From 457004794ca7b29b677695fcaae9fefd32f05869 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Tue, 6 Jul 2021 10:44:45 +0100 Subject: [PATCH] Function for checking url prefixes --- utils.py | 12 +++++++ webapp_headerbuttons.py | 12 +++---- webapp_login.py | 73 ++++++++++++++++++++--------------------- webapp_media.py | 66 +++++++++++++++++-------------------- 4 files changed, 81 insertions(+), 82 deletions(-) diff --git a/utils.py b/utils.py index 6e291f1ae..0d85039cb 100644 --- a/utils.py +++ b/utils.py @@ -2536,3 +2536,15 @@ def getPortFromDomain(domain: str) -> int: if portStr.isdigit(): return int(portStr) return None + + +def validUrlPrefix(url: str) -> bool: + """Does the given url have a valid prefix? + """ + if '/' not in url: + return False + prefixes = ('https:', 'http:', 'hyper:', 'i2p:', 'gnunet:') + for pre in prefixes: + if url.startswith(pre): + return True + return False diff --git a/webapp_headerbuttons.py b/webapp_headerbuttons.py index 99ab01290..a50e01da6 100644 --- a/webapp_headerbuttons.py +++ b/webapp_headerbuttons.py @@ -54,8 +54,7 @@ def headerButtonsTimeline(defaultTimeline: str, # first button if defaultTimeline == 'tlmedia': tlStr += \ - '' # add other buttons diff --git a/webapp_login.py b/webapp_login.py index 72a0f3846..45de12739 100644 --- a/webapp_login.py +++ b/webapp_login.py @@ -36,18 +36,19 @@ def htmlGetLoginCredentials(loginParams: str, password = None register = False for arg in loginArgs: - if '=' in arg: - if arg.split('=', 1)[0] == 'username': - nickname = arg.split('=', 1)[1] - if nickname.startswith('@'): - nickname = nickname[1:] - if '@' in nickname: - # the full nickname@domain has been entered - nickname = nickname.split('@')[0] - elif arg.split('=', 1)[0] == 'password': - password = arg.split('=', 1)[1] - elif arg.split('=', 1)[0] == 'register': - register = True + if '=' not in arg: + continue + if arg.split('=', 1)[0] == 'username': + nickname = arg.split('=', 1)[1] + if nickname.startswith('@'): + nickname = nickname[1:] + if '@' in nickname: + # the full nickname@domain has been entered + nickname = nickname.split('@')[0] + elif arg.split('=', 1)[0] == 'password': + password = arg.split('=', 1)[1] + elif arg.split('=', 1)[0] == 'register': + register = True return nickname, password, register @@ -103,8 +104,7 @@ def htmlLogin(cssCache: {}, translate: {}, else: loginText = \ '

' + \ - translate['Please enter some credentials'] + '

' - loginText += \ + translate['Please enter some credentials'] + '

' + \ '

' + \ translate['You will become the admin of this site.'] + \ '

' @@ -132,8 +132,7 @@ def htmlLogin(cssCache: {}, translate: {}, TOSstr = \ '

' + \ - translate['About this Instance'] + '

' - TOSstr += \ + translate['About this Instance'] + '

' + \ '

' + \ translate['Terms of Service'] + '

' @@ -153,34 +152,32 @@ def htmlLogin(cssCache: {}, translate: {}, htmlHeaderWithWebsiteMarkup(cssFilename, instanceTitle, httpPrefix, domain, systemLanguage) - loginForm += '
\n' - loginForm += '
\n' - loginForm += '
\n' instanceTitle = getConfigParam(baseDir, 'instanceTitle') - loginForm += textModeLogoHtml + '\n' loginForm += \ + '
\n' + \ + '\n' + \ + '
\n' + \ + textModeLogoHtml + '\n' + \ ' ' + instanceTitle + '\n' - loginForm += loginText + TOSstr + '\n' - loginForm += '
\n' - loginForm += '\n' - loginForm += '
\n' - loginForm += ' \n' - loginForm += \ + '" alt="' + instanceTitle + '" class="loginimage">\n' + \ + loginText + TOSstr + '\n' + \ + '
\n' + \ + '\n' + \ + '
\n' + \ + ' \n' + \ ' \n' - loginForm += '\n' - loginForm += ' \n' - loginForm += \ + translate['Enter Nickname'] + \ + '" name="username" required autofocus>\n' + \ + '\n' + \ + ' \n' + \ ' \n' - loginForm += loginButtonStr + registerButtonStr + '\n' - loginForm += '
\n' - loginForm += '\n' - loginForm += \ + '" name="password" required>\n' + \ + loginButtonStr + registerButtonStr + '\n' + \ + '
\n' + \ + '\n' + \ '' + \ '' + \ diff --git a/webapp_media.py b/webapp_media.py index 4d5ff6366..5ef899fe0 100644 --- a/webapp_media.py +++ b/webapp_media.py @@ -8,6 +8,7 @@ __status__ = None: @@ -110,6 +111,8 @@ def _addEmbeddedVideoFromSites(translate: {}, content: str, if '"https://' in content: if peertubeInstances: + # only create an embedded video for a limited set of + # peertube sites. peerTubeSites = peertubeInstances else: # A default selection of the current larger peertube sites, @@ -160,19 +163,21 @@ def _addEmbeddedVideoFromSites(translate: {}, content: str, else: siteStr = 'https://' + site siteStr = '"' + siteStr - if siteStr in content: - url = content.split(siteStr)[1] - if '"' in url: - url = url.split('"')[0].replace('/watch/', '/embed/') - content = \ - content + "
\n\n
\n" - return content + if siteStr not in content: + continue + url = content.split(siteStr)[1] + if '"' not in url: + continue + url = url.split('"')[0].replace('/watch/', '/embed/') + content = \ + content + "
\n\n
\n" + return content return content @@ -205,19 +210,14 @@ def _addEmbeddedAudio(translate: {}, content: str) -> str: if not w.endswith(extension): continue - if not (w.startswith('http') or w.startswith('dat:') or - w.startswith('hyper:') or w.startswith('i2p:') or - w.startswith('gnunet:') or - '/' in w): + if not validUrlPrefix(w): continue - url = w - content += '
\n\n
\n' + '
\n\n
\n' return content @@ -251,23 +251,17 @@ def _addEmbeddedVideo(translate: {}, content: str) -> str: w = w[:-1] if not w.endswith(extension): continue - if not (w.startswith('http') or w.startswith('dat:') or - w.startswith('hyper:') or w.startswith('i2p:') or - w.startswith('gnunet:') or - '/' in w): + if not validUrlPrefix(w): continue - url = w content += \ '
\n' + \ ' \n
\n
\n' + 'preload="metadata">\n' + \ + '\n' + \ + translate['Your browser does not support the video element.'] + \ + '\n\n\n' return content