the random c.sentto == 2 magic numbers in the code is... pretty
unmaintainable and unless you were aware of who "2" was, it's hard to
know what's going on.
in addition, we force modmail to go through the modmail path instead of
letting users bypass validation checks.
* titles: use rdrama's title finding code
this fixes a potential DoS in some really weird pages (seems to be a bug with BS4)
we're not parsing arbitrary HTML
in addition we make some nice checks
* unescape title to fix bug from upstream
* fix nameerror
* Do not proxy requests, since no proxy available.
On the upstream, the `proxies` dict was intended to use a local SOCKS
proxy running on port 18080 with the express purpose of masking the
server IP address. TheMotte isn't running behind a reverse proxy, so
this purpose is moot. Additionally, we don't have a proxy running in
Docker nor do we appear to have one on prod, which breaks autotitle
and thumbnailing regardless--not sure it matters for TheMotte's
use case, but both codepaths have been inoperative because of it.
* use gevent to timeout the function to prevent a
second theoretical DoS by sending data rly slowly
ref: 816389cf28
Co-authored-by: TLSM <duolsm@outlook.com>
The ADMINISTRATORS list contained hardcoded post IDs (in the 30000s)
intended to be used for uploading graphical assets onto a production
instance of the site. This functionality is not needed here, and the
special logic to bypass awards when commenting on those posts was
largely removed in 9d4195a89f.
Removes the following awards / fields on User:
- flairlock
- progressivestack
- bird
- longpost (pizzashill)
- marseyawarded
- rehab
- deflector
- mute
- unmutable
- eye (All-Seeing Eye)
- alt (Alt-Seeing Eye)
Primarily motivated by starting to remove some un-Mottelike cruft
from core commenting/posting routes. Cleared out other inapplicable
awards while in the process.
The Slur Replacer feature from rDrama has already been removed, but
the toggle for it in settings remained. A user in Discord pointed out
it was confusing and potentially disconcerting to have a default-on
toggle to 'enable slurs'.
Due to use of Submission.{choices, options, bet_options} in realbody,
generating submission_listings resulted in extremely high volume of
SELECT queries.
In local testing with 6 posts, one of which had a poll with 2 options,
the removal of these calls reduced quantity of queries on the homepage
from 84 to 22.
Given that it was previously decided to remove the polls feature after
a regression while adding comment filtering, the remaining dead code
paths for polls were also removed.
Ports in lightly modified logic from the upstream which tracks active
sessions to provide counters and listings to understand site traffic
in the admin panel.
