fsdfds

2022-04-22 15:23:56 +02:00 · 2022-04-22 15:23:56 +02:00 · ac4da7516d
parent c6252e30e0
commit ac4da7516d
6 changed files with 18 additions and 15 deletions
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
@ -677,8 +677,6 @@ marsey_regex = re.compile("[a-z0-9]{1,30}", flags=re.A)

 tags_regex = re.compile("[a-z0-9: ]{1,200}", flags=re.A)

-image_regex = regex.compile("(?<=^|\s)(https:\/\/[\w\-.#&/=\?@%;+]{5,250}(\.png|\.jpg|\.jpeg|\.gif|\.webp|maxwidth=9999|fidelity=high))(?=$|\s)", flags=regex.I|regex.A)
-
 valid_sub_regex = re.compile("^[a-zA-Z0-9_\-]{3,20}$", flags=re.A)

 query_regex = re.compile("(\w+):(\S+)", flags=re.A)
@ -715,16 +713,16 @@ email_regex = re.compile('([A-Za-z0-9]+[.-_])*[A-Za-z0-9]+@[A-Za-z0-9-]+(\.[A-Z|
 utm_regex = re.compile('utm_[a-z]+=[a-z0-9_]+&', flags=re.A)
 utm_regex2 = re.compile('[?&]utm_[a-z]+=[a-z0-9_]+', flags=re.A)

-slur_regex = regex.compile(f"(?<!<(a|img|source) [^<]*)({single_words})", flags=regex.I|regex.A)
-slur_regex_upper = regex.compile(f"(?<!<(a|img|source) [^<]*)({single_words.upper()})", flags=regex.A)
+slur_regex = re.compile(f"(<p>[^<]*)({single_words.upper()})", flags=re.I|re.A)
+slur_regex_upper = re.compile(f"(<p>[^<]*)({single_words.upper()})", flags=re.A)
 torture_regex = re.compile('(^|\s)(i|me) ', flags=re.I|re.A)
 torture_regex2 = re.compile("(^|\s)i'm ", flags=re.I|re.A)

 def sub_matcher(match):
-	return SLURS[match.group(0).lower()]
+	return match.group(1) + SLURS[match.group(2).lower()]

 def sub_matcher_upper(match):
-	return SLURS[match.group(0).lower()].upper()
+	return match.group(1) + SLURS[match.group(2).lower()].upper()

 def censor_slurs(body, logged_user):
 	if not logged_user or logged_user == 'chat' or logged_user.slurreplacer:
@ -814,4 +812,6 @@ youtube_regex = re.compile('(<p>[^<]*)(https:\/\/youtube\.com\/watch\?v\=([a-z0-

 yt_id_regex = re.compile('[a-z0-9-_]{5,20}', flags=re.I|re.A)

+image_regex = re.compile("(^|\s)(https:\/\/[\w\-.#&/=\?@%;+]{5,250}(\.png|\.jpg|\.jpeg|\.gif|\.webp|maxwidth=9999|fidelity=high))($|\s)", flags=re.I|re.A)
+
 procoins_li = (0,2500,5000,10000,25000,50000,125000,250000)
--- a/files/routes/awards.py
+++ b/files/routes/awards.py
@ -613,6 +613,8 @@ def admin_userawards_post(v):
 	try: u = request.values.get("username").strip()
 	except: abort(404)

+	whitelist = ("shit", "fireflies", "train", "scooter", "wholesome", "tilt", "glowie")
+
 	u = get_user(u, graceful=False, v=v)

 	notify_awards = {}
@ -620,6 +622,8 @@ def admin_userawards_post(v):
 	for key, value in request.values.items():
 		if key not in AWARDS: continue

+		if v.admin_level < 3 and key not in whitelist: continue
+
 		if value:
 			
 			if int(value) > 10: abort(403)
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@ -206,7 +206,7 @@ def api_comment(v):

 	if not body and not request.files.get('file'): return {"error":"You need to actually write something!"}, 400
 	
-	body = image_regex.sub(r'![](\1)', body)
+	body = image_regex.sub(r'\1![](\2)\3', body)

 	options = []
 	for i in poll_regex.finditer(body):
@ -696,7 +696,7 @@ def edit_comment(cid, v):
 		elif v.bird and len(body) > 140:
 			return {"error":"You have to type less than 140 characters!"}, 403

-		body = image_regex.sub(r'![](\1)', body)
+		body = image_regex.sub(r'\1![](\2)\3', body)

 		if v.agendaposter and not v.marseyawarded:
 			body = torture_ap(body, v.username)
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@ -476,7 +476,7 @@ def edit_post(pid, v):
 			else: return {"error": "Image/Video files only"}, 400

 	if body != p.body:
-		body = image_regex.sub(r'![](\1)', body)
+		body = image_regex.sub(r'\1![](\2)\3', body)

 		if v.id == p.author_id and v.agendaposter and not v.marseyawarded: body = torture_ap(body, v.username)

@ -1056,7 +1056,7 @@ def submit_post(v, sub=None):
 	if len(url) > 2048:
 		return error("There's a 2048 character limit for URLs.")

-	body = image_regex.sub(r'![](\1)', body)
+	body = image_regex.sub(r'\1![](\2)\3', body)

 	if v and v.admin_level > 2:
 		bet_options = []
--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@ -137,7 +137,7 @@ def settings_profile_post(v):
 	elif (v.patron or v.id == MOOSE_ID) and request.values.get("sig"):
 		sig = request.values.get("sig")[:200]

-		sig = image_regex.sub(r'![](\1)', sig)
+		sig = image_regex.sub(r'\1![](\2)\3', sig)

 		sig_html = sanitize(sig)

@ -160,7 +160,7 @@ def settings_profile_post(v):
 	elif request.values.get("friends"):
 		friends = request.values.get("friends")[:500]

-		friends = image_regex.sub(r'![](\1)', friends)
+		friends = image_regex.sub(r'\1![](\2)\3', friends)

 		friends_html = sanitize(friends)

@ -189,7 +189,7 @@ def settings_profile_post(v):
 	elif request.values.get("enemies"):
 		enemies = request.values.get("enemies")[:500]

-		enemies = image_regex.sub(r'![](\1)', enemies)
+		enemies = image_regex.sub(r'\1![](\2)\3', enemies)

 		enemies_html = sanitize(enemies)

@ -218,7 +218,7 @@ def settings_profile_post(v):
 	elif request.values.get("bio") or request.files.get('file') and request.headers.get("cf-ipcountry") != "T1":
 		bio = request.values.get("bio")[:1500]

-		bio = image_regex.sub(r'![](\1)', bio)
+		bio = image_regex.sub(r'\1![](\2)\3', bio)

 		if request.files.get('file'):
 			file = request.files['file']
--- a/requirements.txt
+++ b/requirements.txt
@ -18,7 +18,6 @@ psutil
 pyotp
 qrcode
 redis
-regex
 requests
 SQLAlchemy
 psycopg2-binary