Merge branch 'master' into mistletoe

.gitignore

@@ -1,6 +1,7 @@
 image.*
 chart.png
 video.mp4
+video.webm
 cache/
 __pycache__/
 disablesignups

files/__main__.py

@@ -137,8 +137,7 @@ def after_request(response):
 
 	response.headers.add("Strict-Transport-Security", "max-age=31536000")
 	response.headers.add("X-Frame-Options", "deny")
-	response.headers.add("Content-Security-Policy", "script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.pusher.com; object-src 'none';")
+	response.headers.add("Content-Security-Policy", "script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' tls-use1.fpapi.io api.fpjs.io 02ddcc80-b8db-42be-9022-44c546b4dce6.pushnotifications.pusher.com; object-src 'none';")
 	return response
 
-
 from files.routes import *

files/assets/js/default.js

@@ -1,4 +1,8 @@
-makeBold = function (form) {
+function formkey() {
+	return document.getElementById("formkey").innerHTML;
+}
+
+function makeBold(form) {
 	var text = document.getElementById(form);
 	var startIndex = text.selectionStart,
 	endIndex = text.selectionEnd;
@@ -17,7 +21,7 @@ makeBold = function (form) {
 	}
 }
 
-makeItalics = function (form) {
+function makeItalics(form) {
 	var text = document.getElementById(form);
 	var startIndex = text.selectionStart,
 	endIndex = text.selectionEnd;

files/classes/comment.py

@@ -401,7 +401,9 @@ class Comment(Base):
 		for o in self.options:
 			html += f'<div class="custom-control"><input type="checkbox" class="custom-control-input" id="{o.id}" name="option"'
 			if o.poll_voted(v): html += " checked"
-			html += f''' onchange="poll_vote('{o.id}', '{self.id}')"><label class="custom-control-label" for="{o.id}">{o.body_html}<span class="presult-{self.id}'''
+			if v: html += f''' onchange="poll_vote('{o.id}', '{self.id}')"'''
+			else: html += f''' onchange="poll_vote_no_v('{o.id}', '{self.id}')"'''
+			html += f'''><label class="custom-control-label" for="{o.id}">{o.body_html}<span class="presult-{self.id}'''
 			if not self.total_poll_voted(v): html += ' d-none'	
 			html += f'"> - <a href="/votes?link=t3_{o.id}"><span id="poll-{o.id}">{o.upvotes}</span> votes</a></span></label></div><pre></pre>'
 		return html

files/helpers/const.py

@@ -618,6 +618,14 @@ AWARDS = {
 		"color": "text-silver",
 		"price": 10000
 	},
+	"unblockable": {
+		"kind": "unblockable",
+		"title": "Unblockable",
+		"description": "Makes the recipient unblockable and removes all blocks on them.",
+		"icon": "far fa-laugh-squint",
+		"color": "text-lightgreen",
+		"price": 10000
+	},
 	"pause": {
 		"kind": "pause",
 		"title": "Pause",
@@ -626,14 +634,6 @@ AWARDS = {
 		"color": "text-danger",
 		"price": 20000
 	},
-	"unblockable": {
-		"kind": "unblockable",
-		"title": "Unblockable",
-		"description": "Makes the recipient unblockable and removes all blocks on them.",
-		"icon": "far fa-laugh-squint",
-		"color": "text-lightgreen",
-		"price": 25000
-	},
 	"unpausable": {
 		"kind": "unpausable",
 		"title": "Unpausable",
@@ -797,6 +797,14 @@ AWARDS2 = {
 		"color": "text-silver",
 		"price": 10000
 	},
+	"unblockable": {
+		"kind": "unblockable",
+		"title": "Unblockable",
+		"description": "Makes the recipient unblockable and removes all blocks on them.",
+		"icon": "far fa-laugh-squint",
+		"color": "text-lightgreen",
+		"price": 10000
+	},
 	"pause": {
 		"kind": "pause",
 		"title": "Pause",
@@ -805,14 +813,6 @@ AWARDS2 = {
 		"color": "text-danger",
 		"price": 20000
 	},
-	"unblockable": {
-		"kind": "unblockable",
-		"title": "Unblockable",
-		"description": "Makes the recipient unblockable and removes all blocks on them.",
-		"icon": "far fa-laugh-squint",
-		"color": "text-lightgreen",
-		"price": 25000
-	},
 	"unpausable": {
 		"kind": "unpausable",
 		"title": "Unpausable",

files/helpers/sanitize.py

@@ -39,6 +39,9 @@ allowed_tags = tags = ['b',
 						'a',
 						'img',
 						'span',
+						'ruby',
+						'rp',
+						'rt',
 						]
 
 no_images = ['b',
@@ -71,6 +74,9 @@ no_images = ['b',
 						'marquee',
 						'a',
 						'span',
+						'ruby',
+						'rp',
+						'rt',
 						]
 
 def sanitize_marquee(tag, name, value):
@@ -84,7 +90,7 @@ def sanitize_marquee(tag, name, value):
 	return False
 
 allowed_attributes = {
-		'*': ['href', 'style', 'src', 'class', 'title', 'rel', 'data-bs-original-name'],
+		'*': ['href', 'style', 'src', 'class', 'title'],
 		'marquee': sanitize_marquee}
 
 allowed_protocols = ['http', 'https']
@@ -228,8 +234,8 @@ def sanitize(sanitized, noimages=False):
 		htmlsource += '"></lite-youtube>'
 
 		sanitized = sanitized.replace(replacing, htmlsource)
-	for i in re.finditer('<p>(https:.*?\.mp4)</p>', sanitized):
-		sanitized = sanitized.replace(i.group(0), f'<p><video controls preload="none" class="embedvid"><source src="{i.group(1)}" type="video/mp4"></video>')
+	for i in re.finditer('<p>(https:.*?\.(mp4|webm))</p>', sanitized):
+		sanitized = sanitized.replace(i.group(0), f'<p><video controls preload="none" class="embedvid"><source src="{i.group(1)}" type="video/{i.group(2)}"></video>')
 
 	for rd in ["https://reddit.com/", "https://new.reddit.com/", "https://www.reddit.com/", "https://redd.it/"]:
 		sanitized = sanitized.replace(rd, "https://old.reddit.com/")

files/routes/awards.py

@@ -174,6 +174,15 @@ def shop(v):
 			"owned": 0,
 			"price": 10000
 		},
+		"unblockable": {
+			"kind": "unblockable",
+			"title": "Unblockable",
+			"description": "Makes the recipient unblockable and removes all blocks on them.",
+			"icon": "far fa-laugh-squint",
+			"color": "text-lightgreen",
+			"owned": 0,
+			"price": 10000
+		},
 		"pause": {
 			"kind": "pause",
 			"title": "Pause",
@@ -183,15 +192,6 @@ def shop(v):
 			"owned": 0,
 			"price": 20000
 		},
-		"unblockable": {
-			"kind": "unblockable",
-			"title": "Unblockable",
-			"description": "Makes the recipient unblockable and removes all blocks on them.",
-			"icon": "far fa-laugh-squint",
-			"color": "text-lightgreen",
-			"owned": 0,
-			"price": 25000
-		},
 		"unpausable": {
 			"kind": "unpausable",
 			"title": "Unpausable",
@@ -384,6 +384,14 @@ def buy(v, award):
 			"color": "text-silver",
 			"price": 10000
 		},
+		"unblockable": {
+			"kind": "unblockable",
+			"title": "Unblockable",
+			"description": "Makes the recipient unblockable and removes all blocks on them.",
+			"icon": "far fa-laugh-squint",
+			"color": "text-lightgreen",
+			"price": 10000
+		},
 		"pause": {
 			"kind": "pause",
 			"title": "Pause",
@@ -392,14 +400,6 @@ def buy(v, award):
 			"color": "text-danger",
 			"price": 20000
 		},
-		"unblockable": {
-			"kind": "unblockable",
-			"title": "Unblockable",
-			"description": "Makes the recipient unblockable and removes all blocks on them.",
-			"icon": "far fa-laugh-squint",
-			"color": "text-lightgreen",
-			"price": 25000
-		},
 		"unpausable": {
 			"kind": "unpausable",
 			"title": "Unpausable",
@@ -467,6 +467,7 @@ def buy(v, award):
 
 	if request.values.get("mb"):
 		if v.procoins < price: return {"error": "Not enough marseybux."}, 400
+		if award in ["grass","alt"]: return {"error": "You can't buy those awards with marseybux."}, 403
 		v.procoins -= price
 	else:
 		if v.coins < price: return {"error": "Not enough coins."}, 400

files/routes/comments.py

@@ -621,6 +621,7 @@ def edit_comment(cid, v):
 	if c.is_banned or c.deleted_utc > 0: abort(403)
 
 	body = request.values.get("body", "").strip()[:10000]
+	if len(body) < 1: return {"error":"You have to actually type something!"}, 400
 
 	if body != c.body and body != "":
 		if v.marseyawarded:

files/templates/formatting.html

@@ -475,12 +475,6 @@ line breaks
 		<tr>
 			<td>title</td>
 		</tr>
-		<tr>
-			<td>rel</td>
-		</tr>
-		<tr>
-			<td>data-bs-original-name</td>
-		</tr>
 		<tr>
 			<td>direction</td>
 		</tr>