Merge branch 'master' into mistletoe

2021-12-10 14:28:11 -06:00 · 2021-12-10 14:28:11 -06:00 · e49f0176cd
parent e02f8c3afa 9455bae222
commit e49f0176cd
10 changed files with 52 additions and 27 deletions
--- a/files/main.py
+++ b/files/main.py
@ -134,11 +134,10 @@ def teardown_request(error):

@app.after_request
 def after_request(response):
-	if session.get("favorite_emojis"): del session["favorite_emojis"]

 	response.headers.add("Strict-Transport-Security", "max-age=31536000")
 	response.headers.add("X-Frame-Options", "deny")
-	response.headers.add("Content-Security-Policy", "script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com; connect-src 'self' tls-use1.fpapi.io api.fpjs.io 02ddcc80-b8db-42be-9022-44c546b4dce6.pushnotifications.pusher.com; object-src 'none';")
 	return response

+
 from files.routes import *
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@ -157,7 +157,10 @@ def api_comment(v):
 		else: top_comment_id = parent.top_comment_id
 	else: abort(400)

-	body = request.values.get("body", "").strip()[:10000]
+	body = request.values.get("body", "").strip()[:10000].replace(' ','\n')
+	for i in re.finditer('(^|\n)(?!.*http)(.*)', body):
+		body = body.replace(i.group(2), i.group(2).upper())
+	body = body.replace('\n\n','%&$').replace('\n',' ').replace('%&$','\n\n')

 	if v.marseyawarded:
 		if time.time() > v.marseyawarded:
@ -192,7 +195,7 @@ def api_comment(v):
 		file=request.files["file"]
 		if not file.content_type.startswith('image/'): return {"error": "That wasn't an image!"}, 400

-		name = f'/images/{time.time()}'.replace('.','') + '.webp'
+		name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp'
 		file.save(name)
 		url = request.host_url[:-1] + process_image(name)
 		
@ -615,7 +618,11 @@ def edit_comment(cid, v):

 	if c.is_banned or c.deleted_utc > 0: abort(403)

-	body = request.values.get("body", "").strip()[:10000]
+	body = request.values.get("body", "").strip()[:10000].replace(' ','\n')
+	for i in re.finditer('(^|\n)(?!.*http)(.*)', body):
+		body = body.replace(i.group(2), i.group(2).upper())
+	body = body.replace('\n\n','%&$').replace('\n',' ').replace('%&$','\n\n')
+
 	if len(body) < 1: return {"error":"You have to actually type something!"}, 400

 	if body != c.body and body != "":
@ -721,7 +728,7 @@ def edit_comment(cid, v):
 			file=request.files["file"]
 			if not file.content_type.startswith('image/'): return {"error": "That wasn't an image!"}, 400

-			name = f'/images/{time.time()}'.replace('.','') + '.webp'
+			name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp'
 			file.save(name)
 			url = request.host_url[:-1] + process_image(name)

--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@ -335,8 +335,12 @@ def edit_post(pid, v):

 	if p.author_id != v.id and not (v.admin_level > 1 and v.admin_level > 2): abort(403)

-	title = request.values.get("title", "").strip()
-	body = request.values.get("body", "").strip()
+	title = request.values.get("title", "").strip().upper()
+
+	body = request.values.get("body", "").strip().replace(' ','\n')
+	for i in re.finditer('(^|\n)(?!.*http)(.*)', body):
+		body = body.replace(i.group(2), i.group(2).upper())
+	body = body.replace('\n\n','%&$').replace('\n',' ').replace('%&$','\n\n')

 	if len(body) > 10000: return {"error":"Character limit is 10000!"}, 403

@ -377,7 +381,7 @@ def edit_post(pid, v):
 		file=request.files["file"]
 		if not file.content_type.startswith('image/'): return {"error": "That wasn't an image!"}, 400

-		name = f'/images/{time.time()}'.replace('.','') + '.webp'
+		name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp'
 		file.save(name)
 		url = request.host_url[:-1] + process_image(name)
 		
@ -646,7 +650,7 @@ def thumbnail_thread(pid):
 		db.close()
 		return

-	name = f'/images/{time.time()}'.replace('.','') + '.webp'
+	name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp'

 	with open(name, "wb") as file:
 		for chunk in image_req.iter_content(1024):
@ -669,7 +673,8 @@ def submit_post(v):
 		if request.content_length > 8 * 1024 * 1024: return "Max file size is 8 MB.", 413
 	elif request.content_length > 4 * 1024 * 1024: return "Max file size is 4 MB.", 413

-	title = request.values.get("title", "").strip()[:500]
+	title = request.values.get("title", "").strip()[:500].upper()
+
 	url = request.values.get("url", "").strip()

 	if v.agendaposter and not v.marseyawarded:
@ -678,7 +683,10 @@ def submit_post(v):
 		title = censor_slurs2(title).upper().replace(' ME ', f' @{v.username} ')

 	title_html = filter_emojis_only(title)
-	body = request.values.get("body", "").strip()
+	body = request.values.get("body", "").strip().replace(' ','\n')
+	for i in re.finditer('(^|\n)(?!.*http)(.*)', body):
+		body = body.replace(i.group(2), i.group(2).upper())
+	body = body.replace('\n\n','%&$').replace('\n',' ').replace('%&$','\n\n')

 	if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', title_html))) > 0: return {"error":"You can only type marseys!"}, 40

@ -864,7 +872,7 @@ def submit_post(v):
 		file=request.files["file2"]
 		if not file.content_type.startswith('image/'): return {"error": "That wasn't an image!"}, 400

-		name = f'/images/{time.time()}'.replace('.','') + '.webp'
+		name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp'
 		file.save(name)
 		url = request.host_url[:-1] + process_image(name)
 		
@ -952,7 +960,7 @@ def submit_post(v):
 				), 403

 		if file.content_type.startswith('image/'):
-			name = f'/images/{time.time()}'.replace('.','') + '.webp'
+			name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp'
 			file.save(name)
 			new_post.url = request.host_url[:-1] + process_image(name)
 			
--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@ -124,7 +124,7 @@ def settings_profile_post(v):
 				if request.headers.get("Authorization"): return {"error": f"Image files only"}, 400
 				else: return render_template("settings_profile.html", v=v, error=f"Image files only."), 400

-			name = f'/images/{time.time()}'.replace('.','') + '.webp'
+			name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp'
 			file.save(name)
 			url = request.host_url[:-1] + process_image(name)

@ -314,7 +314,7 @@ def settings_profile_post(v):
 				if request.headers.get("Authorization"): return {"error": f"Image files only"}, 400
 				else: return render_template("settings_profile.html", v=v, error=f"Image files only."), 400

-			name = f'/images/{time.time()}'.replace('.','') + '.webp'
+			name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp'
 			file.save(name)
 			url = request.host_url[:-1] + process_image(name)

@ -720,7 +720,7 @@ def settings_images_profile(v):

 	file = request.files["profile"]

-	name = f'/images/{time.time()}'.replace('.','') + '.webp'
+	name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp'
 	file.save(name)
 	highres = request.host_url[:-1] + process_image(name)

@ -756,7 +756,7 @@ def settings_images_banner(v):

 	file = request.files["banner"]

-	name = f'/images/{time.time()}'.replace('.','') + '.webp'
+	name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp'
 	file.save(name)
 	bannerurl = request.host_url[:-1] + process_image(name)

--- a/files/routes/users.py
+++ b/files/routes/users.py
@ -817,7 +817,18 @@ def user_profile_uid(id):
 		try: id = int(id, 36)
 		except: abort(404)
 	x=get_account(id)
-	return redirect(x.profile_url)
+
+	purl = x.profile_url
+	if not 'images/' in purl: return redirect(purl)
+
+	path = purl.split('images/')[1]
+	resp = make_response(send_from_directory('/images', path))
+	resp.headers.remove("Cache-Control")
+	resp.headers.add("Cache-Control", "public, max-age=2628000")
+	if request.path.endswith('.webp'):
+		resp.headers.remove("Content-Type")
+		resp.headers.add("Content-Type", "image/webp")
+	return resp

@app.get("/@<username>/pic")
@limiter.exempt
--- a/files/templates/authforms.html
+++ b/files/templates/authforms.html
@ -13,11 +13,11 @@

 		{% if v %}
 			<style>:root{--primary:#{{v.themecolor}}}</style>
-			<link rel="stylesheet" href="/assets/css/main.css?v=142"><link rel="stylesheet" href="/assets/css/{{v.theme}}.css?v=125">
+			<link rel="stylesheet" href="/assets/css/main.css?v=145"><link rel="stylesheet" href="/assets/css/{{v.theme}}.css?v=125">
 			{% if v.agendaposter %}<link rel="stylesheet" href="/assets/css/agendaposter.css?v=125">{% elif v.css %}<link rel="stylesheet" href="/@{{v.username}}/css">{% endif %}
 		{% else %}
 			<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-			<link rel="stylesheet" href="/assets/css/main.css?v=142"><link rel="stylesheet" href="/assets/css/{{'DEFAULT_THEME' | app_config}}.css?v=125">
+			<link rel="stylesheet" href="/assets/css/main.css?v=145"><link rel="stylesheet" href="/assets/css/{{'DEFAULT_THEME' | app_config}}.css?v=125">
 		{% endif %}

 </head>
--- a/files/templates/log.html
+++ b/files/templates/log.html
@ -6,11 +6,11 @@
 {% block content %}
 {% if v %}
 	<style>:root{--primary:#{{v.themecolor}}}</style>
-	<link rel="stylesheet" href="/assets/css/main.css?v=142"><link rel="stylesheet" href="/assets/css/{{v.theme}}.css?v=125">
+	<link rel="stylesheet" href="/assets/css/main.css?v=145"><link rel="stylesheet" href="/assets/css/{{v.theme}}.css?v=125">
 	{% if v.agendaposter %}<link rel="stylesheet" href="/assets/css/agendaposter.css?v=125">{% elif v.css %}<link rel="stylesheet" href="/@{{v.username}}/css">{% endif %}
 {% else %}
 	<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-	<link rel="stylesheet" href="/assets/css/main.css?v=142"><link rel="stylesheet" href="/assets/css/{{'DEFAULT_THEME' | app_config}}.css?v=125">
+	<link rel="stylesheet" href="/assets/css/main.css?v=145"><link rel="stylesheet" href="/assets/css/{{'DEFAULT_THEME' | app_config}}.css?v=125">
 {% endif %}

 <div class="row justify-content-around">
--- a/files/templates/login_2fa.html
+++ b/files/templates/login_2fa.html
@ -12,7 +12,7 @@
 		<title>2-Step Login - {{'SITE_NAME' | app_config}}</title>

 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/assets/css/main.css?v=142"><link rel="stylesheet" href="/assets/css/{{'DEFAULT_THEME' | app_config}}.css?v=125">
+		<link rel="stylesheet" href="/assets/css/main.css?v=145"><link rel="stylesheet" href="/assets/css/{{'DEFAULT_THEME' | app_config}}.css?v=125">

 </head>

--- a/files/templates/settings2.html
+++ b/files/templates/settings2.html
@ -36,10 +36,10 @@
 	
 	{% if v %}
 		<style>:root{--primary:#{{v.themecolor}}}</style>
-		<link rel="stylesheet" href="/assets/css/main.css?v=142"><link rel="stylesheet" href="/assets/css/{{v.theme}}.css?v=125">
+		<link rel="stylesheet" href="/assets/css/main.css?v=145"><link rel="stylesheet" href="/assets/css/{{v.theme}}.css?v=125">
 	{% else %}
 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/assets/css/main.css?v=142"><link rel="stylesheet" href="/assets/css/{{'DEFAULT_THEME' | app_config}}.css?v=125">
+		<link rel="stylesheet" href="/assets/css/main.css?v=145"><link rel="stylesheet" href="/assets/css/{{'DEFAULT_THEME' | app_config}}.css?v=125">
 	{% endif %}

 		<link href="/assets/css/fa.css?v=55" rel="stylesheet"> 
--- a/files/templates/sign_up_failed_ref.html
+++ b/files/templates/sign_up_failed_ref.html
@ -29,7 +29,7 @@
 		<title>{% if ref_user %}{{ref_user.username}} invites you to {{'SITE_NAME' | app_config}}{% else %}{{'SITE_NAME' | app_config}}{% endif %}</title>

 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/assets/css/main.css?v=142"><link rel="stylesheet" href="/assets/css/{{'DEFAULT_THEME' | app_config}}.css?v=125">
+		<link rel="stylesheet" href="/assets/css/main.css?v=145"><link rel="stylesheet" href="/assets/css/{{'DEFAULT_THEME' | app_config}}.css?v=125">

 </head>