skorotkiewicz/rDrama
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sfddfs

Browse source
This commit is contained in:
Aevann1 2021-12-21 21:56:38 +02:00
parent 0af5df9625
commit 70fafe7b7e
3 changed files with 19 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

2
files/routes/posts.py
View file

@ -429,7 +429,7 @@ def edit_post(pid, v):
title_html = filter_emojis_only(title) title_html = filter_emojis_only(title)
if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', title_html))) > 0: return {"error":"You can only type marseys!"}, 403 if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', title_html))) > 0: return {"error":"You can only type marseys!"}, 403
p.title = title p.title = title[:500]
p.title_html = title_html p.title_html = title_html
if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1": if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1":

47
files/routes/settings.py
View file

@ -633,19 +633,16 @@ def verifiedcolor(v):
@validate_formkey @validate_formkey
def settings_security_post(v): def settings_security_post(v):
if request.values.get("new_password"): if request.values.get("new_password"):
if v.id in (PW1_ID,PW2_ID): return redirect("/settings/security?error=" + escape("This account is protected from password changes.")) if v.id in (PW1_ID,PW2_ID): return render_template("settings_security.html", v=v, error="This account is protected from password changes.")
if request.values.get(
"new_password") != request.values.get("cnf_password"): if request.values.get("new_password") != request.values.get("cnf_password"):
return redirect("/settings/security?error=" + return render_template("settings_security.html", v=v, error="Passwords do not match.")
escape("Passwords do not match."))
if not re.match(valid_password_regex, request.values.get("new_password")): if not re.match(valid_password_regex, request.values.get("new_password")):
return redirect("/settings/security?error=" + return render_template("settings_security.html", v=v, error="Password must be between 8 and 100 characters.")
escape("Password must be between 8 and 100 characters."))
if not v.verifyPass(request.values.get("old_password")): if not v.verifyPass(request.values.get("old_password")):
return render_template( return render_template("settings_security.html", v=v, error="Incorrect password")
"settings_security.html", v=v, error="Incorrect password")
v.passhash = v.hash_password(request.values.get("new_password")) v.passhash = v.hash_password(request.values.get("new_password"))
@ -653,14 +650,12 @@ def settings_security_post(v):
g.db.commit() g.db.commit()
return redirect("/settings/security?msg=" + return render_template("settings_security.html", v=v, error="Your password has been changed.")
escape("Your password has been changed."))
if request.values.get("new_email"): if request.values.get("new_email"):
if not v.verifyPass(request.values.get('password')): if not v.verifyPass(request.values.get('password')):
return redirect("/settings/security?error=" + return render_template("settings_security.html", v=v, error="Invalid password.")
escape("Invalid password."))
new_email = request.values.get("new_email","").strip().lower() new_email = request.values.get("new_email","").strip().lower()
@ -671,13 +666,12 @@ def settings_security_post(v):
new_email=f"{new_email}@gmail.com" new_email=f"{new_email}@gmail.com"
if new_email == v.email: if new_email == v.email:
return redirect("/settings/security?error=That email is already yours!") return render_template("settings_security.html", v=v, error="That email is already yours!")
existing = g.db.query(User.id).filter(User.id != v.id, existing = g.db.query(User.id).filter(User.id != v.id,
func.lower(User.email) == new_email.lower()).first() func.lower(User.email) == new_email.lower()).first()
if existing: if existing:
return redirect("/settings/security?error=" + return render_template("settings_security.html", v=v, error="That email address is already in use.")
escape("That email address is already in use."))
url = f"https://{app.config['SERVER_NAME']}/activate" url = f"https://{app.config['SERVER_NAME']}/activate"
@ -695,48 +689,41 @@ def settings_security_post(v):
v=v) v=v)
) )
return redirect("/settings/security?msg=" + escape( return render_template("settings_security.html", v=v, error="Check your email and click the verification link to complete the email change."))
"Check your email and click the verification link to complete the email change."))
if request.values.get("2fa_token", ""): if request.values.get("2fa_token", ""):
if not v.verifyPass(request.values.get('password')): if not v.verifyPass(request.values.get('password')):
return redirect("/settings/security?error=" + return render_template("settings_security.html", v=v, error="Invalid password or token.")
escape("Invalid password or token."))
secret = request.values.get("2fa_secret") secret = request.values.get("2fa_secret")
x = pyotp.TOTP(secret) x = pyotp.TOTP(secret)
if not x.verify(request.values.get("2fa_token"), valid_window=1): if not x.verify(request.values.get("2fa_token"), valid_window=1):
return redirect("/settings/security?error=" + return render_template("settings_security.html", v=v, error="Invalid password or token.")
escape("Invalid password or token."))
v.mfa_secret = secret v.mfa_secret = secret
g.db.add(v) g.db.add(v)
g.db.commit() g.db.commit()
return redirect("/settings/security?msg=" + return render_template("settings_security.html", v=v, error="Two-factor authentication enabled.")
escape("Two-factor authentication enabled."))
if request.values.get("2fa_remove", ""): if request.values.get("2fa_remove", ""):
if not v.verifyPass(request.values.get('password')): if not v.verifyPass(request.values.get('password')):
return redirect("/settings/security?error=" + return render_template("settings_security.html", v=v, error="Invalid password or token.")
escape("Invalid password or token."))
token = request.values.get("2fa_remove") token = request.values.get("2fa_remove")
if not v.validate_2fa(token): if not v.validate_2fa(token):
return redirect("/settings/security?error=" + return render_template("settings_security.html", v=v, error="Invalid password or token.")
escape("Invalid password or token."))
v.mfa_secret = None v.mfa_secret = None
g.db.add(v) g.db.add(v)
g.db.commit() g.db.commit()
return redirect("/settings/security?msg=" + return render_template("settings_security.html", v=v, error="Two-factor authentication disabled.")
escape("Two-factor authentication disabled."))
@app.post("/settings/log_out_all_others") @app.post("/settings/log_out_all_others")
@limiter.limit("1/second") @limiter.limit("1/second")

2
files/templates/submission.html
View file

@ -454,7 +454,7 @@
<div class="d-flex flex-column"> <div class="d-flex flex-column">
<input type="hidden" name="formkey" value="{{v.formkey}}"> <input type="hidden" name="formkey" value="{{v.formkey}}">
<input type="hidden" name="current_page" value="{{request.path}}"> <input type="hidden" name="current_page" value="{{request.path}}">
<input name="title" class="edit-title" required placeholder="title" value="{{p.title}}" > <input max-length="500" name="title" class="edit-title" required placeholder="title" value="{{p.title}}" >
<textarea name="body" {% if v.longpost %}minlength="280"{% endif %} maxlength="{% if v.bird %}140{% else %}10000{% endif %}" oninput="markdown('post-edit-box-{{p.id}}', 'post-edit-{{p.id}}');charLimit('post-edit-box-{{p.id}}','charcount-post-edit')" id="post-edit-box-{{p.id}}" form="post-edit-form-{{p.id}}" class="comment-box form-control rounded" aria-label="With textarea" placeholder="Add text to your post..." rows="10" data-id="{{p.id}}">{{p.body}}</textarea> <textarea name="body" {% if v.longpost %}minlength="280"{% endif %} maxlength="{% if v.bird %}140{% else %}10000{% endif %}" oninput="markdown('post-edit-box-{{p.id}}', 'post-edit-{{p.id}}');charLimit('post-edit-box-{{p.id}}','charcount-post-edit')" id="post-edit-box-{{p.id}}" form="post-edit-form-{{p.id}}" class="comment-box form-control rounded" aria-label="With textarea" placeholder="Add text to your post..." rows="10" data-id="{{p.id}}">{{p.body}}</textarea>
<div class="text-small font-weight-bold mt-1" id="charcount-post-edit" style="right: 1rem; bottom: 0.5rem; z-index: 3;"></div> <div class="text-small font-weight-bold mt-1" id="charcount-post-edit" style="right: 1rem; bottom: 0.5rem; z-index: 3;"></div>