gfgffg

2021-07-31 11:00:56 +02:00 · 2021-07-31 11:00:56 +02:00 · e5370d4017
commit e5370d4017
parent a0ca03fc0c
3 changed files with 6 additions and 7 deletions
--- a/drama/routes/comments.py
+++ b/drama/routes/comments.py
@ -312,7 +312,7 @@ def api_comment(v):
 				)
 	g.db.add(c)
 	g.db.flush()
-	if request.files.get("file"):
+	if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1":
 		file=request.files["file"]
 		if not file.content_type.startswith('image/'):
 			return jsonify({"error": "That wasn't an image!"}), 400
@ -660,7 +660,7 @@ def edit_comment(cid, v):
 		g.db.commit()
 		return {"error": "Too much spam!"}, 403

-	if request.files.get("file"):
+	if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1":
 		file=request.files["file"]
 		if not file.content_type.startswith('image/'): return {"error": "That wasn't an image!"}, 400
 		
--- a/drama/routes/posts.py
+++ b/drama/routes/posts.py
@ -803,7 +803,7 @@ def submit_post(v):
 	g.db.refresh(new_post)

 	# check for uploaded image
-	if request.files.get('file'):
+	if request.files.get('file') and request.headers.get("cf-ipcountry") != "T1":

 		#check file size
 		if request.content_length > 16 * 1024 * 1024:
@ -816,7 +816,6 @@ def submit_post(v):
 			else: return render_template("submit.html", v=v, error=f"Image files only.", title=title, body=request.form.get("body", "")), 400


-		name = f'post/{new_post.id}/{secrets.token_urlsafe(8)}'
 		new_post.url = upload_file(file)
 		new_post.domain_ref = 1  # id of i.ruqqus.ga domain
 		g.db.add(new_post)
--- a/drama/routes/settings.py
+++ b/drama/routes/settings.py
@ -331,6 +331,7 @@ def settings_images_profile(v):
 		g.db.rollback()
 		abort(413)

+	if request.headers.get("cf-ipcountry") == "T1": return "Image uploads are not allowed through TOR.", 403
 	imageurl = upload_file(request.files["profile"], True)
 	if not imageurl: abort(400)
 	highres = upload_file()
@ -339,8 +340,7 @@ def settings_images_profile(v):
 	v.profileurl = imageurl
 	g.db.add(v)

-	return render_template("settings_profile.html",
-							v=v, msg="Profile picture successfully updated.")
+	return render_template("settings_profile.html", v=v, msg="Profile picture successfully updated.")


@app.post("/settings/images/banner")
@ -351,7 +351,7 @@ def settings_images_banner(v):
 		g.db.rollback()
 		abort(413)

-	v.bannerurl = None
+	if request.headers.get("cf-ipcountry") == "T1": return "Image uploads are not allowed through TOR.", 403
 	imageurl = upload_file(request.files["banner"])
 	if imageurl:
 		v.bannerurl = imageurl