kitchen sink commit, all over the place
parent
6ec0d25034
commit
bce4c13043
|
@ -81,7 +81,7 @@ class Comment(Base):
|
||||||
author = relationship("User", primaryjoin="User.id==Comment.author_id")
|
author = relationship("User", primaryjoin="User.id==Comment.author_id")
|
||||||
senttouser = relationship("User", primaryjoin="User.id==Comment.sentto")
|
senttouser = relationship("User", primaryjoin="User.id==Comment.sentto")
|
||||||
parent_comment = relationship("Comment", remote_side=[id], back_populates="child_comments")
|
parent_comment = relationship("Comment", remote_side=[id], back_populates="child_comments")
|
||||||
child_comments = relationship("Comment", lazy="dynamic", remote_side=[parent_comment_id], back_populates="parent_comment")
|
child_comments = relationship("Comment", remote_side=[parent_comment_id], back_populates="parent_comment")
|
||||||
awards = relationship("AwardRelationship", order_by="AwardRelationship.awarded_utc.desc()", back_populates="comment")
|
awards = relationship("AwardRelationship", order_by="AwardRelationship.awarded_utc.desc()", back_populates="comment")
|
||||||
flags = relationship("CommentFlag", order_by="CommentFlag.created_utc")
|
flags = relationship("CommentFlag", order_by="CommentFlag.created_utc")
|
||||||
options = relationship("CommentOption", order_by="CommentOption.id")
|
options = relationship("CommentOption", order_by="CommentOption.id")
|
||||||
|
@ -207,19 +207,24 @@ class Comment(Base):
|
||||||
|
|
||||||
@lazy
|
@lazy
|
||||||
def replies(self, sort=None):
|
def replies(self, sort=None):
|
||||||
if self.replies2 != None: return [x for x in self.replies2 if not x.author.shadowbanned]
|
if self.replies2 != None:
|
||||||
if not self.parent_submission:
|
return [x for x in self.replies2 if not x.author.shadowbanned]
|
||||||
return [x for x in self.child_comments.order_by(Comment.id) if not x.author.shadowbanned]
|
|
||||||
|
|
||||||
comments = self.child_comments
|
|
||||||
return [x for x in comments if not x.author.shadowbanned]
|
|
||||||
|
|
||||||
|
if not self.parent_submission:
|
||||||
|
return g.db.query(Comment).options(
|
||||||
|
joinedload(Comment.author)
|
||||||
|
).filter_by(parent_comment_id=self.id, shadowbanned=None).order_by(Comment.id).all()
|
||||||
|
|
||||||
|
return [x for x in self.child_comments if not x.author.shadowbanned]
|
||||||
|
|
||||||
|
|
||||||
@lazy
|
@lazy
|
||||||
def replies3(self, sort):
|
def replies3(self, sort):
|
||||||
if self.replies2 != None: return self.replies2
|
if self.replies2 != None:
|
||||||
|
return self.replies2
|
||||||
|
|
||||||
if not self.parent_submission:
|
if not self.parent_submission:
|
||||||
return self.child_comments.order_by(Comment.id).all()
|
return g.db.query(Comment).filter_by(parent_comment_id=self.id).order_by(Comment.id).all()
|
||||||
|
|
||||||
return self.child_comments
|
return self.child_comments
|
||||||
|
|
||||||
|
|
|
@ -916,8 +916,11 @@ approved_embed_hosts = {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def is_site_url(url):
|
||||||
|
return '\\' not in url and (url.startswith('/') or url.startswith(f'{SITE_FULL}/'))
|
||||||
|
|
||||||
def is_safe_url(url):
|
def is_safe_url(url):
|
||||||
return '\\' not in url and (url.startswith('/') or tldextract.extract(url).registered_domain in approved_embed_hosts)
|
return is_site_url(url) or tldextract.extract(url).registered_domain in approved_embed_hosts
|
||||||
|
|
||||||
|
|
||||||
hosts = "|".join(approved_embed_hosts).replace('.','\.')
|
hosts = "|".join(approved_embed_hosts).replace('.','\.')
|
||||||
|
|
|
@ -67,7 +67,7 @@ def allowed_attributes(tag, name, value):
|
||||||
if name == 'data-bs-toggle' and value == 'tooltip': return True
|
if name == 'data-bs-toggle' and value == 'tooltip': return True
|
||||||
if name in ['g','b','glow'] and not value: return True
|
if name in ['g','b','glow'] and not value: return True
|
||||||
if name in ['alt','title']: return True
|
if name in ['alt','title']: return True
|
||||||
if name == 'referrpolicy' and value == 'no-referrer': return True
|
if name == 'referrerpolicy' and value == 'no-referrer': return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
if tag == 'lite-youtube':
|
if tag == 'lite-youtube':
|
||||||
|
@ -213,10 +213,14 @@ def sanitize(sanitized, edit=False):
|
||||||
tag["data-src"] = tag["src"]
|
tag["data-src"] = tag["src"]
|
||||||
tag["src"] = "/i/l.webp"
|
tag["src"] = "/i/l.webp"
|
||||||
tag['alt'] = f'![]({tag["data-src"]})'
|
tag['alt'] = f'![]({tag["data-src"]})'
|
||||||
tag['referrerpolicy'] = "no-referrer"
|
|
||||||
|
if not is_site_url(tag["data-src"]):
|
||||||
|
tag['referrerpolicy'] = "no-referrer"
|
||||||
|
|
||||||
if tag.parent.name != 'a':
|
if tag.parent.name != 'a':
|
||||||
a = soup.new_tag("a", href=tag["data-src"], rel="nofollow noopener noreferrer")
|
a = soup.new_tag("a", href=tag["data-src"])
|
||||||
|
if not is_site_url(a["href"]):
|
||||||
|
a["rel"] = "nofollow noopener noreferrer"
|
||||||
tag = tag.replace_with(a)
|
tag = tag.replace_with(a)
|
||||||
a.append(tag)
|
a.append(tag)
|
||||||
|
|
||||||
|
|
|
@ -80,7 +80,5 @@ def error_500(e):
|
||||||
def allow_nsfw():
|
def allow_nsfw():
|
||||||
session["over_18"] = int(time.time()) + 3600
|
session["over_18"] = int(time.time()) + 3600
|
||||||
redir = request.values.get("redir")
|
redir = request.values.get("redir")
|
||||||
if redir:
|
if redir and is_site_url(redir): return redirect(redir)
|
||||||
if redir.startswith(f'{SITE_FULL}/'): return redirect(redir)
|
|
||||||
if redir.startswith('/') and '\\' not in redir: return redirect(f'{SITE_FULL}{redir}')
|
|
||||||
return redirect('/')
|
return redirect('/')
|
|
@ -141,7 +141,7 @@ def notifications(v):
|
||||||
|
|
||||||
if c.parent_submission:
|
if c.parent_submission:
|
||||||
if c.replies2 == None:
|
if c.replies2 == None:
|
||||||
c.replies2 = c.child_comments.filter(or_(Comment.author_id == v.id, Comment.id.in_(cids))).all()
|
c.replies2 = g.db.query(Comment).filter_by(parent_comment_id=c.id).filter(or_(Comment.author_id == v.id, Comment.id.in_(cids))).all()
|
||||||
for x in c.replies2:
|
for x in c.replies2:
|
||||||
if x.replies2 == None: x.replies2 = []
|
if x.replies2 == None: x.replies2 = []
|
||||||
count = 0
|
count = 0
|
||||||
|
@ -149,10 +149,10 @@ def notifications(v):
|
||||||
count += 1
|
count += 1
|
||||||
c = c.parent_comment
|
c = c.parent_comment
|
||||||
if c.replies2 == None:
|
if c.replies2 == None:
|
||||||
c.replies2 = c.child_comments.filter(or_(Comment.author_id == v.id, Comment.id.in_(cids))).all()
|
c.replies2 = g.db.query(Comment).filter_by(parent_comment_id=c.id).filter(or_(Comment.author_id == v.id, Comment.id.in_(cids))).all()
|
||||||
for x in c.replies2:
|
for x in c.replies2:
|
||||||
if x.replies2 == None:
|
if x.replies2 == None:
|
||||||
x.replies2 = x.child_comments.filter(or_(Comment.author_id == v.id, Comment.id.in_(cids))).all()
|
x.replies2 = g.db.query(Comment).filter_by(parent_comment_id=x.id).filter(or_(Comment.author_id == v.id, Comment.id.in_(cids))).all()
|
||||||
else:
|
else:
|
||||||
while c.parent_comment:
|
while c.parent_comment:
|
||||||
c = c.parent_comment
|
c = c.parent_comment
|
||||||
|
|
|
@ -14,11 +14,8 @@ def login_get(v):
|
||||||
redir = request.values.get("redirect")
|
redir = request.values.get("redirect")
|
||||||
if redir:
|
if redir:
|
||||||
redir = redir.replace("/logged_out", "").strip()
|
redir = redir.replace("/logged_out", "").strip()
|
||||||
if not redir.startswith(f'{SITE_FULL}/') and not (redir.startswith('/') and '\\' not in redir): redir = None
|
if not is_site_url(redir): redir = None
|
||||||
|
if v: return redirect(redir)
|
||||||
if v and redir:
|
|
||||||
if redir.startswith(f'{SITE_FULL}/'): return redirect(redir)
|
|
||||||
elif redir.startswith('/') and '\\' not in redir: return redirect(f'{SITE_FULL}{redir}')
|
|
||||||
|
|
||||||
return render_template("login.html", failed=False, redirect=redir)
|
return render_template("login.html", failed=False, redirect=redir)
|
||||||
|
|
||||||
|
@ -152,11 +149,7 @@ def login_post():
|
||||||
redir = request.values.get("redirect")
|
redir = request.values.get("redirect")
|
||||||
if redir:
|
if redir:
|
||||||
redir = redir.replace("/logged_out", "").strip()
|
redir = redir.replace("/logged_out", "").strip()
|
||||||
if not redir.startswith(f'{SITE_FULL}/') and not (redir.startswith('/') and '\\' not in redir): redir = '/'
|
if is_site_url(redir): return redirect(redir)
|
||||||
|
|
||||||
if redir:
|
|
||||||
if redir.startswith(f'{SITE_FULL}/'): return redirect(redir)
|
|
||||||
if redir.startswith('/') and '\\' not in redir: return redirect(f'{SITE_FULL}{redir}')
|
|
||||||
return redirect('/')
|
return redirect('/')
|
||||||
|
|
||||||
@app.get("/me")
|
@app.get("/me")
|
||||||
|
|
Loading…
Reference in New Issue