From d9cdbd001502cf2631c35923b55b26c574b97828 Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Sun, 19 Jun 2022 18:56:45 +0200
Subject: [PATCH] return to only allowing images/videos/audio

---
 files/helpers/media.py                |  2 +-
 files/routes/comments.py              |  2 +-
 files/routes/errors.py                |  5 +++++
 files/routes/posts.py                 |  2 +-
 files/templates/comments.html         |  6 +++---
 files/templates/contact.html          |  2 +-
 files/templates/errors/415.html       | 20 ++++++++++++++++++++
 files/templates/errors/418.html       |  4 ++--
 files/templates/settings_profile.html |  2 +-
 files/templates/submission.html       |  4 ++--
 files/templates/submit.html           |  4 ++--
 11 files changed, 39 insertions(+), 14 deletions(-)
 create mode 100644 files/templates/errors/415.html

diff --git a/files/helpers/media.py b/files/helpers/media.py
index 6ab4897f3..c1aa58206 100644
--- a/files/helpers/media.py
+++ b/files/helpers/media.py
@@ -25,7 +25,7 @@ def process_files():
 			elif file.content_type.startswith('audio/'):
 				body += f"\n\n{process_audio(file)}"
 			else:
-				body += f"\n\n{process_other(file)}"
+				abort(415)
 	return body
 
 
diff --git a/files/routes/comments.py b/files/routes/comments.py
index b41df7836..736afd9bc 100644
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@@ -297,7 +297,7 @@ def api_comment(v):
 			elif file.content_type.startswith('audio/'):
 				body += f"\n\n{process_audio(file)}"
 			else:
-				body += f"\n\n{process_other(file)}"
+				abort(415)
 
 	body = body.strip()
 	
diff --git a/files/routes/errors.py b/files/routes/errors.py
index 40e73cc11..23b2ad7b5 100644
--- a/files/routes/errors.py
+++ b/files/routes/errors.py
@@ -51,6 +51,11 @@ def error_413(e):
 		return {"error": "Max image/audio size is 8 MB (16 MB for paypigs)"}, 413
 	else: return render_template('errors/413.html', err=True), 413
 
+@app.errorhandler(415)
+def error_415(e):
+	if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "Please upload only Image, Video, or Audio files!"}, 415
+	else: return render_template('errors/415.html', err=True), 415
+
 @app.errorhandler(418)
 def error_418(e):
 	if request.headers.get("Authorization") or request.headers.get("xhr"):
diff --git a/files/routes/posts.py b/files/routes/posts.py
index 528d07a18..8ef074084 100644
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@@ -1068,7 +1068,7 @@ def submit_post(v, sub=None):
 		elif file.content_type.startswith('audio/'):
 			post.url = process_audio(file)
 		else:
-			post.url = process_other(file)
+			abort(415)
 		
 	if not post.thumburl and post.url:
 		gevent.spawn(thumbnail_thread, post.id)
diff --git a/files/templates/comments.html b/files/templates/comments.html
index 70ad02127..62729435f 100644
--- a/files/templates/comments.html
+++ b/files/templates/comments.html
@@ -329,7 +329,7 @@
 							
 							<label class="btn btn-secondary format m-0" for="file-edit-reply-{{c.id}}">
 								<div id="filename-edit-reply-{{c.id}}"><i class="fas fa-file"></i></div>
-								<input autocomplete="off" id="file-edit-reply-{{c.id}}" type="file" multiple="multiple" name="file" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} onchange="changename('filename-edit-reply-{{c.id}}','file-edit-reply-{{c.id}}')" hidden>
+								<input autocomplete="off" id="file-edit-reply-{{c.id}}" accept="image/*, video/*, audio/*" type="file" multiple="multiple" name="file" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} onchange="changename('filename-edit-reply-{{c.id}}','file-edit-reply-{{c.id}}')" hidden>
 							</label>
 						</div>
 						<a id="edit-btn-{{c.id}}" role="button" form="comment-edit-form-{{c.id}}" class="btn btn-primary ml-2 fl-r commentmob" onclick="comment_edit('{{c.id}}')">Save Edit</a> 
@@ -581,7 +581,7 @@
 						&nbsp;
 						<label class="btn btn-secondary format m-0" for="file-upload-reply-{{c.fullname}}">
 							<div id="filename-show-reply-{{c.fullname}}"><i class="fas fa-file"></i></div>
-							<input autocomplete="off" id="file-upload-reply-{{c.fullname}}" type="file" multiple="multiple" name="file" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} onchange="changename('filename-show-reply-{{c.fullname}}','file-upload-reply-{{c.fullname}}')" hidden>
+							<input autocomplete="off" id="file-upload-reply-{{c.fullname}}" accept="image/*, video/*, audio/*" type="file" multiple="multiple" name="file" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} onchange="changename('filename-show-reply-{{c.fullname}}','file-upload-reply-{{c.fullname}}')" hidden>
 						</label>
 					</div>
 					<a id="save-reply-to-{{c.fullname}}" class="btn btn-primary ml-2 fl-r commentmob" onclick="post_comment('{{c.fullname}}', '{{c.post.id}}')"role="button">Comment</a>
@@ -620,7 +620,7 @@
 							{% if c.sentto == 2 %}
 								<label class="btn btn-secondary m-0 mt-3" for="file-upload">
 									<div id="filename"><i class="fas fa-file"></i></div>
-									<input autocomplete="off" id="file-upload" type="file" name="file" multiple="multiple" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} onchange="changename('filename','file-upload')" hidden>
+									<input autocomplete="off" id="file-upload" accept="image/*, video/*, audio/*" type="file" name="file" multiple="multiple" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} onchange="changename('filename','file-upload')" hidden>
 								</label>
 							{% endif %}
 						</div>
diff --git a/files/templates/contact.html b/files/templates/contact.html
index 8f7e441f6..48d9eb37b 100644
--- a/files/templates/contact.html
+++ b/files/templates/contact.html
@@ -36,7 +36,7 @@
 		</label>
 		<label class="btn btn-secondary m-0 mt-3" for="file-upload">
 			<div id="filename"><i class="fas fa-file"></i></div>
-			<input autocomplete="off" id="file-upload" type="file" name="file" multiple="multiple" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} onchange="changename('filename','file-upload')" hidden>
+			<input autocomplete="off" id="file-upload" accept="image/*, video/*, audio/*" type="file" name="file" multiple="multiple" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} onchange="changename('filename','file-upload')" hidden>
 		</label>
 		<input type="submit" value="Submit" class="btn btn-primary mt-3">
 	</form>
diff --git a/files/templates/errors/415.html b/files/templates/errors/415.html
new file mode 100644
index 000000000..0139fd86d
--- /dev/null
+++ b/files/templates/errors/415.html
@@ -0,0 +1,20 @@
+{% extends "default.html" %}
+
+{% block title %}
+<title>415 Unsupported Media Type</title>
+{% endblock %}
+
+{% block pagetype %}error-415{% endblock %}
+
+{% block content %}
+<div class="row justify-content-center">
+	<div class="col-10 col-md-5">
+	<div class="text-center px-3 my-8">
+		<img alt=":#marseydetective:" loading="lazy" src="/e/marseydetective.webp">
+		<pre></pre>
+		<h1 class="h5">415 Unsupported Media Type</h1>
+			<p class="text-muted mb-5">Please upload only Image, Video, or Audio files!</p>
+		</div>
+	</div>
+</div>
+{% endblock %}
diff --git a/files/templates/errors/418.html b/files/templates/errors/418.html
index a8116c7d9..15642a384 100644
--- a/files/templates/errors/418.html
+++ b/files/templates/errors/418.html
@@ -10,10 +10,10 @@
 <div class="row justify-content-center">
 	<div class="col-10 col-md-5">
 	<div class="text-center px-3 my-8">
-		<img alt=":#marseyretard:" loading="lazy" src="/e/marseyretard.webp">
+		<img alt=":#marseytea:" loading="lazy" src="/e/marseytea.webp">
 		<pre></pre>
 		<h1 class="h5">WEBM videos are not allowed</h1>
-		<div><a href="/" class="btn btn-primary">please convert your video to MP4 and re-upload it!</a></div>
+		<div><a href="/" class="btn btn-primary">Please convert your video to MP4 and re-upload it!</a></div>
 		</div>
 	</div>
 </div>
diff --git a/files/templates/settings_profile.html b/files/templates/settings_profile.html
index cd4762ad5..be8be2811 100644
--- a/files/templates/settings_profile.html
+++ b/files/templates/settings_profile.html
@@ -606,7 +606,7 @@
 											&nbsp;
 											<label class="btn btn-secondary format d-inline-block m-0">
 												<div id="filename-show"><i class="fas fa-file"></i></div>
-												<input autocomplete="off" id="file-upload" type="file" name="file" multiple="multiple" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} onchange="changename('filename-show','file-upload')" hidden>
+												<input autocomplete="off" id="file-upload" accept="image/*, video/*, audio/*" type="file" name="file" multiple="multiple" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} onchange="changename('filename-show','file-upload')" hidden>
 											</label>
 										</div>
 										<pre></pre>
diff --git a/files/templates/submission.html b/files/templates/submission.html
index f61195a42..74ee482de 100644
--- a/files/templates/submission.html
+++ b/files/templates/submission.html
@@ -878,7 +878,7 @@
 
 										<label class="format btn btn-secondary m-0 ml-1 {% if v %}d-inline-block{% else %}d-none{% endif %}" for="file-upload-edit-{{p.id}}">
 											<div id="filename-show-edit-{{p.id}}"><i class="fas fa-file"></i></div>
-											<input autocomplete="off" id="file-upload-edit-{{p.id}}" type="file" multiple="multiple" name="file" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} onchange="changename('filename-show-edit-{{p.id}}','file-upload-edit-{{p.id}}')" hidden>
+											<input autocomplete="off" id="file-upload-edit-{{p.id}}" accept="image/*, video/*, audio/*" type="file" multiple="multiple" name="file" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} onchange="changename('filename-show-edit-{{p.id}}','file-upload-edit-{{p.id}}')" hidden>
 										</label>
 						
 										<small class="format d-none"><i class="fas fa-link" aria-hidden="true"></i></small> 
@@ -1075,7 +1075,7 @@
 					&nbsp;
 					<label class="format btn btn-secondary m-0 ml-1 {% if v %}d-inline-block{% else %}d-none{% endif %}" for="file-upload-reply-{{p.fullname}}">
 						<div id="filename-show-reply-{{p.fullname}}"><i class="fas fa-file"></i></div>
-						<input autocomplete="off" id="file-upload-reply-{{p.fullname}}" type="file" multiple="multiple" name="file" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} onchange="changename('filename-show-reply-{{p.fullname}}','file-upload-reply-{{p.fullname}}')" hidden>
+						<input autocomplete="off" id="file-upload-reply-{{p.fullname}}" accept="image/*, video/*, audio/*" type="file" multiple="multiple" name="file" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} onchange="changename('filename-show-reply-{{p.fullname}}','file-upload-reply-{{p.fullname}}')" hidden>
 					</label>
 				</div>
 				<a id="save-reply-to-{{p.fullname}}" role="button" form="reply-to-{{p.fullname}}" class="btn btn-primary text-whitebtn ml-auto fl-r" onclick="post_comment('{{p.fullname}}', '{{p.id}}')">Comment</a>
diff --git a/files/templates/submit.html b/files/templates/submit.html
index 14b8ebcf5..45b01f9b1 100644
--- a/files/templates/submit.html
+++ b/files/templates/submit.html
@@ -111,7 +111,7 @@
 													<img loading="lazy" id="image-preview" style="max-width:50%">
 													<label class="btn btn-secondary m-0" for="file-upload">
 														<div id="filename-show">Select File</div>
-														<input autocomplete="off" id="file-upload" type="file" name="file-url" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} hidden>
+														<input autocomplete="off" id="file-upload" accept="image/*, video/*, audio/*" type="file" name="file-url" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} hidden>
 													</label>
 													<small class="form-text text-muted">Optional if you have text.</small>
 													<small class="form-text text-muted">You can upload images or videos up to 60 seconds.</small>
@@ -147,7 +147,7 @@
 																
 												<label class="format btn btn-secondary m-0 ml-1 {% if v %}d-inline-block{% else %}d-none{% endif %}" for="file-upload-submit">
 													<div id="filename-show-submit"><i class="fas fa-file"></i></div>
-													<input autocomplete="off" id="file-upload-submit" multiple="multiple" type="file" name="file" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} onchange="changename('filename-show-submit','file-upload-submit');checkForRequired()" hidden>
+													<input autocomplete="off" id="file-upload-submit" multiple="multiple" accept="image/*, video/*, audio/*" type="file" name="file" {% if request.headers.get('cf-ipcountry')=="T1" %}disabled{% endif %} onchange="changename('filename-show-submit','file-upload-submit');checkForRequired()" hidden>
 												</label>		
 
 												<div id="preview" class="preview my-3"></div>