fdsfds
parent
11d463bc60
commit
9e4604fb35
|
@ -54,10 +54,10 @@ def api_verify_email(v):
|
||||||
@auth_desired
|
@auth_desired
|
||||||
def activate(v):
|
def activate(v):
|
||||||
|
|
||||||
email = request.values.get("email", "")
|
email = request.values.get("email", "").strip()
|
||||||
id = request.values.get("id", "")
|
id = request.values.get("id", "").strip()
|
||||||
timestamp = int(request.values.get("time", "0"))
|
timestamp = int(request.values.get("time", "0"))
|
||||||
token = request.values.get("token", "")
|
token = request.values.get("token", "").strip()
|
||||||
|
|
||||||
if int(time.time()) - timestamp > 3600:
|
if int(time.time()) - timestamp > 3600:
|
||||||
return render_template("message.html", v=v, title="Verification link expired.",
|
return render_template("message.html", v=v, title="Verification link expired.",
|
||||||
|
|
|
@ -240,7 +240,7 @@ def get_rules(v):
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def post_rules(v):
|
def post_rules(v):
|
||||||
|
|
||||||
text = request.values.get('rules', '')
|
text = request.values.get('rules', '').strip()
|
||||||
|
|
||||||
with open(f'./{SITE_NAME} rules.html', 'w+') as f:
|
with open(f'./{SITE_NAME} rules.html', 'w+') as f:
|
||||||
f.write(text)
|
f.write(text)
|
||||||
|
@ -874,11 +874,11 @@ def ban_user(user_id, v):
|
||||||
if 'form' in request.values:
|
if 'form' in request.values:
|
||||||
days = float(request.values.get("days")) if request.values.get('days') else 0
|
days = float(request.values.get("days")) if request.values.get('days') else 0
|
||||||
reason = sanitize(request.values.get("reason", ""))
|
reason = sanitize(request.values.get("reason", ""))
|
||||||
message = request.values.get("reason", "")
|
message = request.values.get("reason", "").strip()
|
||||||
else:
|
else:
|
||||||
days = float(request.values.get("days")) if request.values.get('days') else 0
|
days = float(request.values.get("days")) if request.values.get('days') else 0
|
||||||
reason = sanitize(request.values.get("reason", ""))
|
reason = sanitize(request.values.get("reason", ""))
|
||||||
message = request.values.get("reason", "")
|
message = request.values.get("reason", "").strip()
|
||||||
|
|
||||||
if not user: abort(400)
|
if not user: abort(400)
|
||||||
|
|
||||||
|
|
|
@ -191,7 +191,7 @@ def award_post(pid, v):
|
||||||
|
|
||||||
if v.is_suspended and v.unban_utc == 0: return {"error": "forbidden."}, 403
|
if v.is_suspended and v.unban_utc == 0: return {"error": "forbidden."}, 403
|
||||||
|
|
||||||
kind = request.values.get("kind", "")
|
kind = request.values.get("kind", "").strip()
|
||||||
|
|
||||||
if kind not in AWARDS:
|
if kind not in AWARDS:
|
||||||
return {"error": "That award doesn't exist."}, 404
|
return {"error": "That award doesn't exist."}, 404
|
||||||
|
@ -232,7 +232,7 @@ def award_post(pid, v):
|
||||||
|
|
||||||
msg = f"@{v.username} has given your [post]({post.permalink}) the {AWARDS[kind]['title']} Award!"
|
msg = f"@{v.username} has given your [post]({post.permalink}) the {AWARDS[kind]['title']} Award!"
|
||||||
|
|
||||||
note = request.values.get("note", "")
|
note = request.values.get("note", "").strip()
|
||||||
if note:
|
if note:
|
||||||
msg += f"\n\n> {note}"
|
msg += f"\n\n> {note}"
|
||||||
|
|
||||||
|
@ -255,7 +255,7 @@ def award_comment(cid, v):
|
||||||
|
|
||||||
if v.is_suspended and v.unban_utc == 0: return {"error": "forbidden"}, 403
|
if v.is_suspended and v.unban_utc == 0: return {"error": "forbidden"}, 403
|
||||||
|
|
||||||
kind = request.values.get("kind", "")
|
kind = request.values.get("kind", "").strip()
|
||||||
|
|
||||||
if kind not in AWARDS:
|
if kind not in AWARDS:
|
||||||
return {"error": "That award doesn't exist."}, 404
|
return {"error": "That award doesn't exist."}, 404
|
||||||
|
@ -296,7 +296,7 @@ def award_comment(cid, v):
|
||||||
|
|
||||||
msg = f"@{v.username} has given your [comment]({c.permalink}) the {AWARDS[kind]['title']} Award!"
|
msg = f"@{v.username} has given your [comment]({c.permalink}) the {AWARDS[kind]['title']} Award!"
|
||||||
|
|
||||||
note = request.values.get("note", "")
|
note = request.values.get("note", "").strip()
|
||||||
if note:
|
if note:
|
||||||
msg += f"\n\n> {note}"
|
msg += f"\n\n> {note}"
|
||||||
|
|
||||||
|
|
|
@ -143,7 +143,7 @@ def api_comment(v):
|
||||||
level = parent.level + 1
|
level = parent.level + 1
|
||||||
else: abort(400)
|
else: abort(400)
|
||||||
|
|
||||||
body = request.values.get("body", "")[:10000]
|
body = request.values.get("body", "").strip()[:10000]
|
||||||
body = body.strip()
|
body = body.strip()
|
||||||
|
|
||||||
if not body and not request.files.get('file'): return {"error":"You need to actually write something!"}, 400
|
if not body and not request.files.get('file'): return {"error":"You need to actually write something!"}, 400
|
||||||
|
@ -578,7 +578,7 @@ def edit_comment(cid, v):
|
||||||
|
|
||||||
if c.is_banned or c.deleted_utc > 0: abort(403)
|
if c.is_banned or c.deleted_utc > 0: abort(403)
|
||||||
|
|
||||||
body = request.values.get("body", "")[:10000]
|
body = request.values.get("body", "").strip()[:10000]
|
||||||
for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE):
|
for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE):
|
||||||
if "wikipedia" not in i.group(1): body = body.replace(i.group(1), f'![]({i.group(1)})')
|
if "wikipedia" not in i.group(1): body = body.replace(i.group(1), f'![]({i.group(1)})')
|
||||||
body_md = CustomRenderer().render(mistletoe.Document(body))
|
body_md = CustomRenderer().render(mistletoe.Document(body))
|
||||||
|
|
|
@ -11,7 +11,7 @@ GIPHY_KEY = environ.get('GIPHY_KEY').rstrip()
|
||||||
@app.get("/giphy<path>")
|
@app.get("/giphy<path>")
|
||||||
def giphy(path=None):
|
def giphy(path=None):
|
||||||
|
|
||||||
searchTerm = request.values.get("searchTerm", "")
|
searchTerm = request.values.get("searchTerm", "").strip()
|
||||||
limit = int(request.values.get("limit", 48))
|
limit = int(request.values.get("limit", 48))
|
||||||
if searchTerm and limit:
|
if searchTerm and limit:
|
||||||
url = f"https://api.giphy.com/v1/gifs/search?q={searchTerm}&api_key={GIPHY_KEY}&limit={limit}"
|
url = f"https://api.giphy.com/v1/gifs/search?q={searchTerm}&api_key={GIPHY_KEY}&limit={limit}"
|
||||||
|
|
|
@ -12,7 +12,7 @@ valid_password_regex = re.compile("^.{8,100}$")
|
||||||
@auth_desired
|
@auth_desired
|
||||||
def login_get(v):
|
def login_get(v):
|
||||||
|
|
||||||
redir = request.values.get("redirect", "/").replace("/logged_out", "")
|
redir = request.values.get("redirect", "/").replace("/logged_out", "").strip()
|
||||||
if v:
|
if v:
|
||||||
return redirect(redir)
|
return redirect(redir)
|
||||||
|
|
||||||
|
@ -146,7 +146,7 @@ def login_post():
|
||||||
check_for_alts(account.id)
|
check_for_alts(account.id)
|
||||||
|
|
||||||
|
|
||||||
redir = request.values.get("redirect", "/").replace("/logged_out", "")
|
redir = request.values.get("redirect", "/").replace("/logged_out", "").strip()
|
||||||
|
|
||||||
g.db.commit()
|
g.db.commit()
|
||||||
|
|
||||||
|
@ -205,7 +205,7 @@ def sign_up_get(v):
|
||||||
digestmod='md5'
|
digestmod='md5'
|
||||||
).hexdigest()
|
).hexdigest()
|
||||||
|
|
||||||
redir = request.values.get("redirect", "/").replace("/logged_out", "")
|
redir = request.values.get("redirect", "/").replace("/logged_out", "").strip()
|
||||||
|
|
||||||
error = request.values.get("error", None)
|
error = request.values.get("error", None)
|
||||||
|
|
||||||
|
|
|
@ -198,8 +198,8 @@ def edit_post(pid, v):
|
||||||
|
|
||||||
if not p.author_id == v.id: abort(403)
|
if not p.author_id == v.id: abort(403)
|
||||||
|
|
||||||
title = request.values.get("title")
|
title = request.values.get("title", "").strip()
|
||||||
body = request.values.get("body", "")
|
body = request.values.get("body", "").strip()
|
||||||
|
|
||||||
if title != p.title:
|
if title != p.title:
|
||||||
p.title = title
|
p.title = title
|
||||||
|
@ -497,8 +497,8 @@ def thumbnail_thread(pid):
|
||||||
def submit_post(v):
|
def submit_post(v):
|
||||||
if request.content_length > 4 * 1024 * 1024: return "Max file size is 4 MB.", 413
|
if request.content_length > 4 * 1024 * 1024: return "Max file size is 4 MB.", 413
|
||||||
|
|
||||||
title = request.values.get("title", "")
|
title = request.values.get("title", "").strip()
|
||||||
url = request.values.get("url", "")
|
url = request.values.get("url", "").strip()
|
||||||
|
|
||||||
if url:
|
if url:
|
||||||
if "/i.imgur.com/" in url: url = url.replace(".png", ".webp").replace(".jpg", ".webp").replace(".jpeg", ".webp")
|
if "/i.imgur.com/" in url: url = url.replace(".png", ".webp").replace(".jpg", ".webp").replace(".jpeg", ".webp")
|
||||||
|
@ -572,7 +572,7 @@ def submit_post(v):
|
||||||
if request.headers.get("Authorization"): return {"error": "500 character limit for titles"}, 400
|
if request.headers.get("Authorization"): return {"error": "500 character limit for titles"}, 400
|
||||||
else: render_template("submit.html", v=v, error="500 character limit for titles.", title=title[:500], url=url, body=request.values.get("body", "")), 400
|
else: render_template("submit.html", v=v, error="500 character limit for titles.", title=title[:500], url=url, body=request.values.get("body", "")), 400
|
||||||
|
|
||||||
body = request.values.get("body", "")
|
body = request.values.get("body", "").strip()
|
||||||
dup = g.db.query(Submission).options(lazyload('*')).filter(
|
dup = g.db.query(Submission).options(lazyload('*')).filter(
|
||||||
Submission.author_id == v.id,
|
Submission.author_id == v.id,
|
||||||
Submission.deleted_utc == 0,
|
Submission.deleted_utc == 0,
|
||||||
|
|
|
@ -482,7 +482,7 @@ def settings_security_post(v):
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def settings_log_out_others(v):
|
def settings_log_out_others(v):
|
||||||
|
|
||||||
submitted_password = request.values.get("password", "")
|
submitted_password = request.values.get("password", "").strip()
|
||||||
|
|
||||||
if not v.verifyPass(submitted_password): return render_template("settings_security.html", v=v, error="Incorrect Password"), 401
|
if not v.verifyPass(submitted_password): return render_template("settings_security.html", v=v, error="Incorrect Password"), 401
|
||||||
|
|
||||||
|
@ -594,7 +594,7 @@ def settings_css_get(v):
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
def settings_css(v):
|
def settings_css(v):
|
||||||
css = request.values.get("css").strip().replace('\\', '')[:4000]
|
css = request.values.get("css").strip().replace('\\', '').strip()[:4000]
|
||||||
|
|
||||||
if not v.agendaposter:
|
if not v.agendaposter:
|
||||||
v.css = css
|
v.css = css
|
||||||
|
@ -617,7 +617,7 @@ def settings_profilecss_get(v):
|
||||||
@auth_required
|
@auth_required
|
||||||
def settings_profilecss(v):
|
def settings_profilecss(v):
|
||||||
if v.coins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a patron to set profile css."
|
if v.coins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a patron to set profile css."
|
||||||
profilecss = request.values.get("profilecss").strip().replace('\\', '')[:4000]
|
profilecss = request.values.get("profilecss").strip().replace('\\', '').strip()[:4000]
|
||||||
v.profilecss = profilecss
|
v.profilecss = profilecss
|
||||||
g.db.add(v)
|
g.db.add(v)
|
||||||
g.db.commit()
|
g.db.commit()
|
||||||
|
|
|
@ -126,7 +126,7 @@ def transfer_coins(v, username):
|
||||||
if receiver is None: return {"error": "That user doesn't exist."}, 404
|
if receiver is None: return {"error": "That user doesn't exist."}, 404
|
||||||
|
|
||||||
if receiver.id != v.id:
|
if receiver.id != v.id:
|
||||||
amount = request.values.get("amount", "")
|
amount = request.values.get("amount", "").strip()
|
||||||
amount = int(amount) if amount.isdigit() else None
|
amount = int(amount) if amount.isdigit() else None
|
||||||
|
|
||||||
if amount is None or amount <= 0: return {"error": f"Invalid amount of {app.config['COINS_NAME']}."}, 400
|
if amount is None or amount <= 0: return {"error": f"Invalid amount of {app.config['COINS_NAME']}."}, 400
|
||||||
|
@ -232,7 +232,7 @@ def message2(v, username):
|
||||||
if v.admin_level <= 1:
|
if v.admin_level <= 1:
|
||||||
if hasattr(user, 'is_blocked') and user.is_blocked: return {"error": "This user is blocking you."}, 403
|
if hasattr(user, 'is_blocked') and user.is_blocked: return {"error": "This user is blocking you."}, 403
|
||||||
|
|
||||||
message = request.values.get("message", "")[:1000].strip()
|
message = request.values.get("message", "").strip()[:1000].strip()
|
||||||
|
|
||||||
existing = g.db.query(Comment).options(lazyload('*')).filter(Comment.author_id == v.id,
|
existing = g.db.query(Comment).options(lazyload('*')).filter(Comment.author_id == v.id,
|
||||||
Comment.sentto == user.id,
|
Comment.sentto == user.id,
|
||||||
|
@ -289,7 +289,7 @@ def message2(v, username):
|
||||||
@auth_required
|
@auth_required
|
||||||
def messagereply(v):
|
def messagereply(v):
|
||||||
|
|
||||||
message = request.values.get("body", "")[:1000].strip()
|
message = request.values.get("body", "").strip()[:1000].strip()
|
||||||
id = int(request.values.get("parent_id"))
|
id = int(request.values.get("parent_id"))
|
||||||
parent = get_comment(id, v=v)
|
parent = get_comment(id, v=v)
|
||||||
user = parent.author
|
user = parent.author
|
||||||
|
|
Loading…
Reference in New Issue