skorotkiewicz/rDrama
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

privatize user CSS (fixes #273)

Browse source 
implements issue comment: https://github.com/themotte/rDrama/issues/273#issuecomment-1240543608
This commit is contained in:
justcool393 2023-02-25 02:51:06 -08:00 committed by GitHub
parent d0ba568738
commit fb65cf0416
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 31 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

12
files/routes/settings.py
View file

@ -497,20 +497,21 @@ def settings_images_banner(v):
@app.get("/settings/blocks")
@auth_required
def settings_blockedpage(v):
return render_template("settings_blocks.html", v=v)
@app.get("/settings/css")
@auth_required
def settings_css_get(v):
return render_template("settings_css.html", v=v)
@app.post("/settings/css")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
@auth_required
def settings_css(v):
css = request.values.get("css").strip().replace('\\', '').strip()[:4000]
css = sanitize_raw(request.values.get("css", "").replace('\\', ''), allow_newlines=True, length_limit=CSS_LENGTH_MAXIMUM)
ok, err = validate_css(css)
if not ok:
abort(400, err)
v.css = css
g.db.add(v)
g.db.commit()
@ -526,7 +527,10 @@ def settings_profilecss_get(v):
@limiter.limit("1/second;30/minute;200/hour;1000/day")
@auth_required
def settings_profilecss(v):
profilecss = request.values.get("profilecss").strip().replace('\\', '').strip()[:4000]
profilecss = sanitize_raw(request.values.get("profilecss", "").replace('\\', ''), allow_newlines=True, length_limit=CSS_LENGTH_MAXIMUM)
ok, err = validate_css(profilecss)
if not ok:
abort(400, err)
v.profilecss = profilecss
g.db.add(v)
g.db.commit()