In four contexts, Comment.replies(.) was not updated to reflect the
interface changes with comment filtering. This directly caused #170
and #172 (which was a stack trace from the former).
- Updating notifications for DMs (routes/users.py L690)
- Updating notifications for modmail (routes/users.py L729)
- morecomments for logged out users (routes/posts.py L421)
- JSON for API access (classes/comment.py L347)
All four contexts seem to behave correctly after the change. However,
strictly speaking the JSON generation will not include a user's own
filtered or removed comments, though this is hard to remedy without
passing the user object `v` to json_core. Propagating that through the
codebase seems a worse option than leaving it as is.
This change disables multimedia embedding:
- In comments and comments replies.
- In new submissions.
- In comment & submission preview
And it's all toggle-able via an envvar, except for the JS bits,
but I linked those to the github issue, so should be easy to find
in the future.
The way it works is:
- removes markdown image/video syntax,
eg. `` into ``
- changes link text into anchors, eg.
`https://example.org/someimage.jpg` into
`[https://example.org/someimage.jpg](https://example.org/someimage.jpg)`
- removes html img/video/audio tags, eg.
`<img href="https://example.org/someimage.jpg" />` into ``
- when embedding gifs via the giphy modal in "new submission", it will
insert only an anchor to the gif
- when attaching an image, it will upload the image, then add only an
anchor to the post/comment body
I tested this manually, but not sure if I got all the test cases. What I
checked was:
- create comment w/ image/video/audio media using markdown -> success
- create comment reply w/ image/video/audio media using markdown ->
success
- create comment w/ link to img/imgur/youtube/audio -> success
- create comment w/ attachment -> success
- create comment reply w/ attachment -> success
- create comment w/ img/video tag -> success
- create comment reply w/ image/video tag -> success
- create post submission w/ image/video/media using markdown -> success
- create post submission w/ link to img/imgur/youtube/audio -> success
- create post submission w/ attachment -> success
- create post submission w/ giphy gif -> success
Also, updated the formatting page.
Co-authored-by: Ben Rog-Wilhelm <zorba-github@pavlovian.net>
I tried reproducing the issues from #110 but without luck. The
workflow looks a little like this:
- User changes their avatar.
- This triggers a POST request to the profile endpoint.
- User clicks "Log out" from the dropdown menu"
- This triggers the post_toast function in js that makes a POST to
/logout, which clears the user's session. Then, on receipt of the
response, the js calls `location.reload`, which replays the
browser's last action, which in our case is the earlier POST
request to the profile endpoint. This is why the browser asks
whether it's OK to resubmit the data _again_. Agreeing resubmits
the first POST request.
- After `location.reload`, since the user is no longer logged in,
they either get a 405 (from the profile edit page) or a 500 (from
the profile overview page).
This PR then changes the `/logout` endpoint from POST to GET, then
updates the header template to change the "Log out" anchor to simply
link to "/logout" instead of calling any js.
Reasoning behind it:
- logout doesn't modify server-side resources, so it's safe to make it a
GET request.
- Making it a GET prevents the browser from ever displaying the "data
resubmit" warning window.
- The "/logout" endpoint can now simply redirect to the homepage.
It is intentional that the links show up on admin level 2 but aren't usable until admin level 3; I don't know what I want right now and I want to encourage admins to pester me about it.
* add feather asset from opensymbols
([url](https://www.opensymbols.org/symbols/language-craft/feather-b135df39?id=44015))
* update routes/login.py to use new feather.webp emoji
* update seed-db.sql to add feather emoji
Co-authored-by: Motte Lurk <mottelurk@proton.me>
Co-authored-by: Ben Rog-Wilhelm <zorba@pavlovian.net>
