From b617163a1c15b0d5575b34a720e772c3b69caeec Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Mon, 17 Jan 2022 13:06:12 +0200 Subject: [PATCH] vvv --- files/routes/admin.py | 5 +---- files/routes/awards.py | 6 ++++-- files/routes/comments.py | 3 ++- files/routes/errors.py | 15 ++++++++------- files/routes/front.py | 10 +++------- files/routes/login.py | 20 ++++++++++++-------- files/routes/posts.py | 11 ++++++----- files/routes/search.py | 2 +- files/routes/users.py | 12 +++++++----- 9 files changed, 44 insertions(+), 40 deletions(-) diff --git a/files/routes/admin.py b/files/routes/admin.py index e0b2ef440..65f8167cc 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -500,14 +500,11 @@ def users_list(v): @admin_level_required(2) def alt_votes_get(v): - if not request.values.get("u1") or not request.values.get("u2"): - return render_template("admin/alt_votes.html", v=v) - u1 = request.values.get("u1") u2 = request.values.get("u2") if not u1 or not u2: - return redirect("/admin/alt_votes") + return render_template("admin/alt_votes.html", v=v) u1 = get_user(u1) u2 = get_user(u2) diff --git a/files/routes/awards.py b/files/routes/awards.py index 5abef536b..f99c9a341 100644 --- a/files/routes/awards.py +++ b/files/routes/awards.py @@ -356,7 +356,8 @@ def award_post(pid, v): g.db.add(post.author) g.db.commit() - if request.referrer and len(request.referrer) > 1: return redirect(request.referrer) + if request.referrer and len(request.referrer) > 1 and (request.referrer.startswith('/') or request.referrer.startswith(request.host_url)): + return redirect(request.referrer) else: return redirect("/") @@ -540,7 +541,8 @@ def award_comment(cid, v): g.db.add(c.author) g.db.commit() - if request.referrer and len(request.referrer) > 1: return redirect(request.referrer) + if request.referrer and len(request.referrer) > 1 and (request.referrer.startswith('/') or request.referrer.startswith(request.host_url)): + return redirect(request.referrer) else: return redirect("/") @app.get("/admin/awards") diff --git a/files/routes/comments.py b/files/routes/comments.py index 166c4ef3d..e4bbbf80b 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -467,7 +467,8 @@ def api_comment(v): if parent.author.id != v.id: if len(c.body) > 500: notifbody = c.body[:500] + '...' - else: notifbody = c.body + elif c.body: notifbody = c.body + else: notifbody = '' beams_client.publish_to_interests( interests=[f'{request.host}{parent.author.id}'], diff --git a/files/routes/errors.py b/files/routes/errors.py index 31a33760f..9c36a9a40 100644 --- a/files/routes/errors.py +++ b/files/routes/errors.py @@ -13,13 +13,12 @@ def error_400(e): @app.errorhandler(401) def error_401(e): - path = request.path - qs = urlencode(dict(request.values)) - argval = quote(f"{path}?{qs}", safe='') - output = f"/login?redirect={argval}" - if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "401 Not Authorized"}, 401 - else: return redirect(output) + else: + path = request.path + qs = urlencode(dict(request.values)) + argval = quote(f"{path}?{qs}", safe='') + return redirect(f"/login?redirect={argval}") @app.errorhandler(403) @@ -61,4 +60,6 @@ def error_500(e): @app.post("/allow_nsfw") def allow_nsfw(): session["over_18"] = int(time.time()) + 3600 - return redirect(request.values.get("redir", "/")) \ No newline at end of file + redir = request.values.get("redir") + if redir and redir.startswith(request.host_url) or redir.startswith('/'): return redirect(redir) + return redirect('/') \ No newline at end of file diff --git a/files/routes/front.py b/files/routes/front.py index de7a471be..a8f3cc035 100644 --- a/files/routes/front.py +++ b/files/routes/front.py @@ -6,11 +6,6 @@ from files.classes.submission import Submission defaulttimefilter = environ.get("DEFAULT_TIME_FILTER", "all").strip() SITE_NAME = environ.get("SITE_NAME", "").strip() -@app.get("/post/") -@auth_required -def slash_post(v): - return redirect("/") - @app.post("/clear") @auth_required def clear(v): @@ -123,7 +118,8 @@ def notifications(v): @auth_desired def front_all(v): - if not v and request.path == "/" and not request.headers.get("Authorization"): return redirect(f"/logged_out{request.full_path}") + if not v and request.path == "/" and not request.headers.get("Authorization"): + return redirect(f"/logged_out{request.full_path}") if v and request.path.startswith('/logged_out'): v = None @@ -436,7 +432,7 @@ def comment_idlist(page=1, v=None, nsfw=False, sort="new", t="all"): elif sort == "controversial": comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes) elif sort == "top": - comments = comments.order_by(Comment.realupvotes.desc()) + comments = comments.order_by(Comment.downvotes - Comment.upvotes) elif sort == "bottom": comments = comments.order_by(Comment.upvotes - Comment.downvotes) diff --git a/files/routes/login.py b/files/routes/login.py index 0a44b9c61..bdeb5b44e 100644 --- a/files/routes/login.py +++ b/files/routes/login.py @@ -12,13 +12,14 @@ valid_password_regex = re.compile("^.{8,100}$") @auth_desired def login_get(v): - redir = request.values.get("redirect", "/").replace("/logged_out", "").strip() - if v: - return redirect(redir) + redir = request.values.get("redirect") + if redir: + redir = replace("/logged_out", "").strip() + if not redir.startswith(request.host_url) and not redir.startswith('/'): redir = None - return render_template("login.html", - failed=False, - redirect=redir) + if v and redir: return redirect(redir) + + return render_template("login.html", failed=False, redirect=redir) def check_for_alts(current_id): @@ -137,10 +138,13 @@ def login_post(): if account.id != PW_ID: check_for_alts(account.id) - redir = request.values.get("redirect", "/").replace("/logged_out", "").strip() - g.db.commit() + redir = request.values.get("redirect") + if redir: + redir = replace("/logged_out", "").strip() + if not redir.startswith(request.host_url) and not redir.startswith('/'): redir = '/' + return redirect(redir) diff --git a/files/routes/posts.py b/files/routes/posts.py index 3618feda7..8f4277781 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -96,7 +96,8 @@ def submit_get(v): @app.get("/logged_out/post//") @auth_desired def post_id(pid, anything=None, v=None): - if not v and not request.path.startswith('/logged_out') and not request.headers.get("Authorization"): return redirect(f"/logged_out{request.full_path}") + if not v and not request.path.startswith('/logged_out') and not request.headers.get("Authorization"): + return redirect(f"/logged_out{request.full_path}") if v and request.path.startswith('/logged_out'): v = None @@ -169,7 +170,7 @@ def post_id(pid, anything=None, v=None): elif sort == "controversial": comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes) elif sort == "top": - comments = comments.order_by(-Comment.upvotes - Comment.downvotes) + comments = comments.order_by(Comment.realupvotes.desc()) elif sort == "bottom": comments = comments.order_by(Comment.upvotes - Comment.downvotes) @@ -186,7 +187,7 @@ def post_id(pid, anything=None, v=None): elif sort == "controversial": comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes) elif sort == "top": - comments = comments.order_by(-Comment.upvotes - Comment.downvotes) + comments = comments.order_by(Comment.realupvotes.desc()) elif sort == "bottom": comments = comments.order_by(Comment.upvotes - Comment.downvotes) @@ -288,7 +289,7 @@ def viewmore(v, pid, sort, offset): elif sort == "controversial": comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes) elif sort == "top": - comments = comments.order_by(-Comment.upvotes - Comment.downvotes) + comments = comments.order_by(Comment.realupvotes.desc()) elif sort == "bottom": comments = comments.order_by(Comment.upvotes - Comment.downvotes) @@ -305,7 +306,7 @@ def viewmore(v, pid, sort, offset): elif sort == "controversial": comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes) elif sort == "top": - comments = comments.order_by(-Comment.upvotes - Comment.downvotes) + comments = comments.order_by(Comment.realupvotes.desc()) elif sort == "bottom": comments = comments.order_by(Comment.upvotes - Comment.downvotes) diff --git a/files/routes/search.py b/files/routes/search.py index cc80f82f0..f23843f74 100644 --- a/files/routes/search.py +++ b/files/routes/search.py @@ -255,7 +255,7 @@ def searchcomments(v): elif sort == "controversial": comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes) elif sort == "top": - comments = comments.order_by(Comment.realupvotes.desc()) + comments = comments.order_by(Comment.downvotes - Comment.upvotes) elif sort == "bottom": comments = comments.order_by(Comment.upvotes - Comment.downvotes) diff --git a/files/routes/users.py b/files/routes/users.py index cb423d2fa..b5f389586 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -435,8 +435,9 @@ def message2(v, username): g.db.add(notif) if len(message) > 500: notifbody = message[:500] + '...' - else: notifbody = message - + elif message: notifbody = message + else: notifbody = '' + beams_client.publish_to_interests( interests=[f'{request.host}{user.id}'], publish_body={ @@ -502,7 +503,8 @@ def messagereply(v): g.db.add(notif) if len(message) > 500: notifbody = message[:500] + '...' - else: notifbody = message + elif message: notifbody = message + else: notifbody = '' beams_client.publish_to_interests( interests=[f'{request.host}{user_id}'], @@ -628,7 +630,7 @@ def u_username(username, v=None): if username != u.username: - return redirect(request.path.replace(username, u.username)) + return redirect(request.full_path.replace(username, u.username)) if u.reserved: if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": f"That username is reserved for: {u.reserved}"} @@ -796,7 +798,7 @@ def u_username_comments(username, v=None): elif sort == "controversial": comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes) elif sort == "top": - comments = comments.order_by(Comment.realupvotes.desc()) + comments = comments.order_by(Comment.downvotes - Comment.upvotes) elif sort == "bottom": comments = comments.order_by(Comment.upvotes - Comment.downvotes)