Merge branch 'master' into mistletoe
commit
95685d220c
|
@ -1,6 +1,7 @@
|
||||||
image.*
|
image.*
|
||||||
chart.png
|
chart.png
|
||||||
video.mp4
|
video.mp4
|
||||||
|
video.webm
|
||||||
cache/
|
cache/
|
||||||
__pycache__/
|
__pycache__/
|
||||||
disablesignups
|
disablesignups
|
||||||
|
|
|
@ -137,8 +137,7 @@ def after_request(response):
|
||||||
|
|
||||||
response.headers.add("Strict-Transport-Security", "max-age=31536000")
|
response.headers.add("Strict-Transport-Security", "max-age=31536000")
|
||||||
response.headers.add("X-Frame-Options", "deny")
|
response.headers.add("X-Frame-Options", "deny")
|
||||||
response.headers.add("Content-Security-Policy", "script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.pusher.com; object-src 'none';")
|
response.headers.add("Content-Security-Policy", "script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' tls-use1.fpapi.io api.fpjs.io 02ddcc80-b8db-42be-9022-44c546b4dce6.pushnotifications.pusher.com; object-src 'none';")
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|
||||||
from files.routes import *
|
from files.routes import *
|
|
@ -401,7 +401,9 @@ class Comment(Base):
|
||||||
for o in self.options:
|
for o in self.options:
|
||||||
html += f'<div class="custom-control"><input type="checkbox" class="custom-control-input" id="{o.id}" name="option"'
|
html += f'<div class="custom-control"><input type="checkbox" class="custom-control-input" id="{o.id}" name="option"'
|
||||||
if o.poll_voted(v): html += " checked"
|
if o.poll_voted(v): html += " checked"
|
||||||
html += f''' onchange="poll_vote('{o.id}', '{self.id}')"><label class="custom-control-label" for="{o.id}">{o.body_html}<span class="presult-{self.id}'''
|
if v: html += f''' onchange="poll_vote('{o.id}', '{self.id}')"'''
|
||||||
|
else: html += f''' onchange="poll_vote_no_v('{o.id}', '{self.id}')"'''
|
||||||
|
html += f'''><label class="custom-control-label" for="{o.id}">{o.body_html}<span class="presult-{self.id}'''
|
||||||
if not self.total_poll_voted(v): html += ' d-none'
|
if not self.total_poll_voted(v): html += ' d-none'
|
||||||
html += f'"> - <a href="/votes?link=t3_{o.id}"><span id="poll-{o.id}">{o.upvotes}</span> votes</a></span></label></div><pre></pre>'
|
html += f'"> - <a href="/votes?link=t3_{o.id}"><span id="poll-{o.id}">{o.upvotes}</span> votes</a></span></label></div><pre></pre>'
|
||||||
return html
|
return html
|
||||||
|
|
|
@ -618,6 +618,14 @@ AWARDS = {
|
||||||
"color": "text-silver",
|
"color": "text-silver",
|
||||||
"price": 10000
|
"price": 10000
|
||||||
},
|
},
|
||||||
|
"unblockable": {
|
||||||
|
"kind": "unblockable",
|
||||||
|
"title": "Unblockable",
|
||||||
|
"description": "Makes the recipient unblockable and removes all blocks on them.",
|
||||||
|
"icon": "far fa-laugh-squint",
|
||||||
|
"color": "text-lightgreen",
|
||||||
|
"price": 10000
|
||||||
|
},
|
||||||
"pause": {
|
"pause": {
|
||||||
"kind": "pause",
|
"kind": "pause",
|
||||||
"title": "Pause",
|
"title": "Pause",
|
||||||
|
@ -626,14 +634,6 @@ AWARDS = {
|
||||||
"color": "text-danger",
|
"color": "text-danger",
|
||||||
"price": 20000
|
"price": 20000
|
||||||
},
|
},
|
||||||
"unblockable": {
|
|
||||||
"kind": "unblockable",
|
|
||||||
"title": "Unblockable",
|
|
||||||
"description": "Makes the recipient unblockable and removes all blocks on them.",
|
|
||||||
"icon": "far fa-laugh-squint",
|
|
||||||
"color": "text-lightgreen",
|
|
||||||
"price": 25000
|
|
||||||
},
|
|
||||||
"unpausable": {
|
"unpausable": {
|
||||||
"kind": "unpausable",
|
"kind": "unpausable",
|
||||||
"title": "Unpausable",
|
"title": "Unpausable",
|
||||||
|
@ -797,6 +797,14 @@ AWARDS2 = {
|
||||||
"color": "text-silver",
|
"color": "text-silver",
|
||||||
"price": 10000
|
"price": 10000
|
||||||
},
|
},
|
||||||
|
"unblockable": {
|
||||||
|
"kind": "unblockable",
|
||||||
|
"title": "Unblockable",
|
||||||
|
"description": "Makes the recipient unblockable and removes all blocks on them.",
|
||||||
|
"icon": "far fa-laugh-squint",
|
||||||
|
"color": "text-lightgreen",
|
||||||
|
"price": 10000
|
||||||
|
},
|
||||||
"pause": {
|
"pause": {
|
||||||
"kind": "pause",
|
"kind": "pause",
|
||||||
"title": "Pause",
|
"title": "Pause",
|
||||||
|
@ -805,14 +813,6 @@ AWARDS2 = {
|
||||||
"color": "text-danger",
|
"color": "text-danger",
|
||||||
"price": 20000
|
"price": 20000
|
||||||
},
|
},
|
||||||
"unblockable": {
|
|
||||||
"kind": "unblockable",
|
|
||||||
"title": "Unblockable",
|
|
||||||
"description": "Makes the recipient unblockable and removes all blocks on them.",
|
|
||||||
"icon": "far fa-laugh-squint",
|
|
||||||
"color": "text-lightgreen",
|
|
||||||
"price": 25000
|
|
||||||
},
|
|
||||||
"unpausable": {
|
"unpausable": {
|
||||||
"kind": "unpausable",
|
"kind": "unpausable",
|
||||||
"title": "Unpausable",
|
"title": "Unpausable",
|
||||||
|
|
|
@ -39,6 +39,9 @@ allowed_tags = tags = ['b',
|
||||||
'a',
|
'a',
|
||||||
'img',
|
'img',
|
||||||
'span',
|
'span',
|
||||||
|
'ruby',
|
||||||
|
'rp',
|
||||||
|
'rt',
|
||||||
]
|
]
|
||||||
|
|
||||||
no_images = ['b',
|
no_images = ['b',
|
||||||
|
@ -71,6 +74,9 @@ no_images = ['b',
|
||||||
'marquee',
|
'marquee',
|
||||||
'a',
|
'a',
|
||||||
'span',
|
'span',
|
||||||
|
'ruby',
|
||||||
|
'rp',
|
||||||
|
'rt',
|
||||||
]
|
]
|
||||||
|
|
||||||
def sanitize_marquee(tag, name, value):
|
def sanitize_marquee(tag, name, value):
|
||||||
|
@ -84,7 +90,7 @@ def sanitize_marquee(tag, name, value):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
allowed_attributes = {
|
allowed_attributes = {
|
||||||
'*': ['href', 'style', 'src', 'class', 'title', 'rel', 'data-bs-original-name'],
|
'*': ['href', 'style', 'src', 'class', 'title'],
|
||||||
'marquee': sanitize_marquee}
|
'marquee': sanitize_marquee}
|
||||||
|
|
||||||
allowed_protocols = ['http', 'https']
|
allowed_protocols = ['http', 'https']
|
||||||
|
@ -228,8 +234,8 @@ def sanitize(sanitized, noimages=False):
|
||||||
htmlsource += '"></lite-youtube>'
|
htmlsource += '"></lite-youtube>'
|
||||||
|
|
||||||
sanitized = sanitized.replace(replacing, htmlsource)
|
sanitized = sanitized.replace(replacing, htmlsource)
|
||||||
for i in re.finditer('<p>(https:.*?\.mp4)</p>', sanitized):
|
for i in re.finditer('<p>(https:.*?\.(mp4|webm))</p>', sanitized):
|
||||||
sanitized = sanitized.replace(i.group(0), f'<p><video controls preload="none" class="embedvid"><source src="{i.group(1)}" type="video/mp4"></video>')
|
sanitized = sanitized.replace(i.group(0), f'<p><video controls preload="none" class="embedvid"><source src="{i.group(1)}" type="video/{i.group(2)}"></video>')
|
||||||
|
|
||||||
for rd in ["https://reddit.com/", "https://new.reddit.com/", "https://www.reddit.com/", "https://redd.it/"]:
|
for rd in ["https://reddit.com/", "https://new.reddit.com/", "https://www.reddit.com/", "https://redd.it/"]:
|
||||||
sanitized = sanitized.replace(rd, "https://old.reddit.com/")
|
sanitized = sanitized.replace(rd, "https://old.reddit.com/")
|
||||||
|
|
|
@ -174,6 +174,15 @@ def shop(v):
|
||||||
"owned": 0,
|
"owned": 0,
|
||||||
"price": 10000
|
"price": 10000
|
||||||
},
|
},
|
||||||
|
"unblockable": {
|
||||||
|
"kind": "unblockable",
|
||||||
|
"title": "Unblockable",
|
||||||
|
"description": "Makes the recipient unblockable and removes all blocks on them.",
|
||||||
|
"icon": "far fa-laugh-squint",
|
||||||
|
"color": "text-lightgreen",
|
||||||
|
"owned": 0,
|
||||||
|
"price": 10000
|
||||||
|
},
|
||||||
"pause": {
|
"pause": {
|
||||||
"kind": "pause",
|
"kind": "pause",
|
||||||
"title": "Pause",
|
"title": "Pause",
|
||||||
|
@ -183,15 +192,6 @@ def shop(v):
|
||||||
"owned": 0,
|
"owned": 0,
|
||||||
"price": 20000
|
"price": 20000
|
||||||
},
|
},
|
||||||
"unblockable": {
|
|
||||||
"kind": "unblockable",
|
|
||||||
"title": "Unblockable",
|
|
||||||
"description": "Makes the recipient unblockable and removes all blocks on them.",
|
|
||||||
"icon": "far fa-laugh-squint",
|
|
||||||
"color": "text-lightgreen",
|
|
||||||
"owned": 0,
|
|
||||||
"price": 25000
|
|
||||||
},
|
|
||||||
"unpausable": {
|
"unpausable": {
|
||||||
"kind": "unpausable",
|
"kind": "unpausable",
|
||||||
"title": "Unpausable",
|
"title": "Unpausable",
|
||||||
|
@ -384,6 +384,14 @@ def buy(v, award):
|
||||||
"color": "text-silver",
|
"color": "text-silver",
|
||||||
"price": 10000
|
"price": 10000
|
||||||
},
|
},
|
||||||
|
"unblockable": {
|
||||||
|
"kind": "unblockable",
|
||||||
|
"title": "Unblockable",
|
||||||
|
"description": "Makes the recipient unblockable and removes all blocks on them.",
|
||||||
|
"icon": "far fa-laugh-squint",
|
||||||
|
"color": "text-lightgreen",
|
||||||
|
"price": 10000
|
||||||
|
},
|
||||||
"pause": {
|
"pause": {
|
||||||
"kind": "pause",
|
"kind": "pause",
|
||||||
"title": "Pause",
|
"title": "Pause",
|
||||||
|
@ -392,14 +400,6 @@ def buy(v, award):
|
||||||
"color": "text-danger",
|
"color": "text-danger",
|
||||||
"price": 20000
|
"price": 20000
|
||||||
},
|
},
|
||||||
"unblockable": {
|
|
||||||
"kind": "unblockable",
|
|
||||||
"title": "Unblockable",
|
|
||||||
"description": "Makes the recipient unblockable and removes all blocks on them.",
|
|
||||||
"icon": "far fa-laugh-squint",
|
|
||||||
"color": "text-lightgreen",
|
|
||||||
"price": 25000
|
|
||||||
},
|
|
||||||
"unpausable": {
|
"unpausable": {
|
||||||
"kind": "unpausable",
|
"kind": "unpausable",
|
||||||
"title": "Unpausable",
|
"title": "Unpausable",
|
||||||
|
@ -467,6 +467,7 @@ def buy(v, award):
|
||||||
|
|
||||||
if request.values.get("mb"):
|
if request.values.get("mb"):
|
||||||
if v.procoins < price: return {"error": "Not enough marseybux."}, 400
|
if v.procoins < price: return {"error": "Not enough marseybux."}, 400
|
||||||
|
if award in ["grass","alt"]: return {"error": "You can't buy those awards with marseybux."}, 403
|
||||||
v.procoins -= price
|
v.procoins -= price
|
||||||
else:
|
else:
|
||||||
if v.coins < price: return {"error": "Not enough coins."}, 400
|
if v.coins < price: return {"error": "Not enough coins."}, 400
|
||||||
|
|
|
@ -621,6 +621,7 @@ def edit_comment(cid, v):
|
||||||
if c.is_banned or c.deleted_utc > 0: abort(403)
|
if c.is_banned or c.deleted_utc > 0: abort(403)
|
||||||
|
|
||||||
body = request.values.get("body", "").strip()[:10000]
|
body = request.values.get("body", "").strip()[:10000]
|
||||||
|
if len(body) < 1: return {"error":"You have to actually type something!"}, 400
|
||||||
|
|
||||||
if body != c.body and body != "":
|
if body != c.body and body != "":
|
||||||
if v.marseyawarded:
|
if v.marseyawarded:
|
||||||
|
|
|
@ -475,12 +475,6 @@ line breaks
|
||||||
<tr>
|
<tr>
|
||||||
<td>title</td>
|
<td>title</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
|
||||||
<td>rel</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td>data-bs-original-name</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
<tr>
|
||||||
<td>direction</td>
|
<td>direction</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
Loading…
Reference in New Issue