vvv

2022-01-17 13:06:12 +02:00 · 2022-01-17 13:06:12 +02:00 · 47d19b5b4e
commit 47d19b5b4e
parent ef4a414275
12 changed files with 44 additions and 40 deletions
--- a/files/assets/images/badges/Background.webp
+++ b/files/assets/images/badges/Background.webp
--- a/files/assets/images/badges/background.webp
+++ b/files/assets/images/badges/background.webp
--- a/files/assets/images/emojis/marseyrope.webp
+++ b/files/assets/images/emojis/marseyrope.webp
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@ -500,14 +500,11 @@ def users_list(v):
@admin_level_required(2)
 def alt_votes_get(v):

-	if not request.values.get("u1") or not request.values.get("u2"):
-		return render_template("admin/alt_votes.html", v=v)
-
 	u1 = request.values.get("u1")
 	u2 = request.values.get("u2")

 	if not u1 or not u2:
-		return redirect("/admin/alt_votes")
+		return render_template("admin/alt_votes.html", v=v)

 	u1 = get_user(u1)
 	u2 = get_user(u2)
--- a/files/routes/awards.py
+++ b/files/routes/awards.py
@ -356,7 +356,8 @@ def award_post(pid, v):
 	g.db.add(post.author)

 	g.db.commit()
-	if request.referrer and len(request.referrer) > 1: return redirect(request.referrer)
+	if request.referrer and len(request.referrer) > 1 and (request.referrer.startswith('/') or request.referrer.startswith(request.host_url)):
+		return redirect(request.referrer)
 	else: return redirect("/")


@ -540,7 +541,8 @@ def award_comment(cid, v):
 	g.db.add(c.author)

 	g.db.commit()
-	if request.referrer and len(request.referrer) > 1: return redirect(request.referrer)
+	if request.referrer and len(request.referrer) > 1 and (request.referrer.startswith('/') or request.referrer.startswith(request.host_url)):
+		return redirect(request.referrer)
 	else: return redirect("/")

@app.get("/admin/awards")
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@ -467,7 +467,8 @@ def api_comment(v):

 		if parent.author.id != v.id:
 			if len(c.body) > 500: notifbody = c.body[:500] + '...'
-			else: notifbody = c.body
+			elif c.body: notifbody = c.body
+			else: notifbody = ''

 			beams_client.publish_to_interests(
 				interests=[f'{request.host}{parent.author.id}'],
--- a/files/routes/errors.py
+++ b/files/routes/errors.py
@ -13,13 +13,12 @@ def error_400(e):
@app.errorhandler(401)
 def error_401(e):

-	path = request.path
-	qs = urlencode(dict(request.values))
-	argval = quote(f"{path}?{qs}", safe='')
-	output = f"/login?redirect={argval}"
-
 	if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "401 Not Authorized"}, 401
-	else: return redirect(output)
+	else:
+		path = request.path
+		qs = urlencode(dict(request.values))
+		argval = quote(f"{path}?{qs}", safe='')
+		return redirect(f"/login?redirect={argval}")


@app.errorhandler(403)
@ -61,4 +60,6 @@ def error_500(e):
@app.post("/allow_nsfw")
 def allow_nsfw():
 	session["over_18"] = int(time.time()) + 3600
-	return redirect(request.values.get("redir", "/"))
+	redir = request.values.get("redir")
+	if redir and redir.startswith(request.host_url) or redir.startswith('/'): return redirect(redir)
+	return redirect('/')
--- a/files/routes/front.py
+++ b/files/routes/front.py
@ -6,11 +6,6 @@ from files.classes.submission import Submission
 defaulttimefilter = environ.get("DEFAULT_TIME_FILTER", "all").strip()
 SITE_NAME = environ.get("SITE_NAME", "").strip()

-@app.get("/post/")
-@auth_required
-def slash_post(v):
-	return redirect("/")
-
@app.post("/clear")
@auth_required
 def clear(v):
@ -123,7 +118,8 @@ def notifications(v):
@auth_desired
 def front_all(v):

-	if not v and request.path == "/" and not request.headers.get("Authorization"): return redirect(f"/logged_out{request.full_path}")
+	if not v and request.path == "/" and not request.headers.get("Authorization"):
+		return redirect(f"/logged_out{request.full_path}")

 	if v and request.path.startswith('/logged_out'): v = None

@ -436,7 +432,7 @@ def comment_idlist(page=1, v=None, nsfw=False, sort="new", t="all"):
 	elif sort == "controversial":
 		comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes)
 	elif sort == "top":
-		comments = comments.order_by(Comment.realupvotes.desc())
+		comments = comments.order_by(Comment.downvotes - Comment.upvotes)
 	elif sort == "bottom":
 		comments = comments.order_by(Comment.upvotes - Comment.downvotes)

--- a/files/routes/login.py
+++ b/files/routes/login.py
@ -12,13 +12,14 @@ valid_password_regex = re.compile("^.{8,100}$")
@auth_desired
 def login_get(v):

-	redir = request.values.get("redirect", "/").replace("/logged_out", "").strip()
-	if v:
-		return redirect(redir)
+	redir = request.values.get("redirect")
+	if redir:
+		redir = replace("/logged_out", "").strip()
+		if not redir.startswith(request.host_url) and not redir.startswith('/'): redir = None

-	return render_template("login.html",
-						   failed=False,
-						   redirect=redir)
+	if v and redir: return redirect(redir)
+
+	return render_template("login.html", failed=False, redirect=redir)


 def check_for_alts(current_id):
@ -137,10 +138,13 @@ def login_post():

 	if account.id != PW_ID: check_for_alts(account.id)

-	redir = request.values.get("redirect", "/").replace("/logged_out", "").strip()
-
 	g.db.commit()

+	redir = request.values.get("redirect")
+	if redir:
+		redir = replace("/logged_out", "").strip()
+		if not redir.startswith(request.host_url) and not redir.startswith('/'): redir = '/'
+
 	return redirect(redir)


--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@ -96,7 +96,8 @@ def submit_get(v):
@app.get("/logged_out/post/<pid>/<anything>")
@auth_desired
 def post_id(pid, anything=None, v=None):
-	if not v and not request.path.startswith('/logged_out') and not request.headers.get("Authorization"): return redirect(f"/logged_out{request.full_path}")
+	if not v and not request.path.startswith('/logged_out') and not request.headers.get("Authorization"):
+		return redirect(f"/logged_out{request.full_path}")

 	if v and request.path.startswith('/logged_out'): v = None

@ -169,7 +170,7 @@ def post_id(pid, anything=None, v=None):
 		elif sort == "controversial":
 			comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes)
 		elif sort == "top":
-			comments = comments.order_by(-Comment.upvotes - Comment.downvotes)
+			comments = comments.order_by(Comment.realupvotes.desc())
 		elif sort == "bottom":
 			comments = comments.order_by(Comment.upvotes - Comment.downvotes)

@ -186,7 +187,7 @@ def post_id(pid, anything=None, v=None):
 		elif sort == "controversial":
 			comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes)
 		elif sort == "top":
-			comments = comments.order_by(-Comment.upvotes - Comment.downvotes)
+			comments = comments.order_by(Comment.realupvotes.desc())
 		elif sort == "bottom":
 			comments = comments.order_by(Comment.upvotes - Comment.downvotes)

@ -288,7 +289,7 @@ def viewmore(v, pid, sort, offset):
 		elif sort == "controversial":
 			comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes)
 		elif sort == "top":
-			comments = comments.order_by(-Comment.upvotes - Comment.downvotes)
+			comments = comments.order_by(Comment.realupvotes.desc())
 		elif sort == "bottom":
 			comments = comments.order_by(Comment.upvotes - Comment.downvotes)

@ -305,7 +306,7 @@ def viewmore(v, pid, sort, offset):
 		elif sort == "controversial":
 			comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes)
 		elif sort == "top":
-			comments = comments.order_by(-Comment.upvotes - Comment.downvotes)
+			comments = comments.order_by(Comment.realupvotes.desc())
 		elif sort == "bottom":
 			comments = comments.order_by(Comment.upvotes - Comment.downvotes)

--- a/files/routes/search.py
+++ b/files/routes/search.py
@ -255,7 +255,7 @@ def searchcomments(v):
 	elif sort == "controversial":
 		comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes)
 	elif sort == "top":
-		comments = comments.order_by(Comment.realupvotes.desc())
+		comments = comments.order_by(Comment.downvotes - Comment.upvotes)
 	elif sort == "bottom":
 		comments = comments.order_by(Comment.upvotes - Comment.downvotes)

--- a/files/routes/users.py
+++ b/files/routes/users.py
@ -435,8 +435,9 @@ def message2(v, username):
 	g.db.add(notif)

 	if len(message) > 500: notifbody = message[:500] + '...'
-	else: notifbody = message
-	
+	elif message: notifbody = message
+	else: notifbody = ''
+
 	beams_client.publish_to_interests(
 		interests=[f'{request.host}{user.id}'],
 		publish_body={
@ -502,7 +503,8 @@ def messagereply(v):
 		g.db.add(notif)

 		if len(message) > 500: notifbody = message[:500] + '...'
-		else: notifbody = message
+		elif message: notifbody = message
+		else: notifbody = ''
 		
 		beams_client.publish_to_interests(
 			interests=[f'{request.host}{user_id}'],
@ -628,7 +630,7 @@ def u_username(username, v=None):


 	if username != u.username:
-		return redirect(request.path.replace(username, u.username))
+		return redirect(request.full_path.replace(username, u.username))

 	if u.reserved:
 		if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": f"That username is reserved for: {u.reserved}"}
@ -796,7 +798,7 @@ def u_username_comments(username, v=None):
 	elif sort == "controversial":
 		comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes)
 	elif sort == "top":
-		comments = comments.order_by(Comment.realupvotes.desc())
+		comments = comments.order_by(Comment.downvotes - Comment.upvotes)
 	elif sort == "bottom":
 		comments = comments.order_by(Comment.upvotes - Comment.downvotes)