h

files/assets/js/header.js

@@ -74,16 +74,7 @@ function post_toast(t, url, reload, data) {
 
 }
 
-function changename(s1,s2) {
-	let files = document.getElementById(s2).files;
-	let filename = '';
-	for (const e of files) {
-		filename += e.name.substr(0, 20) + ', ';
-	}
-	document.getElementById(s1).innerHTML = filename.slice(0, -2);
-}
-
-function escapeHtml(unsafe)
+function escapeHTML(unsafe)
 {
     return unsafe
          .replace(/&/g, "&")
@@ -92,3 +83,12 @@ function escapeHtml(unsafe)
          .replace(/"/g, """)
          .replace(/'/g, "'");
 }
+
+function changename(s1,s2) {
+	let files = document.getElementById(s2).files;
+	let filename = '';
+	for (const e of files) {
+		filename += e.name.substr(0, 20) + ', ';
+	}
+	document.getElementById(s1).innerHTML = escapeHTML(filename.slice(0, -2));
+}

files/routes/comments.py

@@ -267,6 +267,10 @@ def api_comment(v):
 						try:
 							marsey = loads(body.lower())
 							name = marsey["name"]
+
+							if not marsey_regex.fullmatch(name):
+								return {"error": "Invalid name!"}, 403
+
 							if "author" in marsey: author_id = get_user(marsey["author"]).id
 							elif "author_id" in marsey: author_id = marsey["author_id"]
 							else: abort(400)

files/routes/login.py

@@ -207,12 +207,9 @@ def sign_up_get(v):
 
 	error = request.values.get("error", None)
 
-	redir = request.values.get("redirect", "/").replace("/logged_out", "").strip()
-
 	return render_template("sign_up.html",
 						   formkey=formkey,
 						   now=now,
-						   redirect=redir,
 						   ref_user=ref_user,
 						   hcaptcha=app.config["HCAPTCHA_SITEKEY"],
 						   error=error
@@ -249,7 +246,7 @@ def sign_up_post(v):
 
 	username = request.values.get("username").strip()
 
-	def new_signup(error):
+	def signup_error(error):
 
 		args = {"error": error}
 		if request.values.get("referred_by"):
@@ -259,20 +256,20 @@ def sign_up_post(v):
 		return redirect(f"{SITE_FULL}/signup?{urlencode(args)}")
 
 	if now - int(form_timestamp) < 5:
-		return new_signup("There was a problem. Please try again.")
+		return signup_error("There was a problem. Please try again.")
 
 	if not hmac.compare_digest(correct_formkey, form_formkey):
-		return new_signup("There was a problem. Please try again.")
+		return signup_error("There was a problem. Please try again.")
 
 	if not request.values.get(
 			"password") == request.values.get("password_confirm"):
-		return new_signup("Passwords did not match. Please try again.")
+		return signup_error("Passwords did not match. Please try again.")
 
 	if not valid_username_regex.fullmatch(username):
-		return new_signup("Invalid username")
+		return signup_error("Invalid username")
 
 	if not valid_password_regex.fullmatch(request.values.get("password")):
-		return new_signup("Password must be between 8 and 100 characters.")
+		return signup_error("Password must be between 8 and 100 characters.")
 
 	email = request.values.get("email").strip().lower()
 
@@ -282,12 +279,13 @@ def sign_up_post(v):
 	if existing_account and existing_account.reserved:
 		return redirect(existing_account.url)
 
-	if existing_account: return new_signup("An account with that username already exists.")
+	if existing_account:
+		return signup_error("An account with that username already exists.")
 
 	if app.config.get("HCAPTCHA_SITEKEY"):
 		token = request.values.get("h-captcha-response")
 		if not token:
-			return new_signup("Unable to verify captcha [1].")
+			return signup_error("Unable to verify captcha [1].")
 
 		data = {"secret": app.config["HCAPTCHA_SECRET"],
 				"response": token,
@@ -297,7 +295,7 @@ def sign_up_post(v):
 		x = requests.post(url, data=data, timeout=5)
 
 		if not x.json()["success"]:
-			return new_signup("Unable to verify captcha [2].")
+			return signup_error("Unable to verify captcha [2].")
 
 	session.pop("signup_token")
 

files/templates/header.html

@@ -186,7 +186,7 @@
 				<a class="btn btn-primary" href="/login?redirect={{request.path | urlencode}}">Sign in</a>
 			</li>
 			<li class="nav-item d-flex align-items-center justify-content-center mx-1">
-				<a class="btn btn-primary" href="/signup?redirect={{request.path | urlencode}}">Sign up</a>
+				<a class="btn btn-primary" href="/signup">Sign up</a>
 			</li>
 			{% endif %}
 		</ul>
@@ -243,7 +243,7 @@
 					<a class="btn btn-primary btn-block" href="/login?redirect={{request.path | urlencode}}">Sign in</a>
 				</li>
 				<li class="nav-item d-flex align-items-center justify-content-center">
-					<a class="btn btn-primary btn-block" href="/signup?redirect={{request.path | urlencode}}">Sign up</a>
+					<a class="btn btn-primary btn-block" href="/signup">Sign up</a>
 				</li>
 			{% endif %}
 			<li class="mt-3">
@@ -256,7 +256,7 @@
 	</div>
 </nav>
 
-<script src="/static/assets/js/header.js?a=250"></script>
+<script src="/static/assets/js/header.js?a=251"></script>
 
 {% if v and not err %}
 	<div id="formkey" class="d-none">{{v.formkey}}</div>

files/templates/submission.html

@@ -1162,7 +1162,7 @@
 			<h5 class="card-title">Jump in the discussion.</h5>
 			<p class="card-text">No email address required.</p>
 			<div>
-				<a href="/signup?redirect={{request.path | urlencode}}" class="btn btn-primary">Sign up</a>
+				<a href="/signup" class="btn btn-primary">Sign up</a>
 				<a href="/login?redirect={{request.path | urlencode}}" class="btn btn-link text-muted">Sign in</a>
 			</div>
 		</div>

files/templates/user_listing.html

@@ -18,7 +18,7 @@
 						{% if not u.fish %}<div id="button-unsub-{{u.id}}" style="z-index: 2" class="{% if not u.has_follower(v) %} d-none{% endif %}"><a class="btn btn-secondary " role="button" onclick="post_toast2(this,'/unfollow/{{u.username}}','button-sub-{{u.id}}','button-unsub-{{u.id}}')">Unfollow</a></div>{% endif %}
 						{% endif %}
 					{% else %}
-					<div id="button-sub-{{u.id}}" style="z-index: 2" "><a class="btn btn-primary " href="/signup?redirect={{request.path}}">Follow</a></div>
+					<div id="button-sub-{{u.id}}" style="z-index: 2"><a class="btn btn-primary " href="/signup">Follow</a></div>
 					{% endif %}
 				</div>