error":"You have to type more than 280 characters!"}, 403 + elif len(body) < 280 or ' [](' in body or body.startswith('[]('): return {"error":"You have to type more than 280 characters!"}, 403 if title != p.title: title_html = filter_title(title) @@ -264,7 +264,7 @@ def edit_post(pid, v): p.body = body if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', body_html))) > 0: return {"error":"You can only type marseys!"}, 40 - if v.longpost and len(body) < 280: return {"error":"You have to type more than 280 characters!"}, 403 + if v.longpost and (len(body) < 280 or ' [](' in body or body.startswith('[](')): return {"error":"You have to type more than 280 characters!"}, 403 p.body_html = body_html @@ -531,7 +531,7 @@ def submit_post(v): if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', title_html))) > 0: return {"error":"You can only type marseys!"}, 40 - if v.longpost and len(body) < 280: return {"error":"You have to type more than 280 characters!"}, 403 + if v.longpost and (len(body) < 280 or ' [](' in body or body.startswith('[](')): return {"error":"You have to type more than 280 characters!"}, 403 if url: if "/i.imgur.com/" in url: url = url.replace(".png", ".webp").replace(".jpg", ".webp").replace(".jpeg", ".webp") @@ -618,7 +618,7 @@ def submit_post(v): if time.time() > v.longpost: v.longpost = None g.db.add(v) - elif len(body) < 280: return {"error":"You have to type more than 280 characters!"}, 403 + elif len(body) < 280 or ' [](' in body or body.startswith('[]('): return {"error":"You have to type more than 280 characters!"}, 403 dup = g.db.query(Submission).filter( Submission.author_id == v.id, @@ -701,7 +701,7 @@ def submit_post(v): if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', body_html))) > 0: return {"error":"You can only type marseys!"}, 400 - if v.longpost and len(body) < 280: return {"error":"You have to type more than 280 characters!"}, 403 + if v.longpost and (len(body) < 280 or ' [](' in body or body.startswith('[](')): return {"error":"You have to type more than 280 characters!"}, 403 if len(body_html) > 20000: return {"error":"Submission body too long!"}, 400