From 2875f28b820988127cf88014d96e183cb721bb3a Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Fri, 18 Feb 2022 21:12:14 +0200 Subject: [PATCH] xvc --- files/helpers/images.py | 3 ++- files/helpers/sanitize.py | 8 ++++++++ files/routes/posts.py | 23 ++++++++++++++++++++++- files/routes/users.py | 2 +- files/templates/submission_listing.html | 2 +- files/templates/submit.html | 4 ++-- 6 files changed, 36 insertions(+), 6 deletions(-) diff --git a/files/helpers/images.py b/files/helpers/images.py index b5ac52923..97db48c16 100644 --- a/files/helpers/images.py +++ b/files/helpers/images.py @@ -8,7 +8,8 @@ def process_image(filename=None, resize=0): i = Image.open(filename) if resize and i.width > resize: - subprocess.call(["convert", filename, "-coalesce", "-resize", f"{resize}>", filename]) + try: subprocess.call(["convert", filename, "-coalesce", "-resize", f"{resize}>", filename]) + except: pass elif i.format.lower() != "webp": exif = i.getexif() diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 3cee1b248..b94c5082b 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -302,6 +302,12 @@ def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False): def filter_emojis_only(title, edit=False, graceful=False): + signal.signal(signal.SIGALRM, handler) + signal.alarm(1) + + if title.count(':') > 100: abort(418) + if title.count('@') > 50: abort(418) + title = title.replace('<','<').replace('>','>').replace("\n", "").replace("\r", "").replace("\t", "").strip() title = bleach.clean(title, tags=[]) @@ -334,5 +340,7 @@ def filter_emojis_only(title, edit=False, graceful=False): if path.isfile(f'files/assets/images/emojis/{emoji}.webp'): title = re.sub(f'(?', title, re.I) + signal.alarm(0) + if len(title) > 1500 and not graceful: abort(400) else: return title \ No newline at end of file diff --git a/files/routes/posts.py b/files/routes/posts.py index 8420dbec9..557ff930b 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -40,6 +40,8 @@ discounts = { 73: 0.10, } +titleheaders = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"} + def ghost_price(v): if v.patron == 1: discount = 0.90 elif v.patron == 2: discount = 0.85 @@ -1493,4 +1495,23 @@ def api_pin_post(post_id, v): g.db.commit() if post.is_pinned: return {"message": "Post pinned!"} - else: return {"message": "Post unpinned!"} \ No newline at end of file + else: return {"message": "Post unpinned!"} + + +@app.get("/submit/title") +@limiter.limit("6/minute") +@auth_required +def get_post_title(v): + + url = request.values.get("url", None) + if not url: abort(400) + + try: x = requests.get(url, headers=titleheaders, timeout=5) + except: abort(400) + + soup = BeautifulSoup(x.content, 'html.parser') + + title = soup.find('title') + if not title: abort(400) + + return {"url": url, "title": title.string} \ No newline at end of file diff --git a/files/routes/users.py b/files/routes/users.py index 21acf7af1..4d5c31f03 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -356,7 +356,7 @@ def leaderboard(v): sq = g.db.query(User.id, func.rank().over(order_by=User.truecoins.desc()).label("rank")).subquery() pos10 = g.db.query(sq.c.id, sq.c.rank).filter(sq.c.id == v.id).limit(1).one()[1] - sq = g.db.query(Badge.user_id, func.count(Badge.user_id).label("count"), func.rank().over(order_by=func.count(Badge.user_id).desc()).label("rank")).group_by(Badge.user_id).subquery() + sq = g.db.query(Badge.user_id, func.count(Badge.user_id).label("count"), func.rank().over(order_by=func.count(Badge.user_id).desc()).label("rank")).group_by(Badge.user_id).order_by=func.count(Badge.user_id).subquery() users11 = g.db.query(User, sq.c.count).join(sq, User.id==sq.c.user_id).order_by(sq.c.count.desc()) pos11 = g.db.query(User.id, sq.c.rank, sq.c.count).join(sq, User.id==sq.c.user_id).filter(User.id == v.id).one_or_none() if pos11: pos11 = (pos11[1],pos11[2]) diff --git a/files/templates/submission_listing.html b/files/templates/submission_listing.html index 34691a781..8fa452e6d 100644 --- a/files/templates/submission_listing.html +++ b/files/templates/submission_listing.html @@ -532,7 +532,7 @@ {% if not p.club or v and (v.paid_dues or v.id == p.author_id) %} {% if p.realbody(v) %} -
+
{{p.realbody(v) | safe}}
{% endif %} diff --git a/files/templates/submit.html b/files/templates/submit.html index 9364ea747..f5a7eb1e1 100644 --- a/files/templates/submit.html +++ b/files/templates/submit.html @@ -110,7 +110,7 @@
- + To post an image, use a direct image link such as i.imgur.com
@@ -271,7 +271,7 @@ - + {% include "emoji_modal.html" %} {% include "gif_modal.html" %}