rDrama
/
rDrama
9
10
Fork 6
Code Issues Pull Requests Packages Releases Wiki Activity

Remove !YOU!. 

Security mess and stale joke.
pull/51/head
Snakes 2022-12-05 20:06:04 -05:00
parent fe5ffd1bcf
commit 9160a853ec
Signed by: Snakes
GPG Key ID: E745A82778055C7E
5 changed files with 4 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
files/classes/comment.py
View File

@ -296,9 +296,6 @@ class Comment(Base):
if not self.ghost and self.author.show_sig(v):
body += f'<section id="signature-{self.author.id}" class="user-signature"><hr>{self.author.sig_html}</section>'
if v:
body = body.replace("!YOU!", v.username)
return body
@lazy
@ -312,9 +309,6 @@ class Comment(Base):
body = censor_slurs(body, v).replace('<img loading="lazy" data-bs-toggle="tooltip" alt=":marseytrain:" title=":marseytrain:" src="/e/marseytrain.webp">', ':marseytrain:')
if v:
body = body.replace("!YOU!", v.username)
return body
@lazy

12
files/classes/submission.py
View File

@ -319,9 +319,6 @@ class Submission(Base):
if not listing and not self.ghost and self.author.show_sig(v):
body += f'<section id="signature-{self.author.id}" class="user-signature"><hr>{self.author.sig_html}</section>'
if v:
body = body.replace("!YOU!", v.username)
return body
@lazy
@ -335,9 +332,6 @@ class Submission(Base):
body = censor_slurs(body, v).replace('<img loading="lazy" data-bs-toggle="tooltip" alt=":marseytrain:" title=":marseytrain:" src="/e/marseytrain.webp">', ':marseytrain:')
body = normalize_urls_runtime(body, v)
if v:
body = body.replace("!YOU!", v.username)
return body
@lazy
@ -346,9 +340,6 @@ class Submission(Base):
title = censor_slurs(title, v)
if v:
title = title.replace("!YOU!", v.username)
return title
@lazy
@ -357,9 +348,6 @@ class Submission(Base):
title = censor_slurs(title, v).replace('<img loading="lazy" data-bs-toggle="tooltip" alt=":marseytrain:" title=":marseytrain:" src="/e/marseytrain.webp">', ':marseytrain:')
if v:
title = title.replace("!YOU!", v.username)
return title
@property

1
files/classes/user.py
View File

@ -1019,7 +1019,6 @@ class User(Base):
if not cls.can_see(user, other.author): return False
if user and user.id == other.author_id: return True
if isinstance(other, Submission):
if "!YOU!" in other.title and not user: return False
if browser != 'webview' and other.author_id == AEVANN_ID and other.title.startswith('[ANDROID]'):
return user and user.admin_level >= PERMS['POST_COMMENT_MODERATION']
if browser != 'apple' and other.author_id == CARP_ID and other.title.startswith('[APPLE]'):

8
files/helpers/const.py
View File

@ -1603,11 +1603,9 @@ def is_site_url(url):
def is_safe_url(url):
domain = tldextract.extract(url)
return ((
is_site_url(url)
or domain.registered_domain in approved_embed_hosts
or domain.fqdn in approved_embed_hosts
) and '!YOU!' not in url)
return (is_site_url(url)
or domain.registered_domain in approved_embed_hosts
or domain.fqdn in approved_embed_hosts)
hosts = "|".join(approved_embed_hosts).replace('.','\.')

2
files/helpers/sanitize.py
View File

@ -61,7 +61,7 @@ def allowed_attributes(tag, name, value):
return False
if tag == 'a':
if name == 'href' and '\\' not in value and 'xn--' not in value and '!YOU!' not in value:
if name == 'href' and '\\' not in value and 'xn--' not in value:
return True
if name == 'rel' and value == 'nofollow noopener': return True
if name == 'target' and value == '_blank': return True