From e5dfdd701eca7897e0bcddbba857aa9cef3db0e9 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Sat, 6 Nov 2021 17:21:05 +0200 Subject: [PATCH] enemies and fixes --- files/classes/comment.py | 2 - files/classes/submission.py | 1 - files/classes/user.py | 2 + files/helpers/sanitize.py | 2 +- files/routes/admin.py | 9 ++++ files/routes/posts.py | 4 +- files/routes/settings.py | 55 ++++++++++++++++++++++--- files/templates/authforms.html | 4 +- files/templates/comments.html | 6 +++ files/templates/default.html | 4 +- files/templates/formatting.html | 54 ++++++++++++++++++------ files/templates/log.html | 4 +- files/templates/login_2fa.html | 2 +- files/templates/settings.html | 2 +- files/templates/settings2.html | 4 +- files/templates/settings_profile.html | 23 ++++++++++- files/templates/sign_up.html | 2 +- files/templates/sign_up_failed_ref.html | 2 +- files/templates/submission.html | 5 +++ files/templates/submission_listing.html | 5 +++ files/templates/submit.html | 6 +-- files/templates/userpage.html | 14 ++++++- schema.sql | 2 + 23 files changed, 172 insertions(+), 42 deletions(-) diff --git a/files/classes/comment.py b/files/classes/comment.py index 0ae53a0bf..9e8a88c47 100644 --- a/files/classes/comment.py +++ b/files/classes/comment.py @@ -326,8 +326,6 @@ class Comment(Base): url_noquery = url.split('?')[0] body = body.replace(url, f"{url_noquery}?{urlencode(p, True)}") - - if self.author.sig_html and (self.author_id == 1904 or not (v and v.sigs_disabled)): return body + '
' + self.author.sig_html return body def plainbody(self, v): diff --git a/files/classes/submission.py b/files/classes/submission.py index 5efaef2b1..8ca98ac69 100644 --- a/files/classes/submission.py +++ b/files/classes/submission.py @@ -327,7 +327,6 @@ class Submission(Base): if v and not v.oldreddit: body = body.replace("old.reddit.com", "reddit.com") if v and v.nitter: body = body.replace("www.twitter.com", "nitter.net").replace("twitter.com", "nitter.net") - if self.author.sig_html and (self.author_id == 1904 or not (v and v.sigs_disabled)): return body + '
' + self.author.sig_html return body def plainbody(self, v): diff --git a/files/classes/user.py b/files/classes/user.py index 81e2471ab..67a58c37b 100644 --- a/files/classes/user.py +++ b/files/classes/user.py @@ -89,6 +89,8 @@ class User(Base): sigs_disabled = Column(Boolean) friends = Column(String) friends_html = Column(String) + enemies = Column(String) + enemies_html = Column(String) is_banned = Column(Integer, default=0) unban_utc = Column(Integer, default=0) ban_reason = Column(String) diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 3bf3e03e2..c672d7f38 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -75,7 +75,7 @@ no_images = ['b', 'span', ] -allowed_attributes = {'*': ['href', 'style', 'src', 'class', 'title', 'rel', 'data-bs-original-name', 'direction', 'behavior']} +allowed_attributes = {'*': ['href', 'style', 'src', 'class', 'title', 'rel', 'data-bs-original-name', 'direction', 'behavior', 'scrollamount']} allowed_protocols = ['http', 'https'] diff --git a/files/routes/admin.py b/files/routes/admin.py index 0a2801f01..fde7fa1eb 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -20,6 +20,15 @@ from files.helpers.discord import add_role SITE_NAME = environ.get("SITE_NAME", "").strip() +@app.get("/fix") +@admin_level_required(6) +def fix(v): + for u in g.db.query(User).options(lazyload('*')).all(): + u.post_count = g.db.query(Submission.id).options(lazyload('*')).filter_by(author_id=u.id, is_banned=False, deleted_utc=0).count() + g.db.add(u) + g.db.commit() + return 'sex' + @app.get("/truescore") @admin_level_required(6) def truescore(v): diff --git a/files/routes/posts.py b/files/routes/posts.py index 983e2f4d0..a2134d5c3 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -737,7 +737,7 @@ def submit_post(v): if request.headers.get("Authorization"): return {"error": f"File type not allowed"}, 400 else: return render_template("submit.html", v=v, error=f"File type not allowed.", title=title, body=request.values.get("body", "")), 400 - if file.content_type.startswith('video/') and v.coins < app.config["VIDEO_COIN_REQUIREMENT"] and v.admin_level < 1: + if file.content_type.startswith('video/') and v.truecoins < app.config["VIDEO_COIN_REQUIREMENT"] and v.admin_level < 1: if request.headers.get("Authorization"): return { "error": f"You need at least {app.config['VIDEO_COIN_REQUIREMENT']} coins to upload videos" @@ -927,7 +927,7 @@ def submit_post(v): g.db.add(n) g.db.flush() - v.post_count = g.db.query(Submission.id).options(lazyload('*')).filter_by(is_banned=False, deleted_utc=0).count() + v.post_count = g.db.query(Submission.id).options(lazyload('*')).filter_by(author_id=v.id, is_banned=False, deleted_utc=0).count() g.db.add(v) cache.delete_memoized(frontlist) diff --git a/files/routes/settings.py b/files/routes/settings.py index 6459250b4..d5d90b2c7 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -203,14 +203,14 @@ def settings_profile_post(v): if bans: ban = bans[0] - reason = f"Remove the {ban.domain} link from your top friends list and try again." + reason = f"Remove the {ban.domain} link from your friends list and try again." if ban.reason: reason += f" {ban.reason}" return {"error": reason}, 401 if len(friends_html) > 2000: return render_template("settings_profile.html", v=v, - error="Your top friends list is too long") + error="Your friends list is too long") notify_users = set() @@ -223,7 +223,7 @@ def settings_profile_post(v): if request.host == 'rdrama.net' and 'aevann' in friends_html.lower() and 1 not in notify_users: notify_users.add(1) for x in notify_users: - message = f"@{v.username} has added you to their top friends!" + message = f"@{v.username} has added you to their friends list!" existing = g.db.query(Comment.id).options(lazyload('*')).filter(Comment.author_id == NOTIFICATIONS_ACCOUNT, Comment.body == message, Comment.notifiedto == x).first() if not existing: send_notification(x, message) @@ -233,9 +233,52 @@ def settings_profile_post(v): g.db.commit() return render_template("settings_profile.html", v=v, - msg="Your top friends have been updated.") + msg="Your friends list has been updated.") + if request.values.get("enemies"): + enemies = request.values.get("enemies")[:500] + + for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', enemies, re.MULTILINE): + if "wikipedia" not in i.group(1): enemies = enemies.replace(i.group(1), f'![]({i.group(1)})') + + enemies_html = CustomRenderer().render(mistletoe.Document(enemies)) + enemies_html = sanitize(enemies_html) + bans = filter_comment_html(enemies_html) + + if bans: + ban = bans[0] + reason = f"Remove the {ban.domain} link from your enemies list and try again." + if ban.reason: reason += f" {ban.reason}" + return {"error": reason}, 401 + + if len(enemies_html) > 2000: + return render_template("settings_profile.html", + v=v, + error="Your enemies list is too long") + + + notify_users = set() + soup = BeautifulSoup(enemies_html, features="html.parser") + for mention in soup.find_all("a", href=re.compile("^/@(\w+)")): + username = mention["href"].split("@")[1] + user = g.db.query(User).options(lazyload('*')).filter_by(username=username).first() + if user and not v.any_block_exists(user) and user.id != v.id: notify_users.add(user.id) + + if request.host == 'rdrama.net' and 'aevann' in enemies_html.lower() and 1 not in notify_users: notify_users.add(1) + + for x in notify_users: + message = f"@{v.username} has added you to their enemies list!" + existing = g.db.query(Comment.id).options(lazyload('*')).filter(Comment.author_id == NOTIFICATIONS_ACCOUNT, Comment.body == message, Comment.notifiedto == x).first() + if not existing: send_notification(x, message) + + v.enemies = enemies[:500] + v.enemies_html=enemies_html + g.db.add(v) + g.db.commit() + return render_template("settings_profile.html", + v=v, + msg="Your enemies list has been updated.") if request.values.get("bio") or request.files.get('file') and request.headers.get("cf-ipcountry") != "T1": @@ -728,14 +771,14 @@ def settings_css(v): @auth_required def settings_profilecss_get(v): - if v.coins < 1000 and not v.patron and v.admin_level < 6: return f"You must have +1000 {COINS_NAME} or be a patron to set profile css." + if v.truecoins < 1000 and not v.patron and v.admin_level < 6: return f"You must have +1000 {COINS_NAME} or be a patron to set profile css." return render_template("settings_profilecss.html", v=v) @app.post("/settings/profilecss") @limiter.limit("1/second") @auth_required def settings_profilecss(v): - if v.coins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a patron to set profile css." + if v.truecoins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a patron to set profile css." profilecss = request.values.get("profilecss").strip().replace('\\', '').strip()[:4000] v.profilecss = profilecss g.db.add(v) diff --git a/files/templates/authforms.html b/files/templates/authforms.html index b7dc882c4..3c37f4cd1 100644 --- a/files/templates/authforms.html +++ b/files/templates/authforms.html @@ -15,11 +15,11 @@ {% if v %} - + {% if v.agendaposter %}{% elif v.css %}{% endif %} {% else %} - + {% endif %} diff --git a/files/templates/comments.html b/files/templates/comments.html index b7d0c512b..deb866b0b 100644 --- a/files/templates/comments.html +++ b/files/templates/comments.html @@ -326,6 +326,12 @@ 

 				{% endif %}
 
+				{% if c.author.sig_html and (c.author_id == 1904 or not (v and v.sigs_disabled)) %}
+					

+					{{c.author.sig_html | safe}}
+				{% endif %}
+
+
 				{% if not c.parent_submission and c.author_id!=NOTIFICATIONS_ACCOUNT and c.author_id!=AUTOJANNY_ACCOUNT and c.author_id!=v.id %}
 					Reply
 					

diff --git a/files/templates/default.html b/files/templates/default.html
index 1b7579a7a..7f7576e03 100644
--- a/files/templates/default.html
+++ b/files/templates/default.html
@@ -254,12 +254,12 @@
 
 		{% if v %}
 			
-			
+			
 			
 			{% if v.agendaposter %}{% elif v.css %}{% endif %}
 		{% else %}
 			
-			
+			
 		{% endif %}
 
 		{% endblock %}
diff --git a/files/templates/formatting.html b/files/templates/formatting.html
index 2aaa02cd6..39c7d4f3e 100644
--- a/files/templates/formatting.html
+++ b/files/templates/formatting.html
@@ -459,41 +459,71 @@ line breaks
 	
 
 
+
Allowed Attributes

+
+
+	
+		
+			
+		
+	
+	
+		
+			
+		
+		
+			
+		
+		
+			
+		
+		
+			
+		
+		
+			
+		
+		
+			
+		
+		
+			
+		
+		
+			
+		
+		
+			
+		
+		
+			
+		
+	
+
Name
href
style
src
class
title
rel
data-bs-original-name
direction
behavior
scrollamount

+
 
Allowed Styles

 
 
-			
-			
-			
-			
-			
-			
-			
-			
-			
-			
-			
-			

 	
 		

 			NameTypeDisplays as
 		

 	
 	
 		

 			color
 		

 		

 			background-color
 		

 		

 			font-weight
 		

 		

 			transform
 		

 		

 			-webkit-transform
 		

 	
 

diff --git a/files/templates/log.html b/files/templates/log.html
index 958e88c48..968d9c4fd 100644
--- a/files/templates/log.html
+++ b/files/templates/log.html
@@ -17,11 +17,11 @@
 
 {% if v %}
 	
-	
+	
 	{% if v.agendaposter %}{% elif v.css %}{% endif %}
 {% else %}
 	
-	
+	
 {% endif %}
 
 

diff --git a/files/templates/login_2fa.html b/files/templates/login_2fa.html
index d7a510de6..b57d2e0ed 100644
--- a/files/templates/login_2fa.html
+++ b/files/templates/login_2fa.html
@@ -12,7 +12,7 @@
 		2-Step Login - {{'SITE_NAME' | app_config}}
 
 		
-		
+		
 
 
 
diff --git a/files/templates/settings.html b/files/templates/settings.html
index 56ee3037b..a4d4b4eb3 100644
--- a/files/templates/settings.html
+++ b/files/templates/settings.html
@@ -55,7 +55,7 @@
 
 
 	
-	
+	
 	{% if v.agendaposter %}{% elif v.css %}{% endif %}
 
 		 
diff --git a/files/templates/settings2.html b/files/templates/settings2.html
index d2c95896a..c460619d9 100644
--- a/files/templates/settings2.html
+++ b/files/templates/settings2.html
@@ -40,10 +40,10 @@
 	
 	{% if v %}
 		
-		
+		
 	{% else %}
 		
-		
+		
 	{% endif %}
 
 		 
diff --git a/files/templates/settings_profile.html b/files/templates/settings_profile.html
index efa740cd6..9064d4d5c 100644
--- a/files/templates/settings_profile.html
+++ b/files/templates/settings_profile.html
@@ -590,7 +590,7 @@
 
 							

 
-								
+								
 							
 								
						
 									

@@ -609,6 +609,27 @@
 							

 							
 
+							

+
+								
+							
+								
						
+									
+										
+										

+											
+										

+										

+										

+											Limit of 500 characters
+											
+										

+									
+								

+							
+							

+
+
 							{% if v.patron or v.id == 1904 %}
 							

 								
diff --git a/files/templates/sign_up.html b/files/templates/sign_up.html
index c824a7663..6201d83fd 100644
--- a/files/templates/sign_up.html
+++ b/files/templates/sign_up.html
@@ -36,7 +36,7 @@
 		
 
 		
-		
+		
 
 
 
diff --git a/files/templates/sign_up_failed_ref.html b/files/templates/sign_up_failed_ref.html
index d4ca43774..a47b56524 100644
--- a/files/templates/sign_up_failed_ref.html
+++ b/files/templates/sign_up_failed_ref.html
@@ -31,7 +31,7 @@
 		
 
 		
-		
+		
 
 
 
diff --git a/files/templates/submission.html b/files/templates/submission.html
index e4aceaf0f..5ce433eb2 100644
--- a/files/templates/submission.html
+++ b/files/templates/submission.html
@@ -517,6 +517,11 @@
 								

 							{% endfor %}
 
+							{% if p.author.sig_html and (p.author_id == 1904 or not (v and v.sigs_disabled)) %}
+								

+								{{p.author.sig_html | safe}}
+							{% endif %}
+								
 							{% if p.is_banned and p.ban_reason %}
 								
removed by @{{p.ban_reason}}

 							{% endif %}
diff --git a/files/templates/submission_listing.html b/files/templates/submission_listing.html
index 9f65bf7e9..664e15417 100644
--- a/files/templates/submission_listing.html
+++ b/files/templates/submission_listing.html
@@ -489,6 +489,11 @@
 	{% if p.realbody(v) %}
 		

 			{{p.realbody(v) | safe}}
+
+			{% if p.author.sig_html and (p.author_id == 1904 or not (v and v.sigs_disabled)) %}
+				

+				{{p.author.sig_html | safe}}
+			{% endif %}
 		

 	{% endif %}
 
diff --git a/files/templates/submit.html b/files/templates/submit.html
index ee38aa237..2daa566d1 100644
--- a/files/templates/submit.html
+++ b/files/templates/submit.html
@@ -25,11 +25,11 @@
 		{% block stylesheets %}
 		{% if v %}
 			
-			
+			
 			{% if v.agendaposter %}{% elif v.css %}{% endif %}
 		{% else %}
 			
-			
+			
 			
 		{% endif %}
 		{% endblock %}
@@ -133,7 +133,7 @@
 														
 												

 
-												{% if v.admin_level == 6 or (v.coins >= 750 and not v.club_banned) %}
+												{% if v.admin_level == 6 or (v.truecoins >= 750 and not v.club_banned) %}
 													

 														
 														
diff --git a/files/templates/userpage.html b/files/templates/userpage.html
index cf3a5242b..78797642c 100644
--- a/files/templates/userpage.html
+++ b/files/templates/userpage.html
@@ -177,10 +177,15 @@
 				{% endif %}
 
 				{% if u.friends_html %}
-					
Top friends:

+					
Friends:

 					{{u.friends_html | safe}}
 				{% endif %}
 
+				{% if u.enemies_html %}
+					
Enemies:

+					{{u.enemies_html | safe}}
+				{% endif %}
+
 				{% if u.received_awards %}
 				

 					
Awards received

@@ -448,10 +453,15 @@
 				{% endif %}
 
 				{% if u.friends_html %}
-					
Top friends:

+					
Friends:

 					{{u.friends_html | safe}}
 				{% endif %}
 
+				{% if u.enemies_html %}
+					
Enemies:

+					{{u.enemies_html | safe}}
+				{% endif %}
+
 				{% if u.received_awards %}
 				

 					
Awards received

diff --git a/schema.sql b/schema.sql
index f31b91f59..03cb86fb2 100644
--- a/schema.sql
+++ b/schema.sql
@@ -820,6 +820,8 @@ CREATE TABLE public.users (
     sig_html character varying(1000),
     friends character varying(500),
     friends_html character varying(2000)
+    enemies character varying(500),
+    enemies_html character varying(2000)
 );