hide ghost identity leak in dev console

files/assets/js/ban_modal.js

@@ -1,11 +1,11 @@
-function banModal(link, id, name, fullname, cls) {
+function banModal(link, name, fullname, cls) {
 	document.getElementById("banModalTitle").innerHTML = `Ban @${name}`;
 	document.getElementById("ban-modal-link").value = link;
 	document.getElementById("banUserButton").innerHTML = `Ban @${name}`;
 
 	document.getElementById("banUserButton").onclick = function() {
 		let form = new FormData(document.getElementById("banModalForm"));
-		const xhr = createXhrWithFormKey(`/ban_user/${id}?form`, "POST", form);
+		const xhr = createXhrWithFormKey(`/ban_user/${fullname}?form`, "POST", form);
 		xhr[0].onload = function() {
 			let data
 			try {data = JSON.parse(xhr[0].response)}
@@ -22,14 +22,14 @@ function banModal(link, id, name, fullname, cls) {
 	}
 }
 
-function chudModal(link, id, name, fullname, cls) {
+function chudModal(link, name, fullname, cls) {
 	document.getElementById("chudModalTitle").innerHTML = `Chud @${name}`;
 	document.getElementById("chud-modal-link").value = link;
 	document.getElementById("chudUserButton").innerHTML = `Chud @${name}`;
 
 	document.getElementById("chudUserButton").onclick = function() {
 		let form = new FormData(document.getElementById("chudModalForm"));
-		const xhr = createXhrWithFormKey(`/agendaposter/${id}?form`, "POST", form);
+		const xhr = createXhrWithFormKey(`/agendaposter/${fullname}?form`, "POST", form);
 		xhr[0].onload = function() {
 			let data
 			try {data = JSON.parse(xhr[0].response)}

files/routes/admin.py

@@ -864,10 +864,20 @@ def admin_removed_comments(v):
 						next_exists=next_exists
 						)
 
-@app.post("/unagendaposter/<int:user_id>")
+@app.post("/unagendaposter/<id>")
 @admin_level_required(PERMS['USER_AGENDAPOSTER'])
-def unagendaposter(user_id, v):
-	user = get_account(user_id)
+def unagendaposter(id, v):
+
+	if id.startswith('p_'):
+		post_id = id.split('p_')[1]
+		post = g.db.get(Submission, post_id)
+		user = post.author
+	elif id.startswith('c_'):
+		comment_id = id.split('c_')[1]
+		comment = g.db.get(Comment, comment_id)
+		user = comment.author
+	else:
+		user = get_account(id)
 
 	if not user.chudded_by:
 		abort(403, "Jannies can't undo chud awards anymore!")
@@ -983,11 +993,21 @@ def admin_title_change(user_id, v):
 
 	return {"message": f"@{user.username}'s flair has been changed!"}
 
-@app.post("/ban_user/<int:user_id>")
+@app.post("/ban_user/<id>")
 @limiter.limit(DEFAULT_RATELIMIT_SLOWER)
 @admin_level_required(PERMS['USER_BAN'])
-def ban_user(user_id, v):
-	user = get_account(user_id)
+def ban_user(id, v):
+
+	if id.startswith('p_'):
+		post_id = id.split('p_')[1]
+		post = g.db.get(Submission, post_id)
+		user = post.author
+	elif id.startswith('c_'):
+		comment_id = id.split('c_')[1]
+		comment = g.db.get(Comment, comment_id)
+		user = comment.author
+	else:
+		user = get_account(id)
 
 	if user.admin_level > v.admin_level:
 		abort(403)
@@ -1055,10 +1075,20 @@ def ban_user(user_id, v):
 	return {"message": f"@{user.username} has been banned {duration}!"}
 
 
-@app.post("/agendaposter/<int:user_id>")
+@app.post("/agendaposter/<id>")
 @admin_level_required(PERMS['USER_AGENDAPOSTER'])
-def agendaposter(user_id, v):
-	user = get_account(user_id)
+def agendaposter(id, v):
+
+	if id.startswith('p_'):
+		post_id = id.split('p_')[1]
+		post = g.db.get(Submission, post_id)
+		user = post.author
+	elif id.startswith('c_'):
+		comment_id = id.split('c_')[1]
+		comment = g.db.get(Comment, comment_id)
+		user = comment.author
+	else:
+		user = get_account(id)
 
 	if user.admin_level > v.admin_level:
 		abort(403)
@@ -1128,11 +1158,22 @@ def agendaposter(user_id, v):
 	return {"message": f"@{user.username} has been chudded {duration}!"}
 
 
-@app.post("/unban_user/<int:user_id>")
+@app.post("/unban_user/<id>")
 @limiter.limit(DEFAULT_RATELIMIT_SLOWER)
 @admin_level_required(PERMS['USER_BAN'])
-def unban_user(user_id, v):
-	user = get_account(user_id)
+def unban_user(id, v):
+
+	if id.startswith('p_'):
+		post_id = id.split('p_')[1]
+		post = g.db.get(Submission, post_id)
+		user = post.author
+	elif id.startswith('c_'):
+		comment_id = id.split('c_')[1]
+		comment = g.db.get(Comment, comment_id)
+		user = comment.author
+	else:
+		user = get_account(id)
+
 	if not user.is_banned:
 		abort(400)
 

files/templates/comments.html

@@ -464,13 +464,13 @@
 {% endif %}
 
 {% if v.admin_level >= PERMS['USER_BAN'] and v.id != c.author_id %}
-	<button type="button" id="unban-{{c.fullname}}" class="dropdown-item list-inline-item d-none {% if c.author.is_suspended %}d-md-block{% endif %} text-success" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unban_user/{{c.author_id}}','ban-{{c.fullname}}','unban-{{c.fullname}}','d-md-block')"><i class="fas fa-user-slash text-success fa-fw"></i>Unban user</button>
-	<button type="button" id="ban-{{c.fullname}}" class="dropdown-item list-inline-item d-none {% if not c.author.is_suspended %}d-md-block{% endif %} text-danger" data-bs-toggle="modal" data-bs-target="#banModal" data-nonce="{{g.nonce}}" data-onclick="banModal('/comment/{{c.id}}', '{{c.author.id}}', '{{c.author_name}}', '{{c.fullname}}','d-md-block')"><i class="fas fa-user-slash text-danger fa-fw"></i>Ban user</button>
+	<button type="button" id="unban-{{c.fullname}}" class="dropdown-item list-inline-item d-none {% if c.author.is_suspended %}d-md-block{% endif %} text-success" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unban_user/{{c.fullname}}','ban-{{c.fullname}}','unban-{{c.fullname}}','d-md-block')"><i class="fas fa-user-slash text-success fa-fw"></i>Unban user</button>
+	<button type="button" id="ban-{{c.fullname}}" class="dropdown-item list-inline-item d-none {% if not c.author.is_suspended %}d-md-block{% endif %} text-danger" data-bs-toggle="modal" data-bs-target="#banModal" data-nonce="{{g.nonce}}" data-onclick="banModal('/comment/{{c.id}}', '{{c.author_name}}', '{{c.fullname}}','d-md-block')"><i class="fas fa-user-slash text-danger fa-fw"></i>Ban user</button>
 {% endif %}
 
 {% if v.admin_level >= PERMS['USER_AGENDAPOSTER'] and v.id != c.author_id %}
-	<button type="button" id="unchud-{{c.fullname}}" class="dropdown-item list-inline-item d-none {% if c.author.agendaposter %}d-md-block{% endif %} text-success" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unagendaposter/{{c.author_id}}','chud-{{c.fullname}}','unchud-{{c.fullname}}','d-md-block')"><i class="fas fa-face-sleeping text-success fa-fw"></i>Unchud user</button>
-	<button type="button" id="chud-{{c.fullname}}" class="dropdown-item list-inline-item d-none {% if not c.author.agendaposter %}d-md-block{% endif %} text-danger" data-bs-toggle="modal" data-bs-target="#chudModal" data-nonce="{{g.nonce}}" data-onclick="chudModal('/comment/{{c.id}}', '{{c.author.id}}', '{{c.author_name}}', '{{c.fullname}}','d-md-block')"><i class="fas fa-face-sleeping text-danger fa-fw"></i>Chud user</button>
+	<button type="button" id="unchud-{{c.fullname}}" class="dropdown-item list-inline-item d-none {% if c.author.agendaposter %}d-md-block{% endif %} text-success" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unagendaposter/{{c.fullname}}','chud-{{c.fullname}}','unchud-{{c.fullname}}','d-md-block')"><i class="fas fa-face-sleeping text-success fa-fw"></i>Unchud user</button>
+	<button type="button" id="chud-{{c.fullname}}" class="dropdown-item list-inline-item d-none {% if not c.author.agendaposter %}d-md-block{% endif %} text-danger" data-bs-toggle="modal" data-bs-target="#chudModal" data-nonce="{{g.nonce}}" data-onclick="chudModal('/comment/{{c.id}}', '{{c.author_name}}', '{{c.fullname}}','d-md-block')"><i class="fas fa-face-sleeping text-danger fa-fw"></i>Chud user</button>
 {% endif %}
 
 							</ul>
@@ -658,13 +658,13 @@
 						{% endif %}
 
 						{% if v.id != c.author_id and v.admin_level >= PERMS['USER_BAN'] %}
-							<button type="button" id="ban2-{{c.fullname}}" class="{% if c.author.is_banned %}d-none{% endif %} list-group-item text-danger" data-bs-dismiss="modal" data-bs-toggle="modal" data-bs-target="#banModal" data-nonce="{{g.nonce}}" data-onclick="banModal('/comment/{{c.id}}', '{{c.author.id}}', '{{c.author_name}}', '{{c.fullname}}','d-none')" ><i class="fas fa-user-slash text-danger fa-fw mr-2"></i>Ban user</button>
-							<button type="button" id="unban2-{{c.fullname}}" class="{% if not c.author.is_banned %}d-none{% endif %} list-group-item text-success" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unban_user/{{c.author_id}}','ban2-{{c.fullname}}','unban2-{{c.fullname}}','d-none')" data-bs-dismiss="modal"><i class="fas fa-user-minus fa-fw text-success mr-2"></i>Unban user</button>
+							<button type="button" id="ban2-{{c.fullname}}" class="{% if c.author.is_banned %}d-none{% endif %} list-group-item text-danger" data-bs-dismiss="modal" data-bs-toggle="modal" data-bs-target="#banModal" data-nonce="{{g.nonce}}" data-onclick="banModal('/comment/{{c.id}}', '{{c.author_name}}', '{{c.fullname}}','d-none')" ><i class="fas fa-user-slash text-danger fa-fw mr-2"></i>Ban user</button>
+							<button type="button" id="unban2-{{c.fullname}}" class="{% if not c.author.is_banned %}d-none{% endif %} list-group-item text-success" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unban_user/{{c.fullname}}','ban2-{{c.fullname}}','unban2-{{c.fullname}}','d-none')" data-bs-dismiss="modal"><i class="fas fa-user-minus fa-fw text-success mr-2"></i>Unban user</button>
 						{% endif %}
 
 						{% if v.id != c.author_id and v.admin_level >= PERMS['USER_AGENDAPOSTER'] %}
-							<button type="button" id="chud2-{{c.fullname}}" class="{% if c.author.agendaposter %}d-none{% endif %} list-group-item text-danger" data-bs-dismiss="modal" data-bs-toggle="modal" data-bs-target="#chudModal" data-nonce="{{g.nonce}}" data-onclick="chudModal('/comment/{{c.id}}', '{{c.author.id}}', '{{c.author_name}}', '{{c.fullname}}','d-none')" ><i class="fas fa-face-sleeping text-danger fa-fw mr-2"></i>Chud user</button>
-							<button type="button" id="unchud2-{{c.fullname}}" class="{% if not c.author.agendaposter %}d-none{% endif %} list-group-item text-success" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unagendaposter/{{c.author_id}}','chud2-{{c.fullname}}','unchud2-{{c.fullname}}','d-none')" data-bs-dismiss="modal"><i class="fas fa-face-sleeping fa-fw text-success mr-2"></i>Unchud user</button>
+							<button type="button" id="chud2-{{c.fullname}}" class="{% if c.author.agendaposter %}d-none{% endif %} list-group-item text-danger" data-bs-dismiss="modal" data-bs-toggle="modal" data-bs-target="#chudModal" data-nonce="{{g.nonce}}" data-onclick="chudModal('/comment/{{c.id}}', '{{c.author_name}}', '{{c.fullname}}','d-none')" ><i class="fas fa-face-sleeping text-danger fa-fw mr-2"></i>Chud user</button>
+							<button type="button" id="unchud2-{{c.fullname}}" class="{% if not c.author.agendaposter %}d-none{% endif %} list-group-item text-success" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unagendaposter/{{c.fullname}}','chud2-{{c.fullname}}','unchud2-{{c.fullname}}','d-none')" data-bs-dismiss="modal"><i class="fas fa-face-sleeping fa-fw text-success mr-2"></i>Unchud user</button>
 						{% endif %}
 
 						{% if v.admin_level >= PERMS['POST_COMMENT_MODERATION'] %}

files/templates/post_actions.html

@@ -79,12 +79,12 @@
 			<button type="button" id="unmark-{{p.id}}" class="dropdown-item {% if not p.over_18 %}d-none{% endif %} list-inline-item text-success" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unmark_post_nsfw/{{p.id}}','mark-{{p.id}}','unmark-{{p.id}}','d-none')"><i class="fas fa-eye-evil"></i>Unmark +18</button>
 		{% endif %}
 		{% if v.admin_level >= PERMS['USER_BAN'] and v.id != p.author_id %}
-			<button type="button" id="ban-{{p.fullname}}" class="dropdown-item {% if p.author.is_suspended %}d-none{% endif %} list-inline-item text-danger" data-bs-toggle="modal" data-bs-target="#banModal" data-nonce="{{g.nonce}}" data-onclick="banModal('/post/{{p.id}}', '{{p.author.id}}', '{{p.author_name}}', '{{p.fullname}}','d-none')"><i class="fas fa-user-slash text-danger fa-fw"></i>Ban user</button>
-			<button type="button" id="unban-{{p.fullname}}" class="dropdown-item {% if not p.author.is_suspended %}d-none{% endif %} list-inline-item text-success" id="unexile2-user-{{p.id}}" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unban_user/{{p.author_id}}','ban-{{p.fullname}}','unban-{{p.fullname}}','d-none')"><i class="fas fa-user-slash"></i>Unban user</button>
+			<button type="button" id="ban-{{p.fullname}}" class="dropdown-item {% if p.author.is_suspended %}d-none{% endif %} list-inline-item text-danger" data-bs-toggle="modal" data-bs-target="#banModal" data-nonce="{{g.nonce}}" data-onclick="banModal('/post/{{p.id}}', '{{p.author_name}}', '{{p.fullname}}','d-none')"><i class="fas fa-user-slash text-danger fa-fw"></i>Ban user</button>
+			<button type="button" id="unban-{{p.fullname}}" class="dropdown-item {% if not p.author.is_suspended %}d-none{% endif %} list-inline-item text-success" id="unexile2-user-{{p.id}}" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unban_user/{{p.fullname}}','ban-{{p.fullname}}','unban-{{p.fullname}}','d-none')"><i class="fas fa-user-slash"></i>Unban user</button>
 		{% endif %}
 		{% if v.admin_level >= PERMS['USER_AGENDAPOSTER'] and v.id != p.author_id %}
-			<button type="button" id="chud-{{p.fullname}}" class="dropdown-item {% if p.author.agendaposter %}d-none{% endif %} list-inline-item text-danger" data-bs-toggle="modal" data-bs-target="#chudModal" data-nonce="{{g.nonce}}" data-onclick="chudModal('/post/{{p.id}}', '{{p.author.id}}', '{{p.author_name}}', '{{p.fullname}}','d-none')"><i class="fas fa-face-sleeping text-danger fa-fw"></i>Chud user</button>
-			<button type="button" id="unchud-{{p.fullname}}" class="dropdown-item {% if not p.author.agendaposter %}d-none{% endif %} list-inline-item text-success" id="unexile2-user-{{p.id}}" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unagendaposter/{{p.author_id}}','chud-{{p.fullname}}','unchud-{{p.fullname}}','d-none')"><i class="fas fa-face-sleeping"></i>Unchud user</button>
+			<button type="button" id="chud-{{p.fullname}}" class="dropdown-item {% if p.author.agendaposter %}d-none{% endif %} list-inline-item text-danger" data-bs-toggle="modal" data-bs-target="#chudModal" data-nonce="{{g.nonce}}" data-onclick="chudModal('/post/{{p.id}}', '{{p.author_name}}', '{{p.fullname}}','d-none')"><i class="fas fa-face-sleeping text-danger fa-fw"></i>Chud user</button>
+			<button type="button" id="unchud-{{p.fullname}}" class="dropdown-item {% if not p.author.agendaposter %}d-none{% endif %} list-inline-item text-success" id="unexile2-user-{{p.id}}" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unagendaposter/{{p.fullname}}','chud-{{p.fullname}}','unchud-{{p.fullname}}','d-none')"><i class="fas fa-face-sleeping"></i>Unchud user</button>
 		{% endif %}
 	</ul>
 {% endif %}

files/templates/post_admin_actions_mobile.html

@@ -37,13 +37,13 @@
 						<button type="button" id="unmark2-{{p.id}}" class="{% if not p.over_18 %}d-none{% endif %} nobackground btn btn-link btn-block btn-lg text-left text-success" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unmark_post_nsfw/{{p.id}}','mark2-{{p.id}}','unmark2-{{p.id}}','d-none')" data-bs-dismiss="modal"><i class="far fa-eye-evil text-center text-success mr-2"></i>Unmark +18</button>
 					{% endif %}
 					{% if v.id != p.author_id and v.admin_level >= PERMS['USER_BAN'] %}
-						<button type="button" id="ban2-{{p.fullname}}" data-bs-dismiss="modal" data-bs-toggle="modal" data-bs-target="#banModal" data-nonce="{{g.nonce}}" data-onclick="banModal('/post/{{p.id}}', '{{p.author.id}}', '{{p.author_name}}', '{{p.fullname}}','d-none')" class="{% if p.author.is_suspended %}d-none{% endif %} nobackground btn btn-link btn-block btn-lg text-danger text-left"><i class="fas fa-user-minus mr-2"></i>Ban user</button>
-						<button type="button" id="unban2-{{p.fullname}}" class="{% if not p.author.is_suspended %}d-none{% endif %} nobackground btn btn-link btn-block btn-lg text-success text-left" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unban_user/{{p.author_id}}','ban2-{{p.fullname}}','unban2-{{p.fullname}}','d-none')" data-bs-dismiss="modal"><i class="fas fa-user-minus mr-2"></i>Unban user</button>
+						<button type="button" id="ban2-{{p.fullname}}" data-bs-dismiss="modal" data-bs-toggle="modal" data-bs-target="#banModal" data-nonce="{{g.nonce}}" data-onclick="banModal('/post/{{p.id}}', '{{p.author_name}}', '{{p.fullname}}','d-none')" class="{% if p.author.is_suspended %}d-none{% endif %} nobackground btn btn-link btn-block btn-lg text-danger text-left"><i class="fas fa-user-minus mr-2"></i>Ban user</button>
+						<button type="button" id="unban2-{{p.fullname}}" class="{% if not p.author.is_suspended %}d-none{% endif %} nobackground btn btn-link btn-block btn-lg text-success text-left" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unban_user/{{p.fullname}}','ban2-{{p.fullname}}','unban2-{{p.fullname}}','d-none')" data-bs-dismiss="modal"><i class="fas fa-user-minus mr-2"></i>Unban user</button>
 					{% endif %}
 
 					{% if v.id != p.author_id and v.admin_level >= PERMS['USER_AGENDAPOSTER'] %}
-						<button type="button" id="chud2-{{p.fullname}}" data-bs-dismiss="modal" data-bs-toggle="modal" data-bs-target="#chudModal" data-nonce="{{g.nonce}}" data-onclick="chudModal('/post/{{p.id}}', '{{p.author.id}}', '{{p.author_name}}', '{{p.fullname}}','d-none')" class="{% if p.author.agendaposter %}d-none{% endif %} nobackground btn btn-link btn-block btn-lg text-danger text-left"><i class="fas fa-face-sleeping mr-2"></i>Chud user</button>
-						<button type="button" id="unchud2-{{p.fullname}}" class="{% if not p.author.agendaposter %}d-none{% endif %} nobackground btn btn-link btn-block btn-lg text-success text-left" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unagendaposter/{{p.author_id}}','chud2-{{p.fullname}}','unchud2-{{p.fullname}}','d-none')" data-bs-dismiss="modal"><i class="fas fa-face-sleeping mr-2"></i>Unchud user</button>
+						<button type="button" id="chud2-{{p.fullname}}" data-bs-dismiss="modal" data-bs-toggle="modal" data-bs-target="#chudModal" data-nonce="{{g.nonce}}" data-onclick="chudModal('/post/{{p.id}}', '{{p.author_name}}', '{{p.fullname}}','d-none')" class="{% if p.author.agendaposter %}d-none{% endif %} nobackground btn btn-link btn-block btn-lg text-danger text-left"><i class="fas fa-face-sleeping mr-2"></i>Chud user</button>
+						<button type="button" id="unchud2-{{p.fullname}}" class="{% if not p.author.agendaposter %}d-none{% endif %} nobackground btn btn-link btn-block btn-lg text-success text-left" data-nonce="{{g.nonce}}" data-onclick="postToastSwitch(this,'/unagendaposter/{{p.fullname}}','chud2-{{p.fullname}}','unchud2-{{p.fullname}}','d-none')" data-bs-dismiss="modal"><i class="fas fa-face-sleeping mr-2"></i>Unchud user</button>
 					{% endif %}
 				</ul>
 			</div>