From cc27f001245b7a4b90dfb9f2a2d5d0b084a6b195 Mon Sep 17 00:00:00 2001
From: TLSM <duolsm@outlook.com>
Date: Sat, 5 Nov 2022 18:40:30 -0400
Subject: [PATCH] Move post/comment ID boilerplate inside getters.

Borrows code from the upstream which has been working in production
reliably for ~months. Also, most of it was literally copy-pasted,
and the casted ID values aren't used later in the route functions.
---
 files/helpers/get.py     |  8 ++++++++
 files/helpers/jinja2.py  |  4 ----
 files/routes/comments.py | 11 ++---------
 files/routes/posts.py    | 10 ----------
 files/routes/subs.py     |  9 ---------
 files/routes/votes.py    |  4 ----
 6 files changed, 10 insertions(+), 36 deletions(-)

diff --git a/files/helpers/get.py b/files/helpers/get.py
index 1e8ada2ed..0a4fd8d8b 100644
--- a/files/helpers/get.py
+++ b/files/helpers/get.py
@@ -113,6 +113,10 @@ def get_account(id, v=None):
 
 
 def get_post(i, v=None, graceful=False):
+	try: i = int(i)
+	except:
+		if graceful: return None
+		else: abort(404)
 
 	if v:
 		vt = g.db.query(Vote).filter_by(
@@ -201,6 +205,10 @@ def get_posts(pids, v=None):
 	return sorted(output, key=lambda x: pids.index(x.id))
 
 def get_comment(i, v=None, graceful=False):
+	try: i = int(i)
+	except:
+		if graceful: return None
+		abort(404)
 
 	if v:
 
diff --git a/files/helpers/jinja2.py b/files/helpers/jinja2.py
index 092a5f256..602c2eda9 100644
--- a/files/helpers/jinja2.py
+++ b/files/helpers/jinja2.py
@@ -7,10 +7,6 @@ from files.helpers.assetcache import assetcache_path
 
 @app.template_filter("post_embed")
 def post_embed(id, v):
-
-	try: id = int(id)
-	except: return None
-	
 	p = get_post(id, v, graceful=True)
 	
 	if p: return render_template("submission_listing.html", listing=[p], v=v)
diff --git a/files/routes/comments.py b/files/routes/comments.py
index b69e97046..33667b31b 100644
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@@ -52,12 +52,8 @@ def pusher_thread(interests, c, username):
 # @app.get("/h/<sub>/post/<pid>/<anything>/<cid>")
 @auth_desired
 def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
-
-	try: cid = int(cid)
-	except: abort(404)
-
 	comment = get_comment(cid, v=v)
-	
+
 	if v and request.values.get("read"):
 		notif = g.db.query(Notification).filter_by(comment_id=cid, user_id=v.id, read=False).one_or_none()
 		if notif:
@@ -74,10 +70,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
 	if not pid:
 		if comment.parent_submission: pid = comment.parent_submission
 		else: pid = 1
-	
-	try: pid = int(pid)
-	except: abort(404)
-	
+
 	post = get_post(pid, v=v)
 	
 	if post.over_18 and not (v and v.over_18) and not session.get('over_18', 0) >= int(time.time()):
diff --git a/files/routes/posts.py b/files/routes/posts.py
index e06ee4f80..7b7585b95 100644
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@@ -129,14 +129,6 @@ def submit_get(v, sub=None):
 # @app.get("/h/<sub>/post/<pid>/<anything>")
 @auth_desired
 def post_id(pid, anything=None, v=None, sub=None):
-
-	try: pid = int(pid)
-	except Exception as e: pass
-
-
-	try: pid = int(pid)
-	except: abort(404)
-
 	post = get_post(pid, v=v)
 
 	if post.over_18 and not (v and v.over_18) and session.get('over_18', 0) < int(time.time()):
@@ -276,8 +268,6 @@ def post_id(pid, anything=None, v=None, sub=None):
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
 @auth_desired
 def viewmore(v, pid, sort, offset):
-	try: pid = int(pid)
-	except: abort(400)
 	post = get_post(pid, v=v)
 	if post.club and not (v and (v.paid_dues or v.id == post.author_id)): abort(403)
 
diff --git a/files/routes/subs.py b/files/routes/subs.py
index ca83010c3..02809efdf 100644
--- a/files/routes/subs.py
+++ b/files/routes/subs.py
@@ -9,9 +9,6 @@ from .front import frontlist
 @app.post("/exile/post/<pid>")
 @is_not_permabanned
 def exile_post(v, pid):
-	try: pid = int(pid)
-	except: abort(400)
-
 	p = get_post(pid)
 	sub = p.sub
 	if not sub: abort(400)
@@ -37,9 +34,6 @@ def exile_post(v, pid):
 @app.post("/exile/comment/<cid>")
 @is_not_permabanned
 def exile_comment(v, cid):
-	try: cid = int(cid)
-	except: abort(400)
-
 	c = get_comment(cid)
 	sub = c.post.sub
 	if not sub: abort(400)
@@ -268,9 +262,6 @@ def create_sub2(v):
 @app.post("/kick/<pid>")
 @is_not_permabanned
 def kick(v, pid):
-	try: pid = int(pid)
-	except: abort(400)
-
 	post = get_post(pid)
 
 	if not post.sub: abort(403)
diff --git a/files/routes/votes.py b/files/routes/votes.py
index c6a92ad2e..80ef09b21 100644
--- a/files/routes/votes.py
+++ b/files/routes/votes.py
@@ -65,8 +65,6 @@ def api_vote_post(post_id, new, v):
 	new = int(new)
 
 	# get the post
-	try: post_id = int(post_id)
-	except: abort(404)
 	post = get_post(post_id)
 
 	# get the old vote, if we have one
@@ -135,8 +133,6 @@ def api_vote_comment(comment_id, new, v):
 	new = int(new)
 
 	# get the comment
-	try: comment_id = int(comment_id)
-	except: abort(404)
 	comment = get_comment(comment_id)
 
 	# get the old vote, if we have one