diff --git a/files/helpers/media.py b/files/helpers/media.py index f6557556e..5390bcb06 100644 --- a/files/helpers/media.py +++ b/files/helpers/media.py @@ -9,6 +9,32 @@ import time from .const import * +def process_files(): + body = '' + if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1": + files = request.files.getlist('file')[:4] + for file in files: + if file.content_type.startswith('image/'): + name = f'/images/{time.time()}'.replace('.','') + '.webp' + file.save(name) + url = process_image(v.patron, name) + body += f"\n\n![]({url})" + elif file.content_type.startswith('video/'): + value = process_video(file) + if type(value) is str: body += f"\n\n{value}" + else: return value + elif file.content_type.startswith('audio/'): + body += f"\n\n{process_audio(file)}" + else: + body += f"\n\n{process_other(file)}" + return body + + +def process_other(file): + req = requests.request("POST", "https://pomf2.lain.la/upload.php", files={'files[]': file}, timeout=20).json() + return req['files'][0]['url'] + + def process_audio(file): name = f'/audio/{time.time()}'.replace('.','') + '.mp3' file.save(name) diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 7f7d3bc82..6f346df15 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -165,6 +165,8 @@ def sanitize(sanitized, alert=False, edit=False): signal.signal(signal.SIGALRM, handler) signal.alarm(1) + sanitized = sanitized.strip() + if '```' not in sanitized and '
' not in sanitized: sanitized = linefeeds_regex.sub(r'\1\n\n\2', sanitized) diff --git a/files/routes/comments.py b/files/routes/comments.py index 917bad014..1b2d6a65d 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -298,7 +298,8 @@ def api_comment(v): else: return value elif file.content_type.startswith('audio/'): body += f"\n\n{process_audio(file)}" - else: return {"error": "Image/Video/Audio files only"}, 400 + else: + body += f"\n\n{process_other(file)}" body = body.strip() @@ -697,8 +698,6 @@ def edit_comment(cid, v): ) g.db.add(c_choice) - body_html = sanitize(body, edit=True) - if '!slots' not in body.lower() and '!blackjack' not in body.lower() and '!wordle' not in body.lower() and AGENDAPOSTER_PHRASE not in body.lower(): now = int(time.time()) cutoff = now - 60 * 60 * 24 @@ -733,25 +732,11 @@ def edit_comment(cid, v): return {"error": "Too much spam!"}, 403 - if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1": - files = request.files.getlist('file')[:4] - for file in files: - if file.content_type.startswith('image/'): - name = f'/images/{time.time()}'.replace('.','') + '.webp' - file.save(name) - url = process_image(v.patron, name) - body += f"\n\n![]({url})" - elif file.content_type.startswith('video/'): - value = process_video(file) - if type(value) is str: body += f"\n\n{value}" - else: return value - elif file.content_type.startswith('audio/'): - body += f"\n\n{process_audio(file)}" - else: return {"error": "Image/Video/Audio files only"}, 400 + body += process_files() - body = body.strip() + body = body.strip() - body_html = sanitize(body, edit=True) + body_html = sanitize(body, edit=True) if len(body_html) > 20000: abort(400) diff --git a/files/routes/posts.py b/files/routes/posts.py index a8761dc17..b216b183d 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -465,21 +465,7 @@ def edit_post(pid, v): p.title = title[:500] p.title_html = title_html - if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1": - files = request.files.getlist('file')[:4] - for file in files: - if file.content_type.startswith('image/'): - name = f'/images/{time.time()}'.replace('.','') + '.webp' - file.save(name) - url = process_image(v.patron, name) - body += f"\n\n![]({url})" - elif file.content_type.startswith('video/'): - value = process_video(file) - if type(value) is str: body += f"\n\n{value}" - else: return value - elif file.content_type.startswith('audio/'): - body += f"\n\n{process_audio(file)}" - else: return {"error": "Image/Video/Audio files only"}, 400 + body += process_files() body = body.strip() @@ -973,21 +959,7 @@ def submit_post(v, sub=None): if v.agendaposter and not v.marseyawarded: body = torture_ap(body, v.username) - if request.files.get("file2") and request.headers.get("cf-ipcountry") != "T1": - files = request.files.getlist('file2')[:4] - for file in files: - if file.content_type.startswith('image/'): - name = f'/images/{time.time()}'.replace('.','') + '.webp' - file.save(name) - body += f"\n\n![]({process_image(v.patron, name)})" - elif file.content_type.startswith('video/'): - value = process_video(file) - if type(value) is str: body += f"\n\n{value}" - else: return error(value['error']) - elif file.content_type.startswith('audio/'): - body += f"\n\n{process_audio(file)}" - else: - return error("Image/Video/Audio files only.") + body += process_files() body = body.strip() @@ -1075,9 +1047,9 @@ def submit_post(v, sub=None): ) g.db.add(vote) - if request.files.get('file') and request.headers.get("cf-ipcountry") != "T1": + if request.files.get('file-url') and request.headers.get("cf-ipcountry") != "T1": - file = request.files['file'] + file = request.files['file-url'] if file.content_type.startswith('image/'): name = f'/images/{time.time()}'.replace('.','') + '.webp' @@ -1094,7 +1066,7 @@ def submit_post(v, sub=None): elif file.content_type.startswith('audio/'): post.url = process_audio(file) else: - return error("Image/Video/Audio files only.") + post.url = process_other(file) if not post.thumburl and post.url: gevent.spawn(thumbnail_thread, post.id) @@ -1241,6 +1213,8 @@ def submit_post(v, sub=None): body += f'* [ghostarchive.org](https://ghostarchive.org/search?term={quote(href)}) (click to archive)\n\n' gevent.spawn(archiveorg, href) + body = body.strip() + body_html = sanitize(body) if len(body_html) < 40000: diff --git a/files/routes/settings.py b/files/routes/settings.py index 448889692..ef2dac2f9 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -215,25 +215,10 @@ def settings_profile_post(v): msg="Your enemies list has been updated.") - elif request.values.get("bio") or request.files.get('file') and request.headers.get("cf-ipcountry") != "T1": + elif request.values.get("bio") or request.files.get('file'): bio = request.values.get("bio")[:1500] - if request.files.get('file'): - file = request.files['file'] - if file.content_type.startswith('image/'): - name = f'/images/{time.time()}'.replace('.','') + '.webp' - file.save(name) - url = process_image(v.patron, name) - bio += f"\n\n![]({url})" - elif file.content_type.startswith('video/'): - value = process_video(file) - if type(value) is str: bio += f"\n\n{value}" - else: return value - elif file.content_type.startswith('audio/'): - bio += f"\n\n{process_audio(file)}" - else: - if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "Image/Video/Audio files only"}, 400 - return render_template("settings_profile.html", v=v, error="Image/Video/Audio files only."), 400 + bio += process_files() bio = bio.strip() diff --git a/files/routes/static.py b/files/routes/static.py index 981951b05..18f476bc0 100644 --- a/files/routes/static.py +++ b/files/routes/static.py @@ -199,19 +199,21 @@ def submit_contact(v): body_html = sanitize(body) if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1": - file=request.files["file"] - if file.content_type.startswith('image/'): - name = f'/images/{time.time()}'.replace('.','') + '.webp' - file.save(name) - url = process_image(v.patron, name) - body_html += f'' - elif file.content_type.startswith('video/'): - value = process_video(file) - if type(value) is str: body_html += f"{value}
" - else: return value - elif file.content_type.startswith('audio/'): - body_html += f"{process_audio(file)}
" - else: return {"error": "Image/Video/Audio files only"}, 400 + files = request.files.getlist('file')[:4] + for file in files: + if file.content_type.startswith('image/'): + name = f'/images/{time.time()}'.replace('.','') + '.webp' + file.save(name) + url = process_image(v.patron, name) + body_html += f'' + elif file.content_type.startswith('video/'): + value = process_video(file) + if type(value) is str: body_html += f"{value}
" + else: return value + elif file.content_type.startswith('audio/'): + body_html += f"{process_audio(file)}
" + else: + body_html += f"{process_other(file)}
" diff --git a/files/routes/users.py b/files/routes/users.py index aed936162..64db99de6 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -726,19 +726,21 @@ def messagereply(v): body_html = sanitize(message) if parent.sentto == 2 and request.files.get("file") and request.headers.get("cf-ipcountry") != "T1": - file=request.files["file"] - if file.content_type.startswith('image/'): - name = f'/images/{time.time()}'.replace('.','') + '.webp' - file.save(name) - url = process_image(v.patron, name) - body_html += f'' - elif file.content_type.startswith('video/'): - value = process_video(file) - if type(value) is str: body_html += f"{value}
" - else: return value - elif file.content_type.startswith('audio/'): - body_html += f"{process_audio(file)}
" - else: return {"error": "Image/Video/Audio files only"}, 400 + files = request.files.getlist('file')[:4] + for file in files: + if file.content_type.startswith('image/'): + name = f'/images/{time.time()}'.replace('.','') + '.webp' + file.save(name) + url = process_image(v.patron, name) + body_html += f'' + elif file.content_type.startswith('video/'): + value = process_video(file) + if type(value) is str: body_html += f"{value}
" + else: return value + elif file.content_type.startswith('audio/'): + body_html += f"{process_audio(file)}
" + else: + body_html += f"{process_other(file)}
" c = Comment(author_id=v.id, diff --git a/files/templates/comments.html b/files/templates/comments.html index 85efd9c8a..a2906b74d 100644 --- a/files/templates/comments.html +++ b/files/templates/comments.html @@ -329,7 +329,7 @@ Save Edit @@ -581,7 +581,7 @@ Comment @@ -620,7 +620,7 @@ {% if c.sentto == 2 %} {% endif %} diff --git a/files/templates/contact.html b/files/templates/contact.html index c6a643011..8f7e441f6 100644 --- a/files/templates/contact.html +++ b/files/templates/contact.html @@ -36,7 +36,7 @@ diff --git a/files/templates/settings_profile.html b/files/templates/settings_profile.html index 563dac3a0..cd4762ad5 100644 --- a/files/templates/settings_profile.html +++ b/files/templates/settings_profile.html @@ -606,7 +606,7 @@ diff --git a/files/templates/submission.html b/files/templates/submission.html index 9e96f28cd..f61195a42 100644 --- a/files/templates/submission.html +++ b/files/templates/submission.html @@ -878,7 +878,7 @@ @@ -1075,7 +1075,7 @@ Comment diff --git a/files/templates/submit.html b/files/templates/submit.html index ff8037975..14b8ebcf5 100644 --- a/files/templates/submit.html +++ b/files/templates/submit.html @@ -111,7 +111,7 @@ Optional if you have text. You can upload images or videos up to 60 seconds. @@ -147,7 +147,7 @@