diff --git a/files/helpers/const.py b/files/helpers/const.py index 586c8897a..2a69ecbfa 100644 --- a/files/helpers/const.py +++ b/files/helpers/const.py @@ -677,8 +677,6 @@ marsey_regex = re.compile("[a-z0-9]{1,30}", flags=re.A) tags_regex = re.compile("[a-z0-9: ]{1,200}", flags=re.A) -image_regex = regex.compile("(?<=^|\s)(https:\/\/[\w\-.#&/=\?@%;+]{5,250}(\.png|\.jpg|\.jpeg|\.gif|\.webp|maxwidth=9999|fidelity=high))(?=$|\s)", flags=regex.I|regex.A) - valid_sub_regex = re.compile("^[a-zA-Z0-9_\-]{3,20}$", flags=re.A) query_regex = re.compile("(\w+):(\S+)", flags=re.A) @@ -715,16 +713,16 @@ email_regex = re.compile('([A-Za-z0-9]+[.-_])*[A-Za-z0-9]+@[A-Za-z0-9-]+(\.[A-Z| utm_regex = re.compile('utm_[a-z]+=[a-z0-9_]+&', flags=re.A) utm_regex2 = re.compile('[?&]utm_[a-z]+=[a-z0-9_]+', flags=re.A) -slur_regex = regex.compile(f"(?[^<]*)({single_words.upper()})", flags=re.I|re.A) +slur_regex_upper = re.compile(f"(

[^<]*)({single_words.upper()})", flags=re.A) torture_regex = re.compile('(^|\s)(i|me) ', flags=re.I|re.A) torture_regex2 = re.compile("(^|\s)i'm ", flags=re.I|re.A) def sub_matcher(match): - return SLURS[match.group(0).lower()] + return match.group(1) + SLURS[match.group(2).lower()] def sub_matcher_upper(match): - return SLURS[match.group(0).lower()].upper() + return match.group(1) + SLURS[match.group(2).lower()].upper() def censor_slurs(body, logged_user): if not logged_user or logged_user == 'chat' or logged_user.slurreplacer: @@ -814,4 +812,6 @@ youtube_regex = re.compile('(

[^<]*)(https:\/\/youtube\.com\/watch\?v\=([a-z0- yt_id_regex = re.compile('[a-z0-9-_]{5,20}', flags=re.I|re.A) +image_regex = re.compile("(^|\s)(https:\/\/[\w\-.#&/=\?@%;+]{5,250}(\.png|\.jpg|\.jpeg|\.gif|\.webp|maxwidth=9999|fidelity=high))($|\s)", flags=re.I|re.A) + procoins_li = (0,2500,5000,10000,25000,50000,125000,250000) \ No newline at end of file diff --git a/files/routes/awards.py b/files/routes/awards.py index 9e39814e8..449f850ee 100644 --- a/files/routes/awards.py +++ b/files/routes/awards.py @@ -613,6 +613,8 @@ def admin_userawards_post(v): try: u = request.values.get("username").strip() except: abort(404) + whitelist = ("shit", "fireflies", "train", "scooter", "wholesome", "tilt", "glowie") + u = get_user(u, graceful=False, v=v) notify_awards = {} @@ -620,6 +622,8 @@ def admin_userawards_post(v): for key, value in request.values.items(): if key not in AWARDS: continue + if v.admin_level < 3 and key not in whitelist: continue + if value: if int(value) > 10: abort(403) diff --git a/files/routes/comments.py b/files/routes/comments.py index 94e4d5427..917b25211 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -206,7 +206,7 @@ def api_comment(v): if not body and not request.files.get('file'): return {"error":"You need to actually write something!"}, 400 - body = image_regex.sub(r'![](\1)', body) + body = image_regex.sub(r'\1![](\2)\3', body) options = [] for i in poll_regex.finditer(body): @@ -696,7 +696,7 @@ def edit_comment(cid, v): elif v.bird and len(body) > 140: return {"error":"You have to type less than 140 characters!"}, 403 - body = image_regex.sub(r'![](\1)', body) + body = image_regex.sub(r'\1![](\2)\3', body) if v.agendaposter and not v.marseyawarded: body = torture_ap(body, v.username) diff --git a/files/routes/posts.py b/files/routes/posts.py index 880882aed..921e6f37c 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -476,7 +476,7 @@ def edit_post(pid, v): else: return {"error": "Image/Video files only"}, 400 if body != p.body: - body = image_regex.sub(r'![](\1)', body) + body = image_regex.sub(r'\1![](\2)\3', body) if v.id == p.author_id and v.agendaposter and not v.marseyawarded: body = torture_ap(body, v.username) @@ -1056,7 +1056,7 @@ def submit_post(v, sub=None): if len(url) > 2048: return error("There's a 2048 character limit for URLs.") - body = image_regex.sub(r'![](\1)', body) + body = image_regex.sub(r'\1![](\2)\3', body) if v and v.admin_level > 2: bet_options = [] diff --git a/files/routes/settings.py b/files/routes/settings.py index e24b5db52..781c7e6c5 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -137,7 +137,7 @@ def settings_profile_post(v): elif (v.patron or v.id == MOOSE_ID) and request.values.get("sig"): sig = request.values.get("sig")[:200] - sig = image_regex.sub(r'![](\1)', sig) + sig = image_regex.sub(r'\1![](\2)\3', sig) sig_html = sanitize(sig) @@ -160,7 +160,7 @@ def settings_profile_post(v): elif request.values.get("friends"): friends = request.values.get("friends")[:500] - friends = image_regex.sub(r'![](\1)', friends) + friends = image_regex.sub(r'\1![](\2)\3', friends) friends_html = sanitize(friends) @@ -189,7 +189,7 @@ def settings_profile_post(v): elif request.values.get("enemies"): enemies = request.values.get("enemies")[:500] - enemies = image_regex.sub(r'![](\1)', enemies) + enemies = image_regex.sub(r'\1![](\2)\3', enemies) enemies_html = sanitize(enemies) @@ -218,7 +218,7 @@ def settings_profile_post(v): elif request.values.get("bio") or request.files.get('file') and request.headers.get("cf-ipcountry") != "T1": bio = request.values.get("bio")[:1500] - bio = image_regex.sub(r'![](\1)', bio) + bio = image_regex.sub(r'\1![](\2)\3', bio) if request.files.get('file'): file = request.files['file'] diff --git a/requirements.txt b/requirements.txt index 4932922d8..72acaa12c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -18,7 +18,6 @@ psutil pyotp qrcode redis -regex requests SQLAlchemy psycopg2-binary