security: don't leak post contents to embeds and other stuff for removed/deleted posts

files/classes/submission.py

@@ -334,6 +334,8 @@ class Submission(Base):
 	@lazy
 	def realbody(self, v, listing=False):
 		if self.club and not (v and (v.paid_dues or v.id == self.author_id)): return f"<p>{CC} ONLY</p>"
+		if self.deleted_utc != 0 and not (v and (v.admin_level >= 2) or v.id == self.author.id): return "[Deleted by user]"
+		if self.is_banned and not (v and v.admin_level >= 2): return "[Removed by admins]";
 
 		body = self.body_html or ""
 
@@ -401,6 +403,8 @@ class Submission(Base):
 
 	@lazy
 	def plainbody(self, v):
+		if self.deleted_utc != 0 and not (v and (v.admin_level >= 2) or v.id == self.author.id): return "[Deleted by user]"
+		if self.is_banned and not (v and v.admin_level >= 2): return "[Removed by admins]"
 		if self.club and not (v and (v.paid_dues or v.id == self.author_id)): return f"<p>{CC} ONLY</p>"
 
 		body = self.body