From 4bbebb326d27b3bddb08820be5854f131d18c62d Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Thu, 2 Sep 2021 16:38:33 +0200 Subject: [PATCH] fd --- files/routes/comments.py | 15 +++++++++------ files/routes/settings.py | 4 +++- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/files/routes/comments.py b/files/routes/comments.py index 515429a87..e27a70441 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -285,9 +285,10 @@ def api_comment(v): body_md = renderer.render(mistletoe.Document(body)) body_html = sanitize(body_md) + if len(body_html) > 20000: abort(400) c_aux = CommentAux( id=c.id, - body_html=body_html[:20000], + body_html=body_html, body=body[:10000] ) @@ -661,8 +662,10 @@ def edit_comment(cid, v): body_md = renderer.render(mistletoe.Document(body)) body_html = sanitize(body_md) + if len(body_html) > 20000: abort(400) + c.body = body[:10000] - c.body_html = body_html[:20000] + c.body_html = body_html if "rdrama" in request.host and "ivermectin" in c.body_html.lower(): @@ -690,8 +693,8 @@ def edit_comment(cid, v): body_jannied_html = sanitize(body_md) c_aux = CommentAux( id=c_jannied.id, - body_html=body_jannied_html[:20000], - body=body[:10000] + body_html=body_jannied_html, + body=body ) g.db.add(c_aux) g.db.flush() @@ -725,8 +728,8 @@ def edit_comment(cid, v): body_jannied_html = sanitize(body_md) c_aux = CommentAux( id=c_jannied.id, - body_html=body_jannied_html[:20000], - body=body[:10000] + body_html=body_jannied_html, + body=body ) g.db.add(c_aux) g.db.flush() diff --git a/files/routes/settings.py b/files/routes/settings.py index ecc2a7142..23224ebda 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -117,8 +117,10 @@ def settings_profile_post(v): v.ban(days=30, reason="Digitally malicious content is not allowed.") return {"error": reason}, 401 + if len(bio_html) > 10000: abort(400) + v.bio = bio[:1500] - v.bio_html=bio_html[:10000] + v.bio_html=bio_html g.db.add(v) return render_template("settings_profile.html", v=v,