From 485ae92e83483889cc786a700cb1b87c2edfcf40 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Thu, 27 Jan 2022 22:15:05 +0200 Subject: [PATCH] cxxc --- files/__main__.py | 4 ---- files/helpers/sanitize.py | 2 +- files/routes/comments.py | 2 +- files/routes/front.py | 3 +++ 4 files changed, 5 insertions(+), 6 deletions(-) diff --git a/files/__main__.py b/files/__main__.py index 9a23aba44..90d754306 100644 --- a/files/__main__.py +++ b/files/__main__.py @@ -85,10 +85,6 @@ mail = Mail(app) @app.before_request def before_request(): - if not session.get("session_id") and not request.path.startswith("/assets") and not request.path.startswith("/images") and not request.path.startswith("/hostedimages") and not request.path.startswith("/static") and not request.path.startswith("/song"): - session.permanent = True - session["session_id"] = secrets.token_hex(49) - if request.method.lower() != "get" and app.config["READ_ONLY"]: return {"error":f"{app.config['SITE_NAME']} is currently in read-only mode."}, 500 diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 5d1cf17ac..439062389 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -226,7 +226,7 @@ def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False): sanitized = re.sub(f'(?', sanitized, flags=re.I) if comment: marseys_used.add(emoji) - sanitized = sanitized.replace("https://www.", "https://").replace("https://youtu.be/", "https://youtube.com/watch?v=").replace("https://music.youtube.com/watch?v=", "https://youtube.com/watch?v=").replace("https://open.spotify.com/", "https://open.spotify.com/embed/").replace("https://streamable.com/", "https://streamable.com/e/").replace("https://youtube.com/shorts/", "https://youtube.com/watch?v=").replace("https://mobile.twitter", "https://twitter").replace("https://m.facebook", "https://facebook").replace("m.wikipedia.org", "wikipedia.org").replace("https://m.youtube", "https://youtube") + sanitized = sanitized.replace("https://youtu.be/", "https://youtube.com/watch?v=").replace("https://music.youtube.com/watch?v=", "https://youtube.com/watch?v=").replace("https://open.spotify.com/", "https://open.spotify.com/embed/").replace("https://streamable.com/", "https://streamable.com/e/").replace("https://youtube.com/shorts/", "https://youtube.com/watch?v=").replace("https://mobile.twitter", "https://twitter").replace("https://m.facebook", "https://facebook").replace("m.wikipedia.org", "wikipedia.org").replace("https://m.youtube", "https://youtube") if "https://youtube.com/watch?v=" in sanitized: sanitized = sanitized.replace("?t=", "&t=") diff --git a/files/routes/comments.py b/files/routes/comments.py index 5b8db54a3..929f2c3a0 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -129,7 +129,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None): return render_template(template, v=v, p=post, sort=sort, comment_info=comment_info, render_replies=True) @app.post("/comment") -@limiter.limit("1/second;6/minute;200/hour;1000/day") +@limiter.limit("1/second;20/minute;200/hour;1000/day") @auth_required def api_comment(v): if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403 diff --git a/files/routes/front.py b/files/routes/front.py index 8ef14712c..46842d337 100644 --- a/files/routes/front.py +++ b/files/routes/front.py @@ -134,6 +134,9 @@ def notifications(v): @limiter.limit("3/second;30/minute;400/hour;2000/day") @auth_desired def front_all(v): + if not session.get("session_id"): + session.permanent = True + session["session_id"] = secrets.token_hex(49) if not v and request.path == "/" and not request.headers.get("Authorization"): return redirect(f"{SITE_FULL}/logged_out{request.full_path}")