Merge branch 'master' into mistletoe
commit
95685d220c
|
@ -1,6 +1,7 @@
|
|||
image.*
|
||||
chart.png
|
||||
video.mp4
|
||||
video.webm
|
||||
cache/
|
||||
__pycache__/
|
||||
disablesignups
|
||||
|
|
|
@ -137,8 +137,7 @@ def after_request(response):
|
|||
|
||||
response.headers.add("Strict-Transport-Security", "max-age=31536000")
|
||||
response.headers.add("X-Frame-Options", "deny")
|
||||
response.headers.add("Content-Security-Policy", "script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.pusher.com; object-src 'none';")
|
||||
response.headers.add("Content-Security-Policy", "script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' tls-use1.fpapi.io api.fpjs.io 02ddcc80-b8db-42be-9022-44c546b4dce6.pushnotifications.pusher.com; object-src 'none';")
|
||||
return response
|
||||
|
||||
|
||||
from files.routes import *
|
|
@ -401,7 +401,9 @@ class Comment(Base):
|
|||
for o in self.options:
|
||||
html += f'<div class="custom-control"><input type="checkbox" class="custom-control-input" id="{o.id}" name="option"'
|
||||
if o.poll_voted(v): html += " checked"
|
||||
html += f''' onchange="poll_vote('{o.id}', '{self.id}')"><label class="custom-control-label" for="{o.id}">{o.body_html}<span class="presult-{self.id}'''
|
||||
if v: html += f''' onchange="poll_vote('{o.id}', '{self.id}')"'''
|
||||
else: html += f''' onchange="poll_vote_no_v('{o.id}', '{self.id}')"'''
|
||||
html += f'''><label class="custom-control-label" for="{o.id}">{o.body_html}<span class="presult-{self.id}'''
|
||||
if not self.total_poll_voted(v): html += ' d-none'
|
||||
html += f'"> - <a href="/votes?link=t3_{o.id}"><span id="poll-{o.id}">{o.upvotes}</span> votes</a></span></label></div><pre></pre>'
|
||||
return html
|
||||
|
|
|
@ -618,6 +618,14 @@ AWARDS = {
|
|||
"color": "text-silver",
|
||||
"price": 10000
|
||||
},
|
||||
"unblockable": {
|
||||
"kind": "unblockable",
|
||||
"title": "Unblockable",
|
||||
"description": "Makes the recipient unblockable and removes all blocks on them.",
|
||||
"icon": "far fa-laugh-squint",
|
||||
"color": "text-lightgreen",
|
||||
"price": 10000
|
||||
},
|
||||
"pause": {
|
||||
"kind": "pause",
|
||||
"title": "Pause",
|
||||
|
@ -626,14 +634,6 @@ AWARDS = {
|
|||
"color": "text-danger",
|
||||
"price": 20000
|
||||
},
|
||||
"unblockable": {
|
||||
"kind": "unblockable",
|
||||
"title": "Unblockable",
|
||||
"description": "Makes the recipient unblockable and removes all blocks on them.",
|
||||
"icon": "far fa-laugh-squint",
|
||||
"color": "text-lightgreen",
|
||||
"price": 25000
|
||||
},
|
||||
"unpausable": {
|
||||
"kind": "unpausable",
|
||||
"title": "Unpausable",
|
||||
|
@ -797,6 +797,14 @@ AWARDS2 = {
|
|||
"color": "text-silver",
|
||||
"price": 10000
|
||||
},
|
||||
"unblockable": {
|
||||
"kind": "unblockable",
|
||||
"title": "Unblockable",
|
||||
"description": "Makes the recipient unblockable and removes all blocks on them.",
|
||||
"icon": "far fa-laugh-squint",
|
||||
"color": "text-lightgreen",
|
||||
"price": 10000
|
||||
},
|
||||
"pause": {
|
||||
"kind": "pause",
|
||||
"title": "Pause",
|
||||
|
@ -805,14 +813,6 @@ AWARDS2 = {
|
|||
"color": "text-danger",
|
||||
"price": 20000
|
||||
},
|
||||
"unblockable": {
|
||||
"kind": "unblockable",
|
||||
"title": "Unblockable",
|
||||
"description": "Makes the recipient unblockable and removes all blocks on them.",
|
||||
"icon": "far fa-laugh-squint",
|
||||
"color": "text-lightgreen",
|
||||
"price": 25000
|
||||
},
|
||||
"unpausable": {
|
||||
"kind": "unpausable",
|
||||
"title": "Unpausable",
|
||||
|
|
|
@ -39,6 +39,9 @@ allowed_tags = tags = ['b',
|
|||
'a',
|
||||
'img',
|
||||
'span',
|
||||
'ruby',
|
||||
'rp',
|
||||
'rt',
|
||||
]
|
||||
|
||||
no_images = ['b',
|
||||
|
@ -71,6 +74,9 @@ no_images = ['b',
|
|||
'marquee',
|
||||
'a',
|
||||
'span',
|
||||
'ruby',
|
||||
'rp',
|
||||
'rt',
|
||||
]
|
||||
|
||||
def sanitize_marquee(tag, name, value):
|
||||
|
@ -84,7 +90,7 @@ def sanitize_marquee(tag, name, value):
|
|||
return False
|
||||
|
||||
allowed_attributes = {
|
||||
'*': ['href', 'style', 'src', 'class', 'title', 'rel', 'data-bs-original-name'],
|
||||
'*': ['href', 'style', 'src', 'class', 'title'],
|
||||
'marquee': sanitize_marquee}
|
||||
|
||||
allowed_protocols = ['http', 'https']
|
||||
|
@ -228,8 +234,8 @@ def sanitize(sanitized, noimages=False):
|
|||
htmlsource += '"></lite-youtube>'
|
||||
|
||||
sanitized = sanitized.replace(replacing, htmlsource)
|
||||
for i in re.finditer('<p>(https:.*?\.mp4)</p>', sanitized):
|
||||
sanitized = sanitized.replace(i.group(0), f'<p><video controls preload="none" class="embedvid"><source src="{i.group(1)}" type="video/mp4"></video>')
|
||||
for i in re.finditer('<p>(https:.*?\.(mp4|webm))</p>', sanitized):
|
||||
sanitized = sanitized.replace(i.group(0), f'<p><video controls preload="none" class="embedvid"><source src="{i.group(1)}" type="video/{i.group(2)}"></video>')
|
||||
|
||||
for rd in ["https://reddit.com/", "https://new.reddit.com/", "https://www.reddit.com/", "https://redd.it/"]:
|
||||
sanitized = sanitized.replace(rd, "https://old.reddit.com/")
|
||||
|
|
|
@ -174,6 +174,15 @@ def shop(v):
|
|||
"owned": 0,
|
||||
"price": 10000
|
||||
},
|
||||
"unblockable": {
|
||||
"kind": "unblockable",
|
||||
"title": "Unblockable",
|
||||
"description": "Makes the recipient unblockable and removes all blocks on them.",
|
||||
"icon": "far fa-laugh-squint",
|
||||
"color": "text-lightgreen",
|
||||
"owned": 0,
|
||||
"price": 10000
|
||||
},
|
||||
"pause": {
|
||||
"kind": "pause",
|
||||
"title": "Pause",
|
||||
|
@ -183,15 +192,6 @@ def shop(v):
|
|||
"owned": 0,
|
||||
"price": 20000
|
||||
},
|
||||
"unblockable": {
|
||||
"kind": "unblockable",
|
||||
"title": "Unblockable",
|
||||
"description": "Makes the recipient unblockable and removes all blocks on them.",
|
||||
"icon": "far fa-laugh-squint",
|
||||
"color": "text-lightgreen",
|
||||
"owned": 0,
|
||||
"price": 25000
|
||||
},
|
||||
"unpausable": {
|
||||
"kind": "unpausable",
|
||||
"title": "Unpausable",
|
||||
|
@ -384,6 +384,14 @@ def buy(v, award):
|
|||
"color": "text-silver",
|
||||
"price": 10000
|
||||
},
|
||||
"unblockable": {
|
||||
"kind": "unblockable",
|
||||
"title": "Unblockable",
|
||||
"description": "Makes the recipient unblockable and removes all blocks on them.",
|
||||
"icon": "far fa-laugh-squint",
|
||||
"color": "text-lightgreen",
|
||||
"price": 10000
|
||||
},
|
||||
"pause": {
|
||||
"kind": "pause",
|
||||
"title": "Pause",
|
||||
|
@ -392,14 +400,6 @@ def buy(v, award):
|
|||
"color": "text-danger",
|
||||
"price": 20000
|
||||
},
|
||||
"unblockable": {
|
||||
"kind": "unblockable",
|
||||
"title": "Unblockable",
|
||||
"description": "Makes the recipient unblockable and removes all blocks on them.",
|
||||
"icon": "far fa-laugh-squint",
|
||||
"color": "text-lightgreen",
|
||||
"price": 25000
|
||||
},
|
||||
"unpausable": {
|
||||
"kind": "unpausable",
|
||||
"title": "Unpausable",
|
||||
|
@ -467,6 +467,7 @@ def buy(v, award):
|
|||
|
||||
if request.values.get("mb"):
|
||||
if v.procoins < price: return {"error": "Not enough marseybux."}, 400
|
||||
if award in ["grass","alt"]: return {"error": "You can't buy those awards with marseybux."}, 403
|
||||
v.procoins -= price
|
||||
else:
|
||||
if v.coins < price: return {"error": "Not enough coins."}, 400
|
||||
|
|
|
@ -621,6 +621,7 @@ def edit_comment(cid, v):
|
|||
if c.is_banned or c.deleted_utc > 0: abort(403)
|
||||
|
||||
body = request.values.get("body", "").strip()[:10000]
|
||||
if len(body) < 1: return {"error":"You have to actually type something!"}, 400
|
||||
|
||||
if body != c.body and body != "":
|
||||
if v.marseyawarded:
|
||||
|
|
|
@ -475,12 +475,6 @@ line breaks
|
|||
<tr>
|
||||
<td>title</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>rel</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>data-bs-original-name</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>direction</td>
|
||||
</tr>
|
||||
|
|
Loading…
Reference in New Issue