Merge branch 'frost' of https://github.com/Aevann1/Drama into frost
commit
bb515cb0e8
|
@ -781,6 +781,7 @@ slur_regex = re.compile(f"({single_words})(?![^<]*>)", flags=re.I|re.A)
|
|||
slur_regex_upper = re.compile(f"({single_words.upper()})(?![^<]*>)", flags=re.A)
|
||||
torture_regex = re.compile('(^|\s)(i|me) ', flags=re.I|re.A)
|
||||
torture_regex2 = re.compile("(^|\s)i'm ", flags=re.I|re.A)
|
||||
torture_regex_exclude = re.compile('^\s*>', flags=re.A)
|
||||
|
||||
def sub_matcher(match):
|
||||
return SLURS[match.group(0).lower()]
|
||||
|
@ -795,11 +796,17 @@ def censor_slurs(body, logged_user):
|
|||
return body
|
||||
|
||||
def torture_ap(body, username):
|
||||
for k, l in AJ_REPLACEMENTS.items():
|
||||
body = body.replace(k, l)
|
||||
body = torture_regex.sub(rf'\1@{username} ', body)
|
||||
body = torture_regex2.sub(rf'\1@{username} is ', body)
|
||||
return body
|
||||
lines = body.splitlines(keepends=True)
|
||||
|
||||
for i in range(len(lines)):
|
||||
if torture_regex_exclude.match(lines[i]):
|
||||
continue
|
||||
for k, l in AJ_REPLACEMENTS.items():
|
||||
lines[i] = lines[i].replace(k, l)
|
||||
lines[i] = torture_regex.sub(rf'\1@{username} ', lines[i])
|
||||
lines[i] = torture_regex2.sub(rf'\1@{username} is ', lines[i])
|
||||
|
||||
return ''.join(lines)
|
||||
|
||||
YOUTUBE_KEY = environ.get("YOUTUBE_KEY", "").strip()
|
||||
|
||||
|
@ -864,7 +871,8 @@ approved_embed_hosts = [
|
|||
'deviantart.com',
|
||||
'deviantart.net',
|
||||
'googleapis.com',
|
||||
'bing.com'
|
||||
'bing.com',
|
||||
'typekit.net',
|
||||
]
|
||||
|
||||
hosts = "|".join(approved_embed_hosts).replace('.','\.')
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
import time
|
||||
import re
|
||||
from os import remove
|
||||
from PIL import Image as IMAGE
|
||||
|
||||
|
@ -520,8 +521,28 @@ def admin_home(v):
|
|||
else: response = requests.get(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/settings/security_level', headers=CF_HEADERS, timeout=5).json()['result']['value']
|
||||
under_attack = response == 'under_attack'
|
||||
|
||||
return render_template("admin/admin_home.html", v=v, under_attack=under_attack, site_settings=app.config['SETTINGS'])
|
||||
gitref = admin_git_head()
|
||||
|
||||
return render_template("admin/admin_home.html", v=v,
|
||||
under_attack=under_attack,
|
||||
site_settings=app.config['SETTINGS'],
|
||||
gitref=gitref)
|
||||
|
||||
def admin_git_head():
|
||||
short_len = 12
|
||||
# Note: doing zero sanitization. Git branch names are extremely permissive.
|
||||
# However, they forbid '..', so I don't see an obvious dir traversal attack.
|
||||
# Also, a malicious branch name would mean someone already owned the server
|
||||
# or repo, so I think this isn't a weak link.
|
||||
try:
|
||||
with open('.git/HEAD') as head_f:
|
||||
head_txt = head_f.read()
|
||||
head_path = re.match('ref: (refs/.+)', head_txt).group(1)
|
||||
with open('.git/' + head_path) as ref_f:
|
||||
gitref = ref_f.read()[0:short_len]
|
||||
except:
|
||||
return '<unable to read>'
|
||||
return gitref
|
||||
|
||||
@app.post("/admin/site_settings/<setting>")
|
||||
@admin_level_required(3)
|
||||
|
|
|
@ -85,7 +85,12 @@
|
|||
<label class="custom-control-label" for="under_attack">Under attack mode</label>
|
||||
</div>
|
||||
|
||||
<button class="btn btn-primary mt-3" onclick="post_toast(this,'/admin/purge_cache');">PURGE CACHE</button>
|
||||
<button class="btn btn-primary mt-3" onclick="post_toast(this,'/admin/purge_cache');" style="margin-bottom: 2em;">PURGE CACHE</button>
|
||||
{% endif %}
|
||||
|
||||
<h4>Server Status</h4>
|
||||
<div>
|
||||
Live Revision: <code>{{ gitref }}</code> <br>
|
||||
</div>
|
||||
|
||||
{% endblock %}
|
Loading…
Reference in New Issue