From c1ca1a02ac0c89430a8f237958d5acfffcc20297 Mon Sep 17 00:00:00 2001 From: justcool393 Date: Fri, 30 Sep 2022 05:13:06 -0700 Subject: [PATCH] only attempt to parse HTML content types for titles (#382) * only attempt to parse HTML content types for titles also don't try to get submission titles for .gifv, .tif, .tiff * ratelimit to 3 per minute instead of 6 minutes no one will ever need more than 3 requests to this endpoint per minute - justcool393 6 per minute is already kinda a lot for this endpoint, i think aggressively ratelimiting this one is fine, especially since it's a minute ratelimit --- files/routes/posts.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/files/routes/posts.py b/files/routes/posts.py index 3ab4cf17c..29dee0f55 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -1197,14 +1197,14 @@ def pin_post(post_id, v): extensions = ( - '.webp','.jpg','.png','.jpeg','.gif', + '.webp','.jpg','.png','.jpeg','.gif','.gifv','.tif', '.tiff', '.mp4','.webm','.mov', '.mp3','.wav','.ogg','.aac','.m4a','.flac' ) @app.get("/submit/title") -@limiter.limit("6/minute") -@limiter.limit("6/minute", key_func=lambda:f'{SITE}-{session.get("lo_user")}') +@limiter.limit("3/minute") +@limiter.limit("3/minute", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @auth_required def get_post_title(v): @@ -1217,6 +1217,9 @@ def get_post_title(v): try: x = requests.get(url, headers=titleheaders, timeout=5, proxies=proxies) except: abort(400) + + content_type = x.headers.get("Content-Type") + if not content_type or "text/html" not in content_type: abort(400) soup = BeautifulSoup(x.content, 'lxml')