Ailur-Archives
/
burgercat
Archived
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug fixes

This commit is contained in:
maaa 2023-07-10 15:01:57 +02:00
parent f03814918f
commit a92561f40a
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
main
View File

@ -159,7 +159,11 @@ def user(pageusername):
@app.route("/api/page/<userid>", methods=("GET", "POST")) @app.route("/api/page/<userid>", methods=("GET", "POST"))
def apipageuser(userid): def apipageuser(userid):
pageuser = get_user(userid) pageuser = get_user(userid)
addhtml = """<base target="_blank"/> <head><meta http-equiv="Content-Security-Policy" default-src='none'; content="img-src cdn.discordapp.com cdn.discordapp.net media.tenor.com; style-src: 'self';" /></head>""" addhtml = """
<!DOCTYPE html><script>
window.location.replace("http://localhost:8080/" """ + pageuser["id"] + """
</script>
<base target="_blank"/> <head><meta http-equiv="Content-Security-Policy" default-src='none'; content="img-src cdn.discordapp.com cdn.discordapp.net media.tenor.com; style-src: 'self';" /></head>"""
if not pageuser == "error": if not pageuser == "error":
return addhtml + pageuser["htmldescription"] return addhtml + pageuser["htmldescription"]
@ -379,6 +383,9 @@ def post():
flash("File is not an image!") flash("File is not an image!")
return redirect(url_for("post")) return redirect(url_for("post"))
userCookie = get_session(usersession)
user = get_user(userCookie["id"])
if not user["banned"] == "0": if not user["banned"] == "0":
flash("Your account has been banned. Reason: " + flash("Your account has been banned. Reason: " +
user["banned"]) user["banned"])
@ -390,9 +397,6 @@ def post():
file.save(os.path.join(UPLOAD_FOLDER, finalfilename)) file.save(os.path.join(UPLOAD_FOLDER, finalfilename))
imgurl = "/cdn/" + finalfilename imgurl = "/cdn/" + finalfilename
userCookie = get_session(usersession)
user = get_user(userCookie["id"])
conn = get_db_connection() conn = get_db_connection()
conn.execute("INSERT INTO posts (textstr, imageurl, creator, created) VALUES (?, ?, ?, ?)", conn.execute("INSERT INTO posts (textstr, imageurl, creator, created) VALUES (?, ?, ?, ?)",
(title, imgurl, userCookie["id"], str(time.time()))) (title, imgurl, userCookie["id"], str(time.time())))