b

2022-01-16 07:53:32 +02:00 · 2022-01-16 07:53:32 +02:00 · e108fa509e
parent 40531da231
commit e108fa509e
33 changed files with 80 additions and 75 deletions
--- a/files/routes/errors.py
+++ b/files/routes/errors.py
@ -40,6 +40,10 @@ def error_405(e):
 	else: return render_template('errors/405.html', err=True), 405


+@app.errorhandler(413)
+def error_413(e):
+	return {"error": "Max file size is 4 MB (8 MB for paypigs)"}, 413
+
@app.errorhandler(429)
 def error_429(e):
 	if request.headers.get("Authorization"): return {"error": "429 Too Many Requests"}, 429
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@ -388,8 +388,8 @@ def morecomments(v, cid):
@auth_required
 def edit_post(pid, v):
 	if v and v.patron:
-		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}
-	elif request.content_length > 4 * 1024 * 1024: return {"error":"Max file size is 4 MB."}
+		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
+	elif request.content_length > 4 * 1024 * 1024: return {"error":"Max file size is 4 MB."}, 413

 	p = get_post(pid)

@ -687,8 +687,8 @@ def submit_post(v):
 	if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403
 	
 	if v and v.patron:
-		if request.content_length > 8 * 1024 * 1024: return {"error": "Max file size is 8 MB."}
-	elif request.content_length > 4 * 1024 * 1024: return {"error": "Max file size is 4 MB."}
+		if request.content_length > 8 * 1024 * 1024: return {"error": "Max file size is 8 MB."}, 413
+	elif request.content_length > 4 * 1024 * 1024: return {"error": "Max file size is 4 MB."}, 413


 	title = request.values.get("title", "").strip()[:500].replace('‎','')
--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@ -47,8 +47,8 @@ def removebackground(v):
@auth_required
 def settings_profile_post(v):
 	if v and v.patron:
-		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}
-	elif request.content_length > 4 * 1024 * 1024: return {"error":"Max file size is 4 MB."}
+		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
+	elif request.content_length > 4 * 1024 * 1024: return {"error":"Max file size is 4 MB."}, 413


 	updated = False
@ -620,8 +620,8 @@ def settings_log_out_others(v):
@auth_required
 def settings_images_profile(v):
 	if v and v.patron:
-		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}
-	elif request.content_length > 4 * 1024 * 1024: return {"error":"Max file size is 4 MB."}
+		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
+	elif request.content_length > 4 * 1024 * 1024: return {"error":"Max file size is 4 MB."}, 413

 	if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403

@ -655,8 +655,8 @@ def settings_images_profile(v):
@auth_required
 def settings_images_banner(v):
 	if v and v.patron:
-		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}
-	elif request.content_length > 4 * 1024 * 1024: return {"error":"Max file size is 4 MB."}
+		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
+	elif request.content_length > 4 * 1024 * 1024: return {"error":"Max file size is 4 MB."}, 413

 	if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403

--- a/files/templates/admins.html
+++ b/files/templates/admins.html
@ -4,7 +4,7 @@

 {% block content %}

-<script src="/static/assets/js/sort_table.js?a=5"></script>
+<script src="/static/assets/js/sort_table.js?a=200"></script>

 <pre class="d-none d-md-inline-block"></pre>
 <h5 style="font-weight:bold;">Admins</h5>
--- a/files/templates/award_modal.html
+++ b/files/templates/award_modal.html
@ -1,4 +1,4 @@
-<script src="/static/assets/js/award_modal.js?a=5"></script>
+<script src="/static/assets/js/award_modal.js?a=200"></script>
 <div class="modal fade" id="awardModal" tabindex="-1" role="dialog" aria-labelledby="awardModalTitle" aria-hidden="true">
 	<div class="modal-dialog modal-dialog-scrollable modal-dialog-centered awardmodal" role="document">
 		<div class="modal-content">
--- a/files/templates/ban_modal.html
+++ b/files/templates/ban_modal.html
@ -1,5 +1,5 @@

-<script src="/static/assets/js/ban_modal.js?a=3"></script>
+<script src="/static/assets/js/ban_modal.js?a=200"></script>

 <div class="modal fade" id="banModal" tabindex="-1" role="dialog" aria-labelledby="banModalTitle" aria-hidden="true">
 	<div class="modal-dialog modal-dialog-centered" role="document">
--- a/files/templates/changelog.html
+++ b/files/templates/changelog.html
@ -104,6 +104,6 @@
 </nav>
 {% endif %}

-<script src="/static/assets/js/post_toast2.js?a=10"></script>
+<script src="/static/assets/js/post_toast2.js?a=200"></script>

 {% endblock %}
--- a/files/templates/comments.html
+++ b/files/templates/comments.html
@ -847,20 +847,20 @@
 </style>

 {% if v %}
-	<script src="/static/assets/js/marked.js?a=3"></script>
-	<script src="/static/assets/js/comments_v.js?a=15"></script>
+	<script src="/static/assets/js/marked.js?a=200"></script>
+	<script src="/static/assets/js/comments_v.js?a=200"></script>
 {% endif %}

-<script src="/static/assets/js/clipboard.js?a=3"></script>
+<script src="/static/assets/js/clipboard.js?a=200"></script>

 {% if v and v.admin_level > 1 %}
-	<script src="/static/assets/js/comments_admin.js?a=3"></script>
+	<script src="/static/assets/js/comments_admin.js?a=200"></script>
 {% endif %}

 {% include "expanded_image_modal.html" %}

-<script src="/static/assets/js/comments+submission_listing.js?a=9"></script>
-<script src="/static/assets/js/comments.js?a=4"></script>
+<script src="/static/assets/js/comments+submission_listing.js?a=200"></script>
+<script src="/static/assets/js/comments.js?a=200"></script>

 <script>
 	{% if p and (not v or v.highlightcomments) %}
--- a/files/templates/default.html
+++ b/files/templates/default.html
@ -4,7 +4,7 @@
 	<meta name="description" content="{{'DESCRIPTION' | app_config}}">
 	<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com; connect-src 'self' tls-use1.fpapi.io api.fpjs.io {{PUSHER_ID}}.pushnotifications.pusher.com; object-src 'none';">

-	<script src="/static/assets/js/bootstrap.js?a=3"></script>
+	<script src="/static/assets/js/bootstrap.js?a=200"></script>
 	{% if v %}
 		<style>:root{--primary:#{{v.themecolor}}}</style>
 		<link rel="stylesheet" href="/static/assets/css/main.css?a=78">
@ -314,15 +314,15 @@
 	</div>
 </div>

-<script src="/static/assets/js/lozad.js?a=3"></script>
+<script src="/static/assets/js/lozad.js?a=200"></script>

 {% if v %}
-	<script src="/static/assets/js/post_toast2.js?a=10"></script>
-	<script src="/static/assets/js/formatting.js?a=3"></script>
-	<script src="/static/assets/js/default.js?a=4"></script>
+	<script src="/static/assets/js/post_toast2.js?a=200"></script>
+	<script src="/static/assets/js/formatting.js?a=200"></script>
+	<script src="/static/assets/js/default.js?a=200"></script>
 {% endif %}

-<script src="/static/assets/js/lite-youtube.js?a=3"></script>
+<script src="/static/assets/js/lite-youtube.js?a=200"></script>

 </body>

--- a/files/templates/delete_post_modal.html
+++ b/files/templates/delete_post_modal.html
@ -1,4 +1,4 @@
-<script src="/static/assets/js/delete_post_modal.js?a=3"></script>
+<script src="/static/assets/js/delete_post_modal.js?a=200"></script>

 <div class="modal fade" id="deletePostModal" tabindex="-1" role="dialog" aria-labelledby="deletePostModalTitle" aria-hidden="true">
 	<div class="modal-dialog modal-dialog-centered" role="document">
--- a/files/templates/emoji_modal.html
+++ b/files/templates/emoji_modal.html
@ -80,7 +80,7 @@
 	</div>
 </div>

-<script src="/static/assets/js/emoji_modal.js?a=45"></script>
+<script src="/static/assets/js/emoji_modal.js?a=200"></script>

 <style>
 	a.emojitab {
--- a/files/templates/followers.html
+++ b/files/templates/followers.html
@ -1,6 +1,6 @@
 {% extends "default.html" %}
 {% block content %}
-<script src="/static/assets/js/followers.js?a=3"></script>
+<script src="/static/assets/js/followers.js?a=200"></script>
 <pre>

 	
--- a/files/templates/following.html
+++ b/files/templates/following.html
@ -1,6 +1,6 @@
 {% extends "default.html" %}
 {% block content %}
-<script src="/static/assets/js/following.js?a=3"></script>
+<script src="/static/assets/js/following.js?a=200"></script>
 <pre>

 	
--- a/files/templates/gif_modal.html
+++ b/files/templates/gif_modal.html
@ -26,4 +26,4 @@
 	</div>
 </div>

-<script src="/static/assets/js/gif_modal.js?a=3"></script>
+<script src="/static/assets/js/gif_modal.js?a=200"></script>
--- a/files/templates/header.html
+++ b/files/templates/header.html
@ -207,7 +207,7 @@
 	</div>
 </nav>

-<script src="/static/assets/js/header.js?a=10"></script>
+<script src="/static/assets/js/header.js?a=200"></script>

 <style>
 	.notif-count {
--- a/files/templates/home.html
+++ b/files/templates/home.html
@ -6,7 +6,8 @@
 	{% if not v.fp %}
 		<script>
 			function fp(fp) {
-				var xhr = new XMLHttpRequest();
+				const xhr = new XMLHttpRequest();
+				xhr.setRequestHeader('Authorization', 'xhr');
 				xhr.open("POST", '{{request.host_url}}fp/'+fp, true);
 				var form = new FormData()
 				form.append("formkey", formkey());
@ -19,7 +20,7 @@
 				script.onload = resolve;
 				script.onerror = reject;
 				script.async = true;
-				script.src = "/static/assets/js/fp.js?a=5";
+				script.src = "/static/assets/js/fp.js?a=200";
 				document.head.appendChild(script);
 			})
 				.then(() => FingerprintJS.load({token: '{{environ.get("FP")}}'}));
@ -167,7 +168,7 @@
 {% if v %}
 	<div class="d-none" id="strid">{{request.host}}{{v.id}}</div>
 	<div class="d-none" id="pusherid">{{PUSHER_ID}}</div>
-	<script src="/static/assets/js/pusher.js?a=161"></script>
+	<script src="/static/assets/js/pusher.js?a=200"></script>
 	<script>
 		if (Android){
 			Android.Subscribe('{{request.host}}{{v.id}}');
--- a/files/templates/log.html
+++ b/files/templates/log.html
@ -142,6 +142,6 @@
 	</div>
 </div>

-<script src="/static/assets/js/clipboard.js?a=3"></script>
+<script src="/static/assets/js/clipboard.js?a=200"></script>

 {% endblock %}
--- a/files/templates/login.html
+++ b/files/templates/login.html
@ -6,7 +6,7 @@
 	<meta name="description" content="{{'DESCRIPTION' | app_config}}">
 	<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; connect-src 'self'; object-src 'none';">

-	<script src="/static/assets/js/bootstrap.js?a=3"></script>
+	<script src="/static/assets/js/bootstrap.js?a=200"></script>

 	<meta charset="utf-8">
 	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
--- a/files/templates/mobile_navigation_bar.html
+++ b/files/templates/mobile_navigation_bar.html
@ -68,7 +68,7 @@
 		</div>
 </div>

-<script src="/static/assets/js/mobile_navigation_bar.js?a=3"></script>
+<script src="/static/assets/js/mobile_navigation_bar.js?a=200"></script>

 <style>
 	.btn-dead:hover, .active.btn-dead:hover, .active.btn-dead {
--- a/files/templates/report_post_modal.html
+++ b/files/templates/report_post_modal.html
@ -32,4 +32,4 @@
 	</div>
 </div>

-<script src="/static/assets/js/report_post_modal.js?a=3"></script>
+<script src="/static/assets/js/report_post_modal.js?a=200"></script>
--- a/files/templates/settings.html
+++ b/files/templates/settings.html
@ -5,7 +5,7 @@
 	<meta name="description" content="{{'DESCRIPTION' | app_config}}">
 	<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; connect-src 'self'; object-src 'none';">

-	<script src="/static/assets/js/bootstrap.js?a=3"></script>
+	<script src="/static/assets/js/bootstrap.js?a=200"></script>

 	<meta charset="utf-8">
 	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
@ -258,7 +258,7 @@

 {% block onload %}{% endblock %}

-<script src="/static/assets/js/clipboard.js?a=3"></script>
+<script src="/static/assets/js/clipboard.js?a=200"></script>

 <style>
 	.navsettings {
--- a/files/templates/settings2.html
+++ b/files/templates/settings2.html
@ -6,7 +6,7 @@
 	<meta name="description" content="{{'DESCRIPTION' | app_config}}">
 	<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; connect-src 'self'; object-src 'none';">

-	<script src="/static/assets/js/bootstrap.js?a=3"></script>
+	<script src="/static/assets/js/bootstrap.js?a=200"></script>

 	<meta charset="utf-8">
 	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
--- a/files/templates/settings_blocks.html
+++ b/files/templates/settings_blocks.html
@ -4,7 +4,7 @@

 {% block content %}

-<script src="/static/assets/js/settings_blocks.js?a=3"></script>
+<script src="/static/assets/js/settings_blocks.js?a=200"></script>

 <div class="row">

--- a/files/templates/settings_profile.html
+++ b/files/templates/settings_profile.html
@ -677,7 +677,7 @@
 </div>


-<script src="/static/assets/js/settings_profile.js?a=3"></script>
+<script src="/static/assets/js/settings_profile.js?a=200"></script>

 {% include "emoji_modal.html" %}
 {% include "gif_modal.html" %}
--- a/files/templates/settings_security.html
+++ b/files/templates/settings_security.html
@ -4,7 +4,7 @@

 {% block content %}

-<script src="/static/assets/js/settings_security.js?a=3"></script>
+<script src="/static/assets/js/settings_security.js?a=200"></script>

 <div class="row">

--- a/files/templates/sign_up.html
+++ b/files/templates/sign_up.html
@ -5,7 +5,7 @@
 	<meta name="description" content="{{'DESCRIPTION' | app_config}}">
 		<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; connect-src 'self'; object-src 'none';">

-		<script src="/static/assets/js/bootstrap.js?a=3"></script>
+		<script src="/static/assets/js/bootstrap.js?a=200"></script>

 		<meta charset="utf-8">
 		<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
@ -154,10 +154,10 @@
 		</div>
 </div>

-<script src="/static/assets/js/signup.js?a=3"></script>
+<script src="/static/assets/js/signup.js?a=200"></script>

 {% if hcaptcha %}
-	<script src="/static/assets/js/hcaptcha.js?a=3"></script>
+	<script src="/static/assets/js/hcaptcha.js?a=200"></script>
 {% endif %}

 </body>
--- a/files/templates/sign_up_failed_ref.html
+++ b/files/templates/sign_up_failed_ref.html
@ -6,7 +6,7 @@
 	<meta name="description" content="{{'DESCRIPTION' | app_config}}">
 		<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; connect-src 'self'; object-src 'none';">

-		<script src="/static/assets/js/bootstrap.js?a=3"></script>
+		<script src="/static/assets/js/bootstrap.js?a=200"></script>

 		<meta charset="utf-8">
 		<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
--- a/files/templates/submission.html
+++ b/files/templates/submission.html
@ -406,9 +406,9 @@
 							{% if p.domain == "twitter.com" %}
 								{{p.embed_url | safe}}
 								{% if v and v.theme.split("_")[0] in ["light", "coffee", "4chan"] %}
-									<script src="/static/assets/js/twitterlight.js?a=3"></script>
+									<script src="/static/assets/js/twitterlight.js?a=200"></script>
 								{% else %}
-									<script src="/static/assets/js/twitter.js?a=3"></script>
+									<script src="/static/assets/js/twitter.js?a=200"></script>
 								{% endif %}
 							{% elif p.domain in ['youtu.be','youtube.com'] and p.embed_url and p.embed_url.startswith('<lite-youtube') %}
 								{{p.embed_url | safe}}
@ -801,7 +801,7 @@
 </div>
 
 {% if offset %}
-	<script src="/static/assets/js/viewmore.js?a=3"></script>
+	<script src="/static/assets/js/viewmore.js?a=200"></script>
 {% endif %}

 {% elif not p.replies and p.deleted_utc == 0 %}
@ -832,32 +832,32 @@
 {% endif %}

 {% if v and (v.id == p.author_id or v.admin_level > 1 and v.admin_level > 2) %}
-	<script src="/static/assets/js/togglePostEdit.js?a=3"></script>
+	<script src="/static/assets/js/togglePostEdit.js?a=200"></script>
 {% endif %}

 {% if v %}
-	<script src="/static/assets/js/submission.js?a=3"></script>
+	<script src="/static/assets/js/submission.js?a=200"></script>
 {% endif %}

 {% if not v or v.highlightcomments %}
-	<script src="/static/assets/js/new_comments_count.js?a=3"></script>
+	<script src="/static/assets/js/new_comments_count.js?a=200"></script>
 {% endif %}

-<script src="/static/assets/js/clipboard.js?a=3"></script>
+<script src="/static/assets/js/clipboard.js?a=200"></script>

 {% if not p.comment_count %}
 	{% include "comments.html" %}
 {% endif %}

 {% if p.award_count("shit") %}
-	<script src="/static/assets/js/critters.js?a=3"></script>
-	<script src="/static/assets/js/bugs.js?a=3"></script>
+	<script src="/static/assets/js/critters.js?a=200"></script>
+	<script src="/static/assets/js/bugs.js?a=200"></script>
 {% endif %}


 {% if p.award_count("fireflies") %}
-	<script src="/static/assets/js/critters.js?a=3"></script>
-	<script src="/static/assets/js/fireflies.js?a=3"></script>
+	<script src="/static/assets/js/critters.js?a=200"></script>
+	<script src="/static/assets/js/fireflies.js?a=200"></script>
 {% endif %}


--- a/files/templates/submission_listing.html
+++ b/files/templates/submission_listing.html
@ -9,7 +9,7 @@
 {% endif %}

 {% if not v or v.highlightcomments %}
-	<script src="/static/assets/js/new_comments_count.js?a=3"></script>
+	<script src="/static/assets/js/new_comments_count.js?a=200"></script>
 {% endif %}

 <script>
@ -695,6 +695,6 @@
 	}
 </style>

-<script src="/static/assets/js/clipboard.js?a=3"></script>
-<script src="/static/assets/js/comments+submission_listing.js?a=9"></script>
-<script src="/static/assets/js/submission_listing.js?a=3"></script>
+<script src="/static/assets/js/clipboard.js?a=200"></script>
+<script src="/static/assets/js/comments+submission_listing.js?a=200"></script>
+<script src="/static/assets/js/submission_listing.js?a=200"></script>
--- a/files/templates/submit.html
+++ b/files/templates/submit.html
@ -4,7 +4,7 @@
 	<meta name="description" content="{{'DESCRIPTION' | app_config}}">
 		<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; connect-src 'self'; object-src 'none';">

-		<script src="/static/assets/js/bootstrap.js?a=3"></script>
+		<script src="/static/assets/js/bootstrap.js?a=200"></script>

 		<meta charset="utf-8">
 		<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
@ -239,9 +239,9 @@
 			checkForRequired()
 		</script>

-		<script src="/static/assets/js/marked.js?a=3"></script>
-		<script src="/static/assets/js/formatting.js?a=3"></script>
-		<script src="/static/assets/js/submit.js?a=5"></script>
+		<script src="/static/assets/js/marked.js?a=200"></script>
+		<script src="/static/assets/js/formatting.js?a=200"></script>
+		<script src="/static/assets/js/submit.js?a=200"></script>
 		{% include "emoji_modal.html" %}
 		{% include "gif_modal.html" %}

--- a/files/templates/userpage.html
+++ b/files/templates/userpage.html
@ -691,11 +691,11 @@

 {% if v %}
 <div id='tax' class="d-none">{% if v.patron or u.patron or v.alts_patron or u.alts_patron %}0{% else %}0.03{% endif %}</div>
-<script src="/static/assets/js/userpage_v.js?a=10"></script>
+<script src="/static/assets/js/userpage_v.js?a=200"></script>
 <div id="username" class="d-none">{{u.username}}</div>
 {% endif %}

-<script src="/static/assets/js/userpage.js?a=4"></script>
+<script src="/static/assets/js/userpage.js?a=200"></script>

 {% endblock %}

@ -721,7 +721,7 @@
 </nav>
 {% endif %}

-<script src="/static/assets/js/marked.js?a=3"></script>
+<script src="/static/assets/js/marked.js?a=200"></script>

 <style>
 	.userbanner {
--- a/files/templates/userpage_comments.html
+++ b/files/templates/userpage_comments.html
@ -110,9 +110,9 @@

 {% if v %}
 <div id='tax' class="d-none">{% if v.patron or u.patron %}0{% else %}0.03{% endif %}</div>
-<script src="/static/assets/js/userpage_v.js?a=10"></script>
+<script src="/static/assets/js/userpage_v.js?a=200"></script>
 <div id="username" class="d-none">{{u.username}}</div>
 {% endif %}

-<script src="/static/assets/js/userpage.js?a=4"></script>
+<script src="/static/assets/js/userpage.js?a=200"></script>
 {% endblock %}
--- a/files/templates/userpage_private.html
+++ b/files/templates/userpage_private.html
@ -44,9 +44,9 @@

 {% if v %}
 <div id='tax' class="d-none">{% if v.patron or u.patron %}0{% else %}0.03{% endif %}</div>
-<script src="/static/assets/js/userpage_v.js?a=10"></script>
+<script src="/static/assets/js/userpage_v.js?a=200"></script>
 <div id="username" class="d-none">{{u.username}}</div>
 {% endif %}

-<script src="/static/assets/js/userpage.js?a=4"></script>
+<script src="/static/assets/js/userpage.js?a=200"></script>
 {% endblock %}