From ccdabcba29e6a4f578acd45814580158c19d68e6 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Sat, 18 Jun 2022 17:53:34 +0200 Subject: [PATCH] allow uploading of all types of files (using lain.la) + allow multiple file upload in bios and messaging admins --- files/helpers/media.py | 26 +++++++++++++++++ files/helpers/sanitize.py | 2 ++ files/routes/comments.py | 25 ++++------------- files/routes/posts.py | 40 +++++---------------------- files/routes/settings.py | 19 ++----------- files/routes/static.py | 28 ++++++++++--------- files/routes/users.py | 28 ++++++++++--------- files/templates/comments.html | 6 ++-- files/templates/contact.html | 2 +- files/templates/settings_profile.html | 2 +- files/templates/submission.html | 4 +-- files/templates/submit.html | 4 +-- 12 files changed, 81 insertions(+), 105 deletions(-) diff --git a/files/helpers/media.py b/files/helpers/media.py index f6557556e..5390bcb06 100644 --- a/files/helpers/media.py +++ b/files/helpers/media.py @@ -9,6 +9,32 @@ import time from .const import * +def process_files(): + body = '' + if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1": + files = request.files.getlist('file')[:4] + for file in files: + if file.content_type.startswith('image/'): + name = f'/images/{time.time()}'.replace('.','') + '.webp' + file.save(name) + url = process_image(v.patron, name) + body += f"\n\n![]({url})" + elif file.content_type.startswith('video/'): + value = process_video(file) + if type(value) is str: body += f"\n\n{value}" + else: return value + elif file.content_type.startswith('audio/'): + body += f"\n\n{process_audio(file)}" + else: + body += f"\n\n{process_other(file)}" + return body + + +def process_other(file): + req = requests.request("POST", "https://pomf2.lain.la/upload.php", files={'files[]': file}, timeout=20).json() + return req['files'][0]['url'] + + def process_audio(file): name = f'/audio/{time.time()}'.replace('.','') + '.mp3' file.save(name) diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 7f7d3bc82..6f346df15 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -165,6 +165,8 @@ def sanitize(sanitized, alert=False, edit=False): signal.signal(signal.SIGALRM, handler) signal.alarm(1) + sanitized = sanitized.strip() + if '```' not in sanitized and '
' not in sanitized:
 		sanitized = linefeeds_regex.sub(r'\1\n\n\2', sanitized)
 
diff --git a/files/routes/comments.py b/files/routes/comments.py
index 917bad014..1b2d6a65d 100644
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@@ -298,7 +298,8 @@ def api_comment(v):
 				else: return value
 			elif file.content_type.startswith('audio/'):
 				body += f"\n\n{process_audio(file)}"
-			else: return {"error": "Image/Video/Audio files only"}, 400
+			else:
+				body += f"\n\n{process_other(file)}"
 
 	body = body.strip()
 	
@@ -697,8 +698,6 @@ def edit_comment(cid, v):
 				)
 			g.db.add(c_choice)
 
-		body_html = sanitize(body, edit=True)
-
 		if '!slots' not in body.lower() and '!blackjack' not in body.lower() and '!wordle' not in body.lower() and AGENDAPOSTER_PHRASE not in body.lower():
 			now = int(time.time())
 			cutoff = now - 60 * 60 * 24
@@ -733,25 +732,11 @@ def edit_comment(cid, v):
 
 				return {"error": "Too much spam!"}, 403
 
-		if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1":
-			files = request.files.getlist('file')[:4]
-			for file in files:
-				if file.content_type.startswith('image/'):
-					name = f'/images/{time.time()}'.replace('.','') + '.webp'
-					file.save(name)
-					url = process_image(v.patron, name)
-					body += f"\n\n![]({url})"
-				elif file.content_type.startswith('video/'):
-					value = process_video(file)
-					if type(value) is str: body += f"\n\n{value}"
-					else: return value
-				elif file.content_type.startswith('audio/'):
-					body += f"\n\n{process_audio(file)}"
-				else: return {"error": "Image/Video/Audio files only"}, 400
+		body += process_files()
 
-			body = body.strip()
+		body = body.strip()
 
-			body_html = sanitize(body, edit=True)
+		body_html = sanitize(body, edit=True)
 
 		if len(body_html) > 20000: abort(400)
 
diff --git a/files/routes/posts.py b/files/routes/posts.py
index a8761dc17..b216b183d 100644
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@@ -465,21 +465,7 @@ def edit_post(pid, v):
 		p.title = title[:500]
 		p.title_html = title_html
 
-	if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1":
-		files = request.files.getlist('file')[:4]
-		for file in files:
-			if file.content_type.startswith('image/'):
-				name = f'/images/{time.time()}'.replace('.','') + '.webp'
-				file.save(name)
-				url = process_image(v.patron, name)
-				body += f"\n\n![]({url})"
-			elif file.content_type.startswith('video/'):
-				value = process_video(file)
-				if type(value) is str: body += f"\n\n{value}"
-				else: return value
-			elif file.content_type.startswith('audio/'):
-				body += f"\n\n{process_audio(file)}"
-			else: return {"error": "Image/Video/Audio files only"}, 400
+	body += process_files()
 
 	body = body.strip()
 
@@ -973,21 +959,7 @@ def submit_post(v, sub=None):
 
 	if v.agendaposter and not v.marseyawarded: body = torture_ap(body, v.username)
 
-	if request.files.get("file2") and request.headers.get("cf-ipcountry") != "T1":
-		files = request.files.getlist('file2')[:4]
-		for file in files:
-			if file.content_type.startswith('image/'):
-				name = f'/images/{time.time()}'.replace('.','') + '.webp'
-				file.save(name)
-				body += f"\n\n![]({process_image(v.patron, name)})"
-			elif file.content_type.startswith('video/'):
-				value = process_video(file)
-				if type(value) is str: body += f"\n\n{value}"
-				else: return error(value['error'])
-			elif file.content_type.startswith('audio/'):
-				body += f"\n\n{process_audio(file)}"
-			else:
-				return error("Image/Video/Audio files only.")
+	body += process_files()
 
 	body = body.strip()
 
@@ -1075,9 +1047,9 @@ def submit_post(v, sub=None):
 				)
 	g.db.add(vote)
 	
-	if request.files.get('file') and request.headers.get("cf-ipcountry") != "T1":
+	if request.files.get('file-url') and request.headers.get("cf-ipcountry") != "T1":
 
-		file = request.files['file']
+		file = request.files['file-url']
 
 		if file.content_type.startswith('image/'):
 			name = f'/images/{time.time()}'.replace('.','') + '.webp'
@@ -1094,7 +1066,7 @@ def submit_post(v, sub=None):
 		elif file.content_type.startswith('audio/'):
 			post.url = process_audio(file)
 		else:
-			return error("Image/Video/Audio files only.")
+			post.url = process_other(file)
 		
 	if not post.thumburl and post.url:
 		gevent.spawn(thumbnail_thread, post.id)
@@ -1241,6 +1213,8 @@ def submit_post(v, sub=None):
 				body += f'* [ghostarchive.org](https://ghostarchive.org/search?term={quote(href)}) (click to archive)\n\n'
 				gevent.spawn(archiveorg, href)
 
+		body = body.strip()
+
 		body_html = sanitize(body)
 
 		if len(body_html) < 40000:
diff --git a/files/routes/settings.py b/files/routes/settings.py
index 448889692..ef2dac2f9 100644
--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@@ -215,25 +215,10 @@ def settings_profile_post(v):
 							   msg="Your enemies list has been updated.")
 
 
-	elif request.values.get("bio") or request.files.get('file') and request.headers.get("cf-ipcountry") != "T1":
+	elif request.values.get("bio") or request.files.get('file'):
 		bio = request.values.get("bio")[:1500]
 
-		if request.files.get('file'):
-			file = request.files['file']
-			if file.content_type.startswith('image/'):
-				name = f'/images/{time.time()}'.replace('.','') + '.webp'
-				file.save(name)
-				url = process_image(v.patron, name)
-				bio += f"\n\n![]({url})"
-			elif file.content_type.startswith('video/'):
-				value = process_video(file)
-				if type(value) is str: bio += f"\n\n{value}"
-				else: return value
-			elif file.content_type.startswith('audio/'):
-				bio += f"\n\n{process_audio(file)}"
-			else:
-				if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "Image/Video/Audio files only"}, 400
-				return render_template("settings_profile.html", v=v, error="Image/Video/Audio files only."), 400
+		bio += process_files()
 
 		bio = bio.strip()
 
diff --git a/files/routes/static.py b/files/routes/static.py
index 981951b05..18f476bc0 100644
--- a/files/routes/static.py
+++ b/files/routes/static.py
@@ -199,19 +199,21 @@ def submit_contact(v):
 	body_html = sanitize(body)
 
 	if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1":
-		file=request.files["file"]
-		if file.content_type.startswith('image/'):
-			name = f'/images/{time.time()}'.replace('.','') + '.webp'
-			file.save(name)
-			url = process_image(v.patron, name)
-			body_html += f''
-		elif file.content_type.startswith('video/'):
-			value = process_video(file)
-			if type(value) is str: body_html += f"
{value}
"
-			else: return value
-		elif file.content_type.startswith('audio/'):
-			body_html += f"
{process_audio(file)}
"
-		else: return {"error": "Image/Video/Audio files only"}, 400
+		files = request.files.getlist('file')[:4]
+		for file in files:
+			if file.content_type.startswith('image/'):
+				name = f'/images/{time.time()}'.replace('.','') + '.webp'
+				file.save(name)
+				url = process_image(v.patron, name)
+				body_html += f''
+			elif file.content_type.startswith('video/'):
+				value = process_video(file)
+				if type(value) is str: body_html += f"
{value}
"
+				else: return value
+			elif file.content_type.startswith('audio/'):
+				body_html += f"
{process_audio(file)}
"
+			else:
+				body_html += f"
{process_other(file)}
"
 
 
 
diff --git a/files/routes/users.py b/files/routes/users.py
index aed936162..64db99de6 100644
--- a/files/routes/users.py
+++ b/files/routes/users.py
@@ -726,19 +726,21 @@ def messagereply(v):
 	body_html = sanitize(message)
 
 	if parent.sentto == 2 and request.files.get("file") and request.headers.get("cf-ipcountry") != "T1":
-		file=request.files["file"]
-		if file.content_type.startswith('image/'):
-			name = f'/images/{time.time()}'.replace('.','') + '.webp'
-			file.save(name)
-			url = process_image(v.patron, name)
-			body_html += f''
-		elif file.content_type.startswith('video/'):
-			value = process_video(file)
-			if type(value) is str: body_html += f"
{value}
"
-			else: return value
-		elif file.content_type.startswith('audio/'):
-			body_html += f"
{process_audio(file)}
"
-		else: return {"error": "Image/Video/Audio files only"}, 400
+		files = request.files.getlist('file')[:4]
+		for file in files:
+			if file.content_type.startswith('image/'):
+				name = f'/images/{time.time()}'.replace('.','') + '.webp'
+				file.save(name)
+				url = process_image(v.patron, name)
+				body_html += f''
+			elif file.content_type.startswith('video/'):
+				value = process_video(file)
+				if type(value) is str: body_html += f"
{value}
"
+				else: return value
+			elif file.content_type.startswith('audio/'):
+				body_html += f"
{process_audio(file)}
"
+			else:
+				body_html += f"
{process_other(file)}
"
 
 
 	c = Comment(author_id=v.id,
diff --git a/files/templates/comments.html b/files/templates/comments.html
index 85efd9c8a..a2906b74d 100644
--- a/files/templates/comments.html
+++ b/files/templates/comments.html
@@ -329,7 +329,7 @@
 							
 							
 						
 						Save Edit 
@@ -581,7 +581,7 @@
 						 
 						
 					
 					Comment
@@ -620,7 +620,7 @@
 							{% if c.sentto == 2 %}
 								
 							{% endif %}
 						
diff --git a/files/templates/contact.html b/files/templates/contact.html
index c6a643011..8f7e441f6 100644
--- a/files/templates/contact.html
+++ b/files/templates/contact.html
@@ -36,7 +36,7 @@
 		
 		
 		
 	
diff --git a/files/templates/settings_profile.html b/files/templates/settings_profile.html
index 563dac3a0..cd4762ad5 100644
--- a/files/templates/settings_profile.html
+++ b/files/templates/settings_profile.html
@@ -606,7 +606,7 @@
 											 
 											
 										
 										

diff --git a/files/templates/submission.html b/files/templates/submission.html
index 9e96f28cd..f61195a42 100644
--- a/files/templates/submission.html
+++ b/files/templates/submission.html
@@ -878,7 +878,7 @@
 
 										
 						
 										 
@@ -1075,7 +1075,7 @@
 					 
 					
 				
 				Comment
diff --git a/files/templates/submit.html b/files/templates/submit.html
index ff8037975..14b8ebcf5 100644
--- a/files/templates/submit.html
+++ b/files/templates/submit.html
@@ -111,7 +111,7 @@
 													
 													
 													Optional if you have text.
 													You can upload images or videos up to 60 seconds.
@@ -147,7 +147,7 @@