diff --git a/files/classes/hole_logs.py b/files/classes/hole_logs.py
index aa45dc484..dc01a7816 100644
--- a/files/classes/hole_logs.py
+++ b/files/classes/hole_logs.py
@@ -6,6 +6,8 @@ from sqlalchemy.sql.sqltypes import *
from flask import g
from files.classes import Base
+from files.classes.mod_logs import bleach_log_note
+
from files.helpers.config.const import *
from files.helpers.lazy import lazy
from files.helpers.slurs_and_profanities import censor_slurs_profanities
@@ -29,7 +31,12 @@ class HoleAction(Base):
target_comment = relationship("Comment")
def __init__(self, *args, **kwargs):
- if "created_utc" not in kwargs: kwargs["created_utc"] = int(time.time())
+ if "created_utc" not in kwargs:
+ kwargs["created_utc"] = int(time.time())
+
+ if "_note" in kwargs:
+ kwargs["_note"] = bleach_log_note(kwargs["_note"])
+
super().__init__(*args, **kwargs)
def __repr__(self):
diff --git a/files/classes/mod_logs.py b/files/classes/mod_logs.py
index 94a009ad3..d3b985f25 100644
--- a/files/classes/mod_logs.py
+++ b/files/classes/mod_logs.py
@@ -4,12 +4,53 @@ from sqlalchemy import Column, ForeignKey
from sqlalchemy.orm import relationship
from sqlalchemy.sql.sqltypes import *
from flask import g
+import bleach
+from bleach.linkifier import LinkifyFilter
+import functools
from files.classes import Base
from files.helpers.config.const import *
from files.helpers.lazy import lazy
from files.helpers.slurs_and_profanities import censor_slurs_profanities
from files.helpers.sorting_and_time import make_age_string
+from files.helpers.regex import sanitize_url_regex
+
+def allowed_attributes_notes(tag, name, value):
+ if tag == 'a':
+ if name == 'href' and '\\' not in value and 'xn--' not in value:
+ return True
+ if name == 'rel' and value == 'nofollow noopener': return True
+
+ if tag == 'img':
+ if name == 'src':
+ if '\\' in value: return False
+ if value.startswith('/') : return True
+ if value.startswith(f'{SITE_FULL_IMAGES}/') : return True
+ if name == 'loading' and value == 'lazy': return True
+ if name == 'data-bs-toggle' and value == 'tooltip': return True
+ if name in {'alt','title'}: return True
+ return False
+
+def bleach_log_note(note):
+ note = note.replace("\n", "").replace("\r", "").replace("\t", "")
+
+ note = bleach.Cleaner(
+ tags=['a','img'],
+ attributes=allowed_attributes_notes,
+ protocols=['http','https'],
+ filters=[
+ functools.partial(
+ LinkifyFilter,
+ skip_tags=["pre","code"],
+ parse_email=False,
+ url_re=sanitize_url_regex
+ )
+ ]
+ ).clean(note)
+
+ note = note.replace('\n','').strip()
+
+ return note
class ModAction(Base):
__tablename__ = "modactions"
@@ -28,7 +69,12 @@ class ModAction(Base):
target_comment = relationship("Comment")
def __init__(self, *args, **kwargs):
- if "created_utc" not in kwargs: kwargs["created_utc"] = int(time.time())
+ if "created_utc" not in kwargs:
+ kwargs["created_utc"] = int(time.time())
+
+ if "_note" in kwargs:
+ kwargs["_note"] = bleach_log_note(kwargs["_note"])
+
super().__init__(*args, **kwargs)
def __repr__(self):
diff --git a/files/routes/admin.py b/files/routes/admin.py
index 569fb0044..07445a054 100644
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@@ -1687,7 +1687,7 @@ def ban_domain(v):
ma = ModAction(
kind="ban_domain",
user_id=v.id,
- _note=filter_emojis_only(f'{domain}, reason: {reason}')
+ _note=f'{domain}, reason: {reason}'
)
g.db.add(ma)
@@ -1708,7 +1708,7 @@ def unban_domain(v, domain):
ma = ModAction(
kind="unban_domain",
user_id=v.id,
- _note=filter_emojis_only(domain)
+ _note=domain
)
g.db.add(ma)
@@ -2015,7 +2015,7 @@ def remove_orgy(v, created_utc):
ma = ModAction(
kind="remove_orgy",
user_id=v.id,
- _note=filter_emojis_only(orgy.data, link=True),
+ _note=f'{orgy.title}',
)
g.db.add(ma)
diff --git a/files/routes/art_submissions.py b/files/routes/art_submissions.py
index 899755fb8..12982ac04 100644
--- a/files/routes/art_submissions.py
+++ b/files/routes/art_submissions.py
@@ -137,7 +137,7 @@ def approve_art(v, id):
kind=f"approve_{entry.kind}",
user_id=v.id,
target_user_id=entry.author_id,
- _note=filter_emojis_only(note, link=True),
+ _note=note
)
g.db.add(ma)
@@ -178,7 +178,7 @@ def remove_art(v, id):
kind=f"reject_{entry.kind}",
user_id=v.id,
target_user_id=entry.author_id,
- _note=filter_emojis_only(note, link=True),
+ _note=note
)
g.db.add(ma)
diff --git a/files/routes/asset_submissions.py b/files/routes/asset_submissions.py
index 9b1a6ecd3..6a211c901 100644
--- a/files/routes/asset_submissions.py
+++ b/files/routes/asset_submissions.py
@@ -248,8 +248,7 @@ def approve_emoji(v, name):
emoji.submitter_id = None
-
- note = f':{emoji.name}:'
+ note = f''
if comment:
note += f' - Comment: "{comment}"'
@@ -257,7 +256,7 @@ def approve_emoji(v, name):
kind="approve_emoji",
user_id=v.id,
target_user_id=emoji.author_id,
- _note=filter_emojis_only(note, link=True),
+ _note=note
)
g.db.add(ma)
@@ -315,7 +314,7 @@ def remove_asset(cls, type_name, v, name):
kind=f"reject_{type_name}",
user_id=v.id,
target_user_id=asset.author_id,
- _note=filter_emojis_only(note, link=True),
+ _note=note
)
g.db.add(ma)
@@ -476,7 +475,7 @@ def approve_hat(v, name):
new_path = f'/asset_submissions/hats/original/{hat.name}.{i.format.lower()}'
rename(highquality, new_path)
- note = f'[{hat.name}]({SITE_FULL_IMAGES}/i/hats/{hat.name}.webp)'
+ note = f'{hat.name}'
if comment:
note += f' - Comment: "{comment}"'
@@ -484,7 +483,7 @@ def approve_hat(v, name):
kind="approve_hat",
user_id=v.id,
target_user_id=hat.author_id,
- _note=filter_emojis_only(note, link=True),
+ _note=note
)
g.db.add(ma)