give error message instead of quietly stripping
parent
294f2057fe
commit
5035f8b90a
|
@ -714,7 +714,7 @@ def filter_emojis_only(title, golden=True, count_emojis=False, obj=None, author=
|
||||||
title = bleach.clean(title, tags=['img','del','span'], attributes=allowed_attributes_emojis, protocols=['http','https']).replace('\n','')
|
title = bleach.clean(title, tags=['img','del','span'], attributes=allowed_attributes_emojis, protocols=['http','https']).replace('\n','')
|
||||||
|
|
||||||
if len(title) > POST_TITLE_HTML_LENGTH_LIMIT:
|
if len(title) > POST_TITLE_HTML_LENGTH_LIMIT:
|
||||||
abort(400, "Rendered title is too big!")
|
abort(400, "Rendered title is too long!")
|
||||||
|
|
||||||
title = title.strip()
|
title = title.strip()
|
||||||
|
|
||||||
|
|
|
@ -845,11 +845,14 @@ def shadowban(user_id, v):
|
||||||
if user.admin_level > v.admin_level:
|
if user.admin_level > v.admin_level:
|
||||||
abort(403)
|
abort(403)
|
||||||
user.shadowbanned = v.id
|
user.shadowbanned = v.id
|
||||||
reason = request.values.get("reason", "")[:256].strip()
|
reason = request.values.get("reason", "").strip()
|
||||||
|
|
||||||
if not reason:
|
if not reason:
|
||||||
abort(400, "You need to submit a reason for shadowbanning!")
|
abort(400, "You need to submit a reason for shadowbanning!")
|
||||||
|
|
||||||
|
if len(reason) > 256:
|
||||||
|
abort(400, "Shadowban reason is too long (max 256 characters)")
|
||||||
|
|
||||||
reason = filter_emojis_only(reason)
|
reason = filter_emojis_only(reason)
|
||||||
|
|
||||||
if len(reason) > 256:
|
if len(reason) > 256:
|
||||||
|
@ -910,7 +913,10 @@ def admin_change_flair(user_id, v):
|
||||||
|
|
||||||
user = get_account(user_id)
|
user = get_account(user_id)
|
||||||
|
|
||||||
new_flair = request.values.get("flair")[:256].strip()
|
new_flair = request.values.get("flair", "").strip()
|
||||||
|
|
||||||
|
if len(new_flair) > 256:
|
||||||
|
abort(400, "New flair is too long (max 256 characters)")
|
||||||
|
|
||||||
user.flair = new_flair
|
user.flair = new_flair
|
||||||
new_flair = filter_emojis_only(new_flair)
|
new_flair = filter_emojis_only(new_flair)
|
||||||
|
@ -982,14 +988,18 @@ def ban_user(fullname, v):
|
||||||
if days < 0:
|
if days < 0:
|
||||||
abort(400, "You can't bans people for negative days!")
|
abort(400, "You can't bans people for negative days!")
|
||||||
|
|
||||||
reason = request.values.get("reason", "")[:256].strip()
|
reason = request.values.get("reason", "").strip()
|
||||||
|
|
||||||
if not reason:
|
if not reason:
|
||||||
abort(400, "You need to submit a reason for banning!")
|
abort(400, "You need to submit a reason for banning!")
|
||||||
|
|
||||||
reason = filter_emojis_only(reason)
|
|
||||||
if len(reason) > 256:
|
if len(reason) > 256:
|
||||||
abort(400, "Ban reason too long!")
|
abort(400, "Ban reason is too long (max 256 characters)")
|
||||||
|
|
||||||
|
reason = filter_emojis_only(reason)
|
||||||
|
|
||||||
|
if len(reason) > 256:
|
||||||
|
abort(400, "Rendered ban reason is too long!")
|
||||||
|
|
||||||
reason = reason_regex_post.sub(r'<a href="\1">\1</a>', reason)
|
reason = reason_regex_post.sub(r'<a href="\1">\1</a>', reason)
|
||||||
reason = reason_regex_comment.sub(r'<a href="\1#context">\1</a>', reason)
|
reason = reason_regex_comment.sub(r'<a href="\1#context">\1</a>', reason)
|
||||||
|
|
|
@ -188,7 +188,11 @@ def award_thing(v, thing_type, id):
|
||||||
|
|
||||||
g.db.add(award)
|
g.db.add(award)
|
||||||
|
|
||||||
note = request.values.get("note", "").strip()[:200]
|
note = request.values.get("note", "").strip()
|
||||||
|
|
||||||
|
if len(note) > 200:
|
||||||
|
abort(400, "Award note is too long (max 200 characters)")
|
||||||
|
|
||||||
award.note = note
|
award.note = note
|
||||||
|
|
||||||
safe_username = f"@{obj.author_name} is"
|
safe_username = f"@{obj.author_name} is"
|
||||||
|
@ -400,15 +404,19 @@ def award_thing(v, thing_type, id):
|
||||||
obj.chudded = True
|
obj.chudded = True
|
||||||
complies_with_chud(obj)
|
complies_with_chud(obj)
|
||||||
elif kind == "flairlock":
|
elif kind == "flairlock":
|
||||||
new_name = note[:100]
|
new_flair = note
|
||||||
if not new_name and author.flairchanged:
|
|
||||||
|
if len(new_flair) > 100:
|
||||||
|
abort(400, "New flair is too long (max 100 characters)")
|
||||||
|
|
||||||
|
if not new_flair and author.flairchanged:
|
||||||
author.flairchanged += 86400
|
author.flairchanged += 86400
|
||||||
else:
|
else:
|
||||||
author.flair = new_name
|
author.flair = new_flair
|
||||||
new_name = filter_emojis_only(new_name)
|
new_flair = filter_emojis_only(new_flair)
|
||||||
new_name = censor_slurs_profanities(new_name, None)
|
new_flair = censor_slurs_profanities(new_flair, None)
|
||||||
if len(new_name) > 1000: abort(403)
|
if len(new_flair) > 1000: abort(403)
|
||||||
author.flair_html = new_name
|
author.flair_html = new_flair
|
||||||
author.flairchanged = int(time.time()) + 86400
|
author.flairchanged = int(time.time()) + 86400
|
||||||
badge_grant(user=author, badge_id=96)
|
badge_grant(user=author, badge_id=96)
|
||||||
elif kind == "namelock":
|
elif kind == "namelock":
|
||||||
|
|
|
@ -450,11 +450,15 @@ def post_hole_sidebar(v, hole):
|
||||||
if not v.mods(hole.name): abort(403)
|
if not v.mods(hole.name): abort(403)
|
||||||
if v.shadowbanned: abort(400)
|
if v.shadowbanned: abort(400)
|
||||||
|
|
||||||
hole.sidebar = request.values.get('sidebar', '')[:10000].strip()
|
hole.sidebar = request.values.get('sidebar', '').strip()
|
||||||
|
|
||||||
|
if len(sidebar) > 10000:
|
||||||
|
abort(400, "New sidebar is too long (max 10000 characters)")
|
||||||
|
|
||||||
sidebar_html = sanitize(hole.sidebar, blackjack=f"/h/{hole} sidebar")
|
sidebar_html = sanitize(hole.sidebar, blackjack=f"/h/{hole} sidebar")
|
||||||
|
|
||||||
if len(sidebar_html) > 20000:
|
if len(sidebar_html) > 20000:
|
||||||
abort(400, "Sidebar is too big! (max 20000 characters)")
|
abort(400, "New rendered sidebar is too long!")
|
||||||
|
|
||||||
hole.sidebar_html = sidebar_html
|
hole.sidebar_html = sidebar_html
|
||||||
g.db.add(hole)
|
g.db.add(hole)
|
||||||
|
|
|
@ -22,7 +22,10 @@ def report_post(pid, v):
|
||||||
reason = request.values.get("reason", "").strip()
|
reason = request.values.get("reason", "").strip()
|
||||||
execute_under_siege(v, post, reason, 'report')
|
execute_under_siege(v, post, reason, 'report')
|
||||||
execute_blackjack(v, post, reason, 'report')
|
execute_blackjack(v, post, reason, 'report')
|
||||||
reason = reason[:100]
|
|
||||||
|
if len(reason) > 100:
|
||||||
|
abort(400, "Report reason is too long (max 100 characters)")
|
||||||
|
|
||||||
og_flair = reason[1:]
|
og_flair = reason[1:]
|
||||||
reason_html = filter_emojis_only(reason)
|
reason_html = filter_emojis_only(reason)
|
||||||
if len(reason_html) > 350:
|
if len(reason_html) > 350:
|
||||||
|
@ -91,7 +94,10 @@ def report_comment(cid, v):
|
||||||
reason = request.values.get("reason", "").strip()
|
reason = request.values.get("reason", "").strip()
|
||||||
execute_under_siege(v, comment, reason, 'report')
|
execute_under_siege(v, comment, reason, 'report')
|
||||||
execute_blackjack(v, comment, reason, 'report')
|
execute_blackjack(v, comment, reason, 'report')
|
||||||
reason = reason[:100]
|
|
||||||
|
if len(reason) > 100:
|
||||||
|
abort(400, "Report reason is too long (max 100 characters)")
|
||||||
|
|
||||||
reason_html = filter_emojis_only(reason)
|
reason_html = filter_emojis_only(reason)
|
||||||
|
|
||||||
if len(reason_html) > 350: abort(400, "Too long!")
|
if len(reason_html) > 350: abort(400, "Too long!")
|
||||||
|
|
|
@ -241,17 +241,19 @@ def settings_personal_post(v):
|
||||||
if not v.patron:
|
if not v.patron:
|
||||||
abort(403, f"Signatures are only available to {patron}s!")
|
abort(403, f"Signatures are only available to {patron}s!")
|
||||||
|
|
||||||
sig = request.values.get("sig")[:200].replace('\n','').replace('\r','')
|
sig = request.values.get("sig").replace('\n','').replace('\r','').strip()
|
||||||
|
|
||||||
sig = process_files(request.files, v, sig)
|
sig = process_files(request.files, v, sig)
|
||||||
sig = sig[:200].strip() # process_files potentially adds characters to the post
|
sig = sig.strip() # process_files potentially adds characters to the post
|
||||||
|
|
||||||
|
if len(sig) > 200:
|
||||||
|
abort(400, "New signature is too long (max 200 characters)")
|
||||||
|
|
||||||
sig_html = sanitize(sig, blackjack="signature")
|
sig_html = sanitize(sig, blackjack="signature")
|
||||||
if len(sig_html) > 1000:
|
if len(sig_html) > 1000:
|
||||||
abort(400, "Your sig is too long")
|
abort(400, "Your sig is too long")
|
||||||
|
|
||||||
v.sig = sig
|
v.sig = sig
|
||||||
v.sig_html=sig_html
|
v.sig_html = sig_html
|
||||||
g.db.add(v)
|
g.db.add(v)
|
||||||
return {"message": "Your sig has been updated."}
|
return {"message": "Your sig has been updated."}
|
||||||
|
|
||||||
|
@ -386,11 +388,14 @@ def settings_personal_post(v):
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||||
@auth_required
|
@auth_required
|
||||||
def filters(v):
|
def filters(v):
|
||||||
filters = request.values.get("filters", "")[:1000].strip()
|
filters = request.values.get("filters", "").strip()
|
||||||
|
|
||||||
if filters == v.custom_filter_list:
|
if filters == v.custom_filter_list:
|
||||||
abort(400, "You didn't change anything!")
|
abort(400, "You didn't change anything!")
|
||||||
|
|
||||||
|
if len(filters) > 1000:
|
||||||
|
abort(400, "Filters are too long (max 1000 characters)")
|
||||||
|
|
||||||
v.custom_filter_list=filters
|
v.custom_filter_list=filters
|
||||||
g.db.add(v)
|
g.db.add(v)
|
||||||
return {"message": "Your custom filters have been updated!"}
|
return {"message": "Your custom filters have been updated!"}
|
||||||
|
|
Loading…
Reference in New Issue