diff --git a/files/helpers/alerts.py b/files/helpers/alerts.py index 7948007a1..47afd618b 100644 --- a/files/helpers/alerts.py +++ b/files/helpers/alerts.py @@ -113,8 +113,6 @@ def send_unblock_notif(vid, user, text): def send_admin(vid, text): - text = re.sub('([^\n])\n([^\n])', r'\1\n\n\2', text) - text_html = Renderer().render(mistletoe.Document(text)) text_html = sanitize(text_html, True) diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 8d4f8cbd5..e1cfc21eb 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -83,7 +83,7 @@ allowed_styles = ['color', 'font-weight', 'transform', '-webkit-transform'] def sanitize(sanitized, noimages=False): - sanitized = sanitized.replace("\ufeff", "").replace("m.youtube.com", "youtube.com") + sanitized = sanitized.replace("\ufeff", "").replace("m.youtube.com", "youtube.com").replace("𒐪","") for i in re.finditer('https://i.imgur.com/(([^_]*?)\.(jpg|png|jpeg))', sanitized): sanitized = sanitized.replace(i.group(1), i.group(2) + "_d." + i.group(3) + "?maxwidth=9999") diff --git a/files/routes/comments.py b/files/routes/comments.py index 568541b2d..4c5d9ed5a 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -166,7 +166,6 @@ def api_comment(v): for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE): if "wikipedia" not in i.group(1): body = body.replace(i.group(1), f'![]({i.group(1)})') - body = re.sub('([^\n])\n([^\n])', r'\1\n\n\2', body) body_md = body options = [] @@ -183,7 +182,6 @@ def api_comment(v): url = request.host_url[:-1] + process_image(name) body = request.values.get("body") + f"\n![]({url})" - body = re.sub('([^\n])\n([^\n])', r'\1\n\n\2', body) body_md = CustomRenderer().render(mistletoe.Document(body)) body_html = sanitize(body_md) else: @@ -398,7 +396,6 @@ def api_comment(v): if "rama" in request.host and len(c.body) >= 1000 and "<" not in body and "" not in body_html: body = random.choice(LONGPOST_REPLIES) - body = re.sub('([^\n])\n([^\n])', r'\1\n\n\2', body) body_md = CustomRenderer().render(mistletoe.Document(body)) body_html2 = sanitize(body_md) diff --git a/files/routes/posts.py b/files/routes/posts.py index e2a03569c..1ad63eaa5 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -666,7 +666,6 @@ def submit_post(v): for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE): if "wikipedia" not in i.group(1): body = body.replace(i.group(1), f'![]({i.group(1)})') - body = re.sub('([^\n])\n([^\n])', r'\1\n\n\2', body) options = [] for i in re.finditer('\s*\$\$([^\$\n]+)\$\$\s*', body): diff --git a/files/routes/settings.py b/files/routes/settings.py index 1fe36a2b0..a6d474d2c 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -106,7 +106,6 @@ def settings_profile_post(v): for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', bio, re.MULTILINE): if "wikipedia" not in i.group(1): bio = bio.replace(i.group(1), f'![]({i.group(1)})') - bio = re.sub('([^\n])\n([^\n])', r'\1\n\n\2', bio) if request.files.get('file'): file = request.files['file'] @@ -124,11 +123,6 @@ def settings_profile_post(v): bio_html = sanitize(bio_html) bans = filter_comment_html(bio_html) - if len(bio_html) > 10000: - return render_template("settings_profile.html", - v=v, - error="Your bio is too long") - if bans: ban = bans[0] reason = f"Remove the {ban.domain} link from your bio and try again." @@ -137,7 +131,10 @@ def settings_profile_post(v): return {"error": reason}, 401 - if len(bio_html) > 10000: abort(400) + if len(bio_html) > 10000: + return render_template("settings_profile.html", + v=v, + error="Your bio is too long") v.bio = bio[:1500] v.bio_html=bio_html @@ -149,20 +146,15 @@ def settings_profile_post(v): if v.patron and request.values.get("sig"): - sig = request.values.get("sig")[:1500] + sig = request.values.get("sig")[:200] for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', sig, re.MULTILINE): if "wikipedia" not in i.group(1): sig = sig.replace(i.group(1), f'![]({i.group(1)})') - sig = re.sub('([^\n])\n([^\n])', r'\1\n\n\2', sig) - + sig_html = CustomRenderer().render(mistletoe.Document(sig)) sig_html = sanitize(sig_html) bans = filter_comment_html(sig_html) - if len(sig_html) > 10000: - return render_template("settings_profile.html", - v=v, - error="Your sig is too long") if bans: ban = bans[0] @@ -172,9 +164,12 @@ def settings_profile_post(v): return {"error": reason}, 401 - if len(sig_html) > 10000: abort(400) + if len(sig_html) > 1000: + return render_template("settings_profile.html", + v=v, + error="Your sig is too long") - v.sig = sig[:1500] + v.sig = sig[:200] v.sig_html=sig_html g.db.add(v) g.db.commit() @@ -188,7 +183,6 @@ def settings_profile_post(v): for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', bio, re.MULTILINE): if "wikipedia" not in i.group(1): bio = bio.replace(i.group(1), f'![]({i.group(1)})') - bio = re.sub('([^\n])\n([^\n])', r'\1\n\n\2', bio) if request.files.get('file'): file = request.files['file'] diff --git a/files/routes/users.py b/files/routes/users.py index 7e4228dbc..a6bcd2ca5 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -238,8 +238,6 @@ def message2(v, username): ).first() if existing: return redirect('/notifications?messages=true') - text = re.sub('([^\n])\n([^\n])', r'\1\n\n\2', message) - text_html = Renderer().render(mistletoe.Document(text)) text_html = sanitize(text_html, True) @@ -291,7 +289,6 @@ def messagereply(v): id = int(request.values.get("parent_id")) parent = get_comment(id, v=v) user = parent.author - message = re.sub('([^\n])\n([^\n])', r'\1\n\n\2', message) text_html = Renderer().render(mistletoe.Document(message)) text_html = sanitize(text_html, True)