MarseyWorld
/
MarseyWorld
10
10
Fork 0
Code Issues 2 Pull Requests Packages Releases Wiki Activity

sfd

remotes/1693045480750635534/spooky-22
Aevann1 2022-05-01 23:48:53 +02:00
parent bc2a20cd4b
commit a4b0565b5a
7 changed files with 7 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
files/helpers/wrappers.py
View File

@ -35,6 +35,10 @@ def get_logged_in_user():
if request.method.lower() != "get" and app.config['SETTINGS']['Read-only mode'] and not (v and v.admin_level): if request.method.lower() != "get" and app.config['SETTINGS']['Read-only mode'] and not (v and v.admin_level):
abort(403) abort(403)
if v and v.patron:
if request.content_length > 16 * 1024 * 1024: abort(413)
elif request.content_length > 8 * 1024 * 1024: abort(413)
return v return v
def check_ban_evade(v): def check_ban_evade(v):

10
files/routes/comments.py
View File

@ -164,11 +164,6 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
def api_comment(v): def api_comment(v):
if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403 if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403
if v.admin_level < 3:
if v and v.patron:
if request.content_length > 16 * 1024 * 1024: return {"error":"Max file size is 8 MB (16 MB for paypigs)."}, 413
elif request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB (16 MB for paypigs)."}, 413
parent_submission = request.values.get("submission").strip() parent_submission = request.values.get("submission").strip()
parent_fullname = request.values.get("parent_fullname").strip() parent_fullname = request.values.get("parent_fullname").strip()
@ -675,11 +670,6 @@ def api_comment(v):
@auth_required @auth_required
def edit_comment(cid, v): def edit_comment(cid, v):
if v.admin_level < 3:
if v and v.patron:
if request.content_length > 16 * 1024 * 1024: return {"error":"Max file size is 8 MB (16 MB for paypigs)."}, 413
elif request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB (16 MB for paypigs)."}, 413
c = get_comment(cid, v=v) c = get_comment(cid, v=v)
if c.author_id != v.id: abort(403) if c.author_id != v.id: abort(403)

2
files/routes/errors.py
View File

@ -49,7 +49,7 @@ def error_405(e):
def error_413(e): def error_413(e):
return {"error": "Max file size is 8 MB (16 MB for paypigs)"}, 413 return {"error": "Max file size is 8 MB (16 MB for paypigs)"}, 413
if request.headers.get("Authorization") or request.headers.get("xhr"): if request.headers.get("Authorization") or request.headers.get("xhr"):
return {"error": "Max image size is 8 MB (16 MB for paypigs)"}, 413 return {"error": "Max file size is 8 MB (16 MB for paypigs)"}, 413
else: return render_template('errors/413.html', err=True), 413 else: return render_template('errors/413.html', err=True), 413
@app.errorhandler(429) @app.errorhandler(429)

10
files/routes/posts.py
View File

@ -421,11 +421,6 @@ def morecomments(v, cid):
@limiter.limit("1/second;30/minute;200/hour;1000/day") @limiter.limit("1/second;30/minute;200/hour;1000/day")
@auth_required @auth_required
def edit_post(pid, v): def edit_post(pid, v):
if v.admin_level < 3:
if v and v.patron:
if request.content_length > 16 * 1024 * 1024: return {"error":"Max file size is 8 MB (16 MB for paypigs)."}, 413
elif request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB (16 MB for paypigs)."}, 413
p = get_post(pid) p = get_post(pid)
if p.author_id != v.id and not (v.admin_level > 1 and v.admin_level > 2): abort(403) if p.author_id != v.id and not (v.admin_level > 1 and v.admin_level > 2): abort(403)
@ -890,11 +885,6 @@ def submit_post(v, sub=None):
if v.is_suspended: return error("You can't perform this action while banned.") if v.is_suspended: return error("You can't perform this action while banned.")
if v.admin_level < 3:
if v and v.patron:
if request.content_length > 16 * 1024 * 1024: return error( "Max file size is 8 MB (16 MB for paypigs).")
elif request.content_length > 8 * 1024 * 1024: return error( "Max file size is 8 MB (16 MB for paypigs).")
if v.agendaposter and not v.marseyawarded: title = torture_ap(title, v.username) if v.agendaposter and not v.marseyawarded: title = torture_ap(title, v.username)
title_html = filter_emojis_only(title, graceful=True) title_html = filter_emojis_only(title, graceful=True)

13
files/routes/settings.py
View File

@ -40,11 +40,6 @@ def removebackground(v):
@limiter.limit("1/second;30/minute;200/hour;1000/day") @limiter.limit("1/second;30/minute;200/hour;1000/day")
@auth_required @auth_required
def settings_profile_post(v): def settings_profile_post(v):
if v and v.patron:
if request.content_length > 16 * 1024 * 1024: return {"error":"Max file size is 8 MB (16 MB for paypigs)."}, 413
elif request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB (16 MB for paypigs)."}, 413
updated = False updated = False
if request.values.get("background", v.background) != v.background: if request.values.get("background", v.background) != v.background:
@ -544,10 +539,6 @@ def settings_log_out_others(v):
@limiter.limit("1/second;30/minute;200/hour;1000/day") @limiter.limit("1/second;30/minute;200/hour;1000/day")
@auth_required @auth_required
def settings_images_profile(v): def settings_images_profile(v):
if v and v.patron:
if request.content_length > 16 * 1024 * 1024: return {"error":"Max file size is 8 MB (16 MB for paypigs)."}, 413
elif request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB (16 MB for paypigs)."}, 413
if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403 if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403
file = request.files["profile"] file = request.files["profile"]
@ -583,10 +574,6 @@ def settings_images_profile(v):
@limiter.limit("1/second;30/minute;200/hour;1000/day") @limiter.limit("1/second;30/minute;200/hour;1000/day")
@auth_required @auth_required
def settings_images_banner(v): def settings_images_banner(v):
if v and v.patron:
if request.content_length > 16 * 1024 * 1024: return {"error":"Max file size is 8 MB (16 MB for paypigs)."}, 413
elif request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB (16 MB for paypigs)."}, 413
if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403 if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403
file = request.files["banner"] file = request.files["banner"]

8
files/routes/subs.py
View File

@ -354,10 +354,6 @@ def get_sub_css(sub):
@limiter.limit("1/second;10/day") @limiter.limit("1/second;10/day")
@is_not_permabanned @is_not_permabanned
def sub_banner(v, sub): def sub_banner(v, sub):
if v and v.patron:
if request.content_length > 16 * 1024 * 1024: return {"error":"Max file size is 8 MB (16 MB for paypigs)."}, 413
elif request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB (16 MB for paypigs)."}, 413
if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403 if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403
sub = g.db.query(Sub).filter_by(name=sub.lower().strip()).one_or_none() sub = g.db.query(Sub).filter_by(name=sub.lower().strip()).one_or_none()
@ -385,10 +381,6 @@ def sub_banner(v, sub):
@limiter.limit("1/second;10/day") @limiter.limit("1/second;10/day")
@is_not_permabanned @is_not_permabanned
def sub_sidebar(v, sub): def sub_sidebar(v, sub):
if v and v.patron:
if request.content_length > 16 * 1024 * 1024: return {"error":"Max file size is 8 MB (16 MB for paypigs)."}, 413
elif request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB (16 MB for paypigs)."}, 413
if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403 if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403
sub = g.db.query(Sub).filter_by(name=sub.lower().strip()).one_or_none() sub = g.db.query(Sub).filter_by(name=sub.lower().strip()).one_or_none()

4
files/templates/errors/413.html
View File

@ -1,7 +1,7 @@
{% extends "default.html" %} {% extends "default.html" %}
{% block title %} {% block title %}
<title>Max image size is 8 MB (16 MB for paypigs)</title> <title>Max file size is 8 MB (16 MB for paypigs)</title>
{% endblock %} {% endblock %}
{% block pagetype %}error-413{% endblock %} {% block pagetype %}error-413{% endblock %}
@ -12,7 +12,7 @@
<div class="text-center px-3 my-8"> <div class="text-center px-3 my-8">
<img alt=":#marseyretard:" loading="lazy" src="/e/marseyretard.webp"> <img alt=":#marseyretard:" loading="lazy" src="/e/marseyretard.webp">
<pre></pre> <pre></pre>
<h1 class="h5">Max image size is 8 MB (16 MB for paypigs)</h1> <h1 class="h5">Max file size is 8 MB (16 MB for paypigs)</h1>
<div><a href="/" class="btn btn-primary">Go to frontpage</a></div> <div><a href="/" class="btn btn-primary">Go to frontpage</a></div>
</div> </div>
</div> </div>