From 8299b77942c3edb601fca2514fdf1225df289fdf Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 30 Jan 2021 11:47:09 +0000 Subject: [PATCH] Check for dangerout markup in downloaded announces --- daemon.py | 77 +++++++++++++++++++++++++++++++------------ inbox.py | 20 +++++++---- posts.py | 29 +++++++++------- webapp_confirm.py | 5 +-- webapp_frontscreen.py | 8 +++-- webapp_moderation.py | 5 +-- webapp_post.py | 14 ++++++-- webapp_profile.py | 14 +++++--- webapp_search.py | 8 +++-- webapp_timeline.py | 70 ++++++++++++++++++++++++++------------- 10 files changed, 173 insertions(+), 77 deletions(-) diff --git a/daemon.py b/daemon.py index 5ad42d349..03b84ca40 100644 --- a/daemon.py +++ b/daemon.py @@ -2614,7 +2614,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.projectVersion, self.server.YTReplacementDomain, self.server.showPublishedDateOnly, - self.server.peertubeInstances) + self.server.peertubeInstances, + self.server.allowLocalNetworkAccess) if hashtagStr: msg = hashtagStr.encode('utf-8') msglen = len(msg) @@ -2666,7 +2667,8 @@ class PubServer(BaseHTTPRequestHandler): port, self.server.YTReplacementDomain, self.server.showPublishedDateOnly, - self.server.peertubeInstances) + self.server.peertubeInstances, + self.server.allowLocalNetworkAccess) if historyStr: msg = historyStr.encode('utf-8') msglen = len(msg) @@ -2733,6 +2735,8 @@ class PubServer(BaseHTTPRequestHandler): return else: showPublishedDateOnly = self.server.showPublishedDateOnly + allowLocalNetworkAccess = \ + self.server.allowLocalNetworkAccess profileStr = \ htmlProfileAfterSearch(self.server.cssCache, self.server.recentPostsCache, @@ -2753,7 +2757,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.YTReplacementDomain, showPublishedDateOnly, self.server.defaultTimeline, - self.server.peertubeInstances) + self.server.peertubeInstances, + allowLocalNetworkAccess) if profileStr: msg = profileStr.encode('utf-8') msglen = len(msg) @@ -5674,7 +5679,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.projectVersion, self.server.YTReplacementDomain, self.server.showPublishedDateOnly, - self.server.peertubeInstances) + self.server.peertubeInstances, + self.server.allowLocalNetworkAccess) if hashtagStr: msg = hashtagStr.encode('utf-8') msglen = len(msg) @@ -6636,7 +6642,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.personCache, callingDomain, self.server.YTReplacementDomain, self.server.showPublishedDateOnly, - self.server.peertubeInstances) + self.server.peertubeInstances, + self.server.allowLocalNetworkAccess) if deleteStr: deleteStrLen = len(deleteStr) self._set_headers('text/html', deleteStrLen, @@ -6840,7 +6847,8 @@ class PubServer(BaseHTTPRequestHandler): projectVersion, ytDomain, self.server.showPublishedDateOnly, - peertubeInstances) + peertubeInstances, + self.server.allowLocalNetworkAccess) msg = msg.encode('utf-8') msglen = len(msg) self._set_headers('text/html', msglen, @@ -6926,7 +6934,8 @@ class PubServer(BaseHTTPRequestHandler): projectVersion, ytDomain, self.server.showPublishedDateOnly, - peertubeInstances) + peertubeInstances, + self.server.allowLocalNetworkAccess) msg = msg.encode('utf-8') msglen = len(msg) self._set_headers('text/html', msglen, @@ -7013,6 +7022,7 @@ class PubServer(BaseHTTPRequestHandler): self.server.themeName, self.server.dormantMonths, self.server.peertubeInstances, + self.server.allowLocalNetworkAccess, actorJson['roles'], None, None) msg = msg.encode('utf-8') @@ -7077,6 +7087,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.showPublishedDateOnly iconsAsButtons = \ self.server.iconsAsButtons + allowLocalNetworkAccess = \ + self.server.allowLocalNetworkAccess msg = \ htmlProfile(self.server.rssIconAtTop, self.server.cssCache, @@ -7097,6 +7109,7 @@ class PubServer(BaseHTTPRequestHandler): self.server.themeName, self.server.dormantMonths, self.server.peertubeInstances, + allowLocalNetworkAccess, actorJson['skills'], None, None) msg = msg.encode('utf-8') @@ -7208,6 +7221,8 @@ class PubServer(BaseHTTPRequestHandler): peertubeInstances = \ self.server.peertubeInstances cssCache = self.server.cssCache + allowLocalNetworkAccess = \ + self.server.allowLocalNetworkAccess msg = \ htmlIndividualPost(cssCache, recentPostsCache, @@ -7227,7 +7242,8 @@ class PubServer(BaseHTTPRequestHandler): likedBy, ytDomain, showPublishedDateOnly, - peertubeInstances) + peertubeInstances, + allowLocalNetworkAccess) msg = msg.encode('utf-8') msglen = len(msg) self._set_headers('text/html', msglen, @@ -7329,6 +7345,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.showPublishedDateOnly peertubeInstances = \ self.server.peertubeInstances + allowLocalNetworkAccess = \ + self.server.allowLocalNetworkAccess msg = \ htmlIndividualPost(self.server.cssCache, recentPostsCache, @@ -7348,7 +7366,8 @@ class PubServer(BaseHTTPRequestHandler): likedBy, ytDomain, showPublishedDateOnly, - peertubeInstances) + peertubeInstances, + allowLocalNetworkAccess) msg = msg.encode('utf-8') msglen = len(msg) self._set_headers('text/html', msglen, @@ -7481,7 +7500,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.publishButtonAtTop, authorized, self.server.themeName, - self.server.peertubeInstances) + self.server.peertubeInstances, + self.server.allowLocalNetworkAccess) if GETstartTime: self._benchmarkGETtimings(GETstartTime, GETtimings, 'show status done', @@ -7608,7 +7628,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.rssIconAtTop, self.server.publishButtonAtTop, authorized, self.server.themeName, - self.server.peertubeInstances) + self.server.peertubeInstances, + self.server.allowLocalNetworkAccess) msg = msg.encode('utf-8') msglen = len(msg) self._set_headers('text/html', msglen, @@ -7728,7 +7749,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.rssIconAtTop, self.server.publishButtonAtTop, authorized, self.server.themeName, - self.server.peertubeInstances) + self.server.peertubeInstances, + self.server.allowLocalNetworkAccess) msg = msg.encode('utf-8') msglen = len(msg) self._set_headers('text/html', msglen, @@ -7849,7 +7871,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.publishButtonAtTop, authorized, self.server.themeName, - self.server.peertubeInstances) + self.server.peertubeInstances, + self.server.allowLocalNetworkAccess) msg = msg.encode('utf-8') msglen = len(msg) self._set_headers('text/html', msglen, @@ -7970,7 +7993,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.publishButtonAtTop, authorized, self.server.themeName, - self.server.peertubeInstances) + self.server.peertubeInstances, + self.server.allowLocalNetworkAccess) msg = msg.encode('utf-8') msglen = len(msg) self._set_headers('text/html', msglen, @@ -8100,7 +8124,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.publishButtonAtTop, authorized, self.server.themeName, - self.server.peertubeInstances) + self.server.peertubeInstances, + self.server.allowLocalNetworkAccess) msg = msg.encode('utf-8') msglen = len(msg) self._set_headers('text/html', msglen, @@ -8226,7 +8251,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.publishButtonAtTop, authorized, self.server.themeName, - self.server.peertubeInstances) + self.server.peertubeInstances, + self.server.allowLocalNetworkAccess) msg = msg.encode('utf-8') msglen = len(msg) self._set_headers('text/html', msglen, @@ -8313,7 +8339,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.rssIconAtTop, self.server.publishButtonAtTop, authorized, self.server.themeName, - self.server.peertubeInstances) + self.server.peertubeInstances, + self.server.allowLocalNetworkAccess) msg = msg.encode('utf-8') msglen = len(msg) self._set_headers('text/html', msglen, @@ -8417,7 +8444,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.publishButtonAtTop, authorized, self.server.themeName, - self.server.peertubeInstances) + self.server.peertubeInstances, + self.server.allowLocalNetworkAccess) msg = msg.encode('utf-8') msglen = len(msg) self._set_headers('text/html', msglen, @@ -8541,7 +8569,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.publishButtonAtTop, authorized, self.server.themeName, - self.server.peertubeInstances) + self.server.peertubeInstances, + self.server.allowLocalNetworkAccess) msg = msg.encode('utf-8') msglen = len(msg) self._set_headers('text/html', msglen, @@ -8657,7 +8686,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.publishButtonAtTop, authorized, self.server.themeName, - self.server.peertubeInstances) + self.server.peertubeInstances, + self.server.allowLocalNetworkAccess) msg = msg.encode('utf-8') msglen = len(msg) self._set_headers('text/html', msglen, @@ -8763,7 +8793,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.publishButtonAtTop, authorized, moderationActionStr, self.server.themeName, - self.server.peertubeInstances) + self.server.peertubeInstances, + self.server.allowLocalNetworkAccess) msg = msg.encode('utf-8') msglen = len(msg) self._set_headers('text/html', msglen, @@ -8863,6 +8894,7 @@ class PubServer(BaseHTTPRequestHandler): self.server.themeName, self.server.dormantMonths, self.server.peertubeInstances, + self.server.allowLocalNetworkAccess, shares, pageNumber, sharesPerPage) msg = msg.encode('utf-8') @@ -8959,6 +8991,7 @@ class PubServer(BaseHTTPRequestHandler): self.server.themeName, self.server.dormantMonths, self.server.peertubeInstances, + self.server.allowLocalNetworkAccess, following, pageNumber, followsPerPage).encode('utf-8') @@ -9055,6 +9088,7 @@ class PubServer(BaseHTTPRequestHandler): self.server.themeName, self.server.dormantMonths, self.server.peertubeInstances, + self.server.allowLocalNetworkAccess, followers, pageNumber, followsPerPage).encode('utf-8') @@ -9174,6 +9208,7 @@ class PubServer(BaseHTTPRequestHandler): self.server.themeName, self.server.dormantMonths, self.server.peertubeInstances, + self.server.allowLocalNetworkAccess, None, None).encode('utf-8') msglen = len(msg) self._set_headers('text/html', msglen, diff --git a/inbox.py b/inbox.py index b572a3043..1dbf18af1 100644 --- a/inbox.py +++ b/inbox.py @@ -151,7 +151,8 @@ def _inboxStorePostToHtmlCache(recentPostsCache: {}, maxRecentPosts: int, postJsonObject: {}, allowDeletion: bool, boxname: str, showPublishedDateOnly: bool, - peertubeInstances: []) -> None: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> None: """Converts the json post into html and stores it in a cache This enables the post to be quickly displayed later """ @@ -168,7 +169,7 @@ def _inboxStorePostToHtmlCache(recentPostsCache: {}, maxRecentPosts: int, avatarUrl, True, allowDeletion, httpPrefix, __version__, boxname, None, showPublishedDateOnly, - peertubeInstances, + peertubeInstances, allowLocalNetworkAccess, not isDM(postJsonObject), True, True, False, True) @@ -1259,7 +1260,8 @@ def _receiveAnnounce(recentPostsCache: {}, sendThreads: [], postLog: [], cachedWebfingers: {}, personCache: {}, messageJson: {}, federationList: [], debug: bool, translate: {}, - YTReplacementDomain: str) -> bool: + YTReplacementDomain: str, + allowLocalNetworkAccess: bool) -> bool: """Receives an announce activity within the POST section of HTTPServer """ if messageJson['type'] != 'Announce': @@ -1338,7 +1340,8 @@ def _receiveAnnounce(recentPostsCache: {}, postJsonObject = downloadAnnounce(session, baseDir, httpPrefix, nickname, domain, messageJson, __version__, translate, - YTReplacementDomain) + YTReplacementDomain, + allowLocalNetworkAccess) if not postJsonObject: if domain not in messageJson['object'] and \ onionDomain not in messageJson['object']: @@ -2119,7 +2122,8 @@ def _inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int, messageJson, federationList, debug, translate, - YTReplacementDomain): + YTReplacementDomain, + allowLocalNetworkAccess): if debug: print('DEBUG: Announce accepted from ' + actor) @@ -2299,7 +2303,8 @@ def _inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int, if isImageMedia(session, baseDir, httpPrefix, nickname, domain, postJsonObject, - translate, YTReplacementDomain): + translate, YTReplacementDomain, + allowLocalNetworkAccess): # media index will be updated updateIndexList.append('tlmedia') if isBlogPost(postJsonObject): @@ -2349,7 +2354,8 @@ def _inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int, allowDeletion, boxname, showPublishedDateOnly, - peertubeInstances) + peertubeInstances, + allowLocalNetworkAccess) if debug: timeDiff = \ str(int((time.time() - htmlCacheStartTime) * diff --git a/posts.py b/posts.py index 6dd6c7e31..73e16d236 100644 --- a/posts.py +++ b/posts.py @@ -57,6 +57,7 @@ from utils import votesOnNewswireItem from utils import removeHtml from media import attachMedia from media import replaceYouTube +from content import dangerousMarkup from content import tagExists from content import removeLongWords from content import addHtmlTags @@ -2908,7 +2909,8 @@ def isDM(postJsonObject: {}) -> bool: def isImageMedia(session, baseDir: str, httpPrefix: str, nickname: str, domain: str, postJsonObject: {}, translate: {}, - YTReplacementDomain: str) -> bool: + YTReplacementDomain: str, + allowLocalNetworkAccess: bool) -> bool: """Returns true if the given post has attached image media """ if postJsonObject['type'] == 'Announce': @@ -2916,7 +2918,8 @@ def isImageMedia(session, baseDir: str, httpPrefix: str, downloadAnnounce(session, baseDir, httpPrefix, nickname, domain, postJsonObject, __version__, translate, - YTReplacementDomain) + YTReplacementDomain, + allowLocalNetworkAccess) if postJsonAnnounce: postJsonObject = postJsonAnnounce if postJsonObject['type'] != 'Create': @@ -3831,7 +3834,8 @@ def _rejectAnnounce(announceFilename: str): def downloadAnnounce(session, baseDir: str, httpPrefix: str, nickname: str, domain: str, postJsonObject: {}, projectVersion: str, - translate: {}, YTReplacementDomain: str) -> {}: + translate: {}, YTReplacementDomain: str, + allowLocalNetworkAccess: bool) -> {}: """Download the post referenced by an announce """ if not postJsonObject.get('object'): @@ -3919,12 +3923,11 @@ def downloadAnnounce(session, baseDir: str, httpPrefix: str, return None if not announcedJson.get('type'): _rejectAnnounce(announceFilename) - # pprint(announcedJson) return None if announcedJson['type'] != 'Note' and \ announcedJson['type'] != 'Article': + # You can only announce Note or Article types _rejectAnnounce(announceFilename) - # pprint(announcedJson) return None if not announcedJson.get('content'): _rejectAnnounce(announceFilename) @@ -3935,16 +3938,20 @@ def downloadAnnounce(session, baseDir: str, httpPrefix: str, if not validPostDate(announcedJson['published']): _rejectAnnounce(announceFilename) return None - if isFiltered(baseDir, nickname, domain, announcedJson['content']): + + # Check the content of the announce + contentStr = announcedJson['content'] + if dangerousMarkup(contentStr, allowLocalNetworkAccess): + _rejectAnnounce(announceFilename) + return None + if isFiltered(baseDir, nickname, domain, contentStr): _rejectAnnounce(announceFilename) return None # remove any long words - announcedJson['content'] = \ - removeLongWords(announcedJson['content'], 40, []) + announcedJson['content'] = removeLongWords(contentStr, 40, []) # remove text formatting, such as bold/italics - announcedJson['content'] = \ - removeTextFormatting(announcedJson['content']) + announcedJson['content'] = removeTextFormatting(contentStr) # wrap in create to be consistent with other posts announcedJson = \ @@ -3952,8 +3959,8 @@ def downloadAnnounce(session, baseDir: str, httpPrefix: str, actorNickname, actorDomain, actorPort, announcedJson) if announcedJson['type'] != 'Create': + # Create wrap failed _rejectAnnounce(announceFilename) - # pprint(announcedJson) return None # labelAccusatoryPost(postJsonObject, translate) diff --git a/webapp_confirm.py b/webapp_confirm.py index 121777268..26b8289b7 100644 --- a/webapp_confirm.py +++ b/webapp_confirm.py @@ -30,7 +30,8 @@ def htmlConfirmDelete(cssCache: {}, callingDomain: str, YTReplacementDomain: str, showPublishedDateOnly: bool, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Shows a screen asking to confirm the deletion of a post """ if '/statuses/' not in messageId: @@ -70,7 +71,7 @@ def htmlConfirmDelete(cssCache: {}, httpPrefix, projectVersion, 'outbox', YTReplacementDomain, showPublishedDateOnly, - peertubeInstances, + peertubeInstances, allowLocalNetworkAccess, False, False, False, False, False) deletePostStr += '
' deletePostStr += \ diff --git a/webapp_frontscreen.py b/webapp_frontscreen.py index 473e223a1..97aadb938 100644 --- a/webapp_frontscreen.py +++ b/webapp_frontscreen.py @@ -29,7 +29,8 @@ def _htmlFrontScreenPosts(recentPostsCache: {}, maxRecentPosts: int, projectVersion: str, YTReplacementDomain: str, showPublishedDateOnly: bool, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Shows posts on the front screen of a news instance These should only be public blog posts from the features timeline which is the blog timeline of the news actor @@ -69,6 +70,7 @@ def _htmlFrontScreenPosts(recentPostsCache: {}, maxRecentPosts: int, YTReplacementDomain, showPublishedDateOnly, peertubeInstances, + allowLocalNetworkAccess, False, False, False, True, False) if postStr: profileStr += postStr + separatorStr @@ -91,6 +93,7 @@ def htmlFrontScreen(rssIconAtTop: bool, showPublishedDateOnly: bool, newswire: {}, theme: str, peertubeInstances: [], + allowLocalNetworkAccess: bool, extraJson=None, pageNumber=None, maxItemsPerPage=None) -> str: """Show the news instance front screen @@ -155,7 +158,8 @@ def htmlFrontScreen(rssIconAtTop: bool, projectVersion, YTReplacementDomain, showPublishedDateOnly, - peertubeInstances) + licenseStr + peertubeInstances, + allowLocalNetworkAccess) + licenseStr # Footer which is only used for system accounts profileFooterStr = ' \n' diff --git a/webapp_moderation.py b/webapp_moderation.py index 0195f1c64..27140ec23 100644 --- a/webapp_moderation.py +++ b/webapp_moderation.py @@ -42,7 +42,8 @@ def htmlModeration(cssCache: {}, defaultTimeline: str, rssIconAtTop: bool, publishButtonAtTop: bool, authorized: bool, moderationActionStr: str, - theme: str, peertubeInstances: []) -> str: + theme: str, peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show the moderation feed as html This is what you see when selecting the "mod" timeline """ @@ -57,7 +58,7 @@ def htmlModeration(cssCache: {}, defaultTimeline: str, showPublishAsIcon, fullWidthTimelineButtonHeader, iconsAsButtons, rssIconAtTop, publishButtonAtTop, authorized, moderationActionStr, theme, - peertubeInstances) + peertubeInstances, allowLocalNetworkAccess) def htmlAccountInfo(cssCache: {}, translate: {}, diff --git a/webapp_post.py b/webapp_post.py index ee2eab64f..52b5d2f52 100644 --- a/webapp_post.py +++ b/webapp_post.py @@ -1081,6 +1081,7 @@ def individualPostAsHtml(allowDownloads: bool, boxName: str, YTReplacementDomain: str, showPublishedDateOnly: bool, peertubeInstances: [], + allowLocalNetworkAccess: bool, showRepeats=True, showIcons=False, manuallyApprovesFollowers=False, @@ -1231,7 +1232,8 @@ def individualPostAsHtml(allowDownloads: bool, downloadAnnounce(session, baseDir, httpPrefix, nickname, domain, postJsonObject, projectVersion, translate, - YTReplacementDomain) + YTReplacementDomain, + allowLocalNetworkAccess) if not postJsonAnnounce: return '' postJsonObject = postJsonAnnounce @@ -1605,7 +1607,8 @@ def htmlIndividualPost(cssCache: {}, projectVersion: str, likedBy: str, YTReplacementDomain: str, showPublishedDateOnly: bool, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show an individual post as html """ postStr = '' @@ -1646,6 +1649,7 @@ def htmlIndividualPost(cssCache: {}, YTReplacementDomain, showPublishedDateOnly, peertubeInstances, + allowLocalNetworkAccess, False, authorized, False, False, False) messageId = removeIdEnding(postJsonObject['id']) @@ -1672,6 +1676,7 @@ def htmlIndividualPost(cssCache: {}, YTReplacementDomain, showPublishedDateOnly, peertubeInstances, + allowLocalNetworkAccess, False, authorized, False, False, False) + postStr @@ -1701,6 +1706,7 @@ def htmlIndividualPost(cssCache: {}, YTReplacementDomain, showPublishedDateOnly, peertubeInstances, + allowLocalNetworkAccess, False, authorized, False, False, False) cssFilename = baseDir + '/epicyon-profile.css' @@ -1721,7 +1727,8 @@ def htmlPostReplies(cssCache: {}, httpPrefix: str, projectVersion: str, YTReplacementDomain: str, showPublishedDateOnly: bool, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show the replies to an individual post as html """ repliesStr = '' @@ -1739,6 +1746,7 @@ def htmlPostReplies(cssCache: {}, YTReplacementDomain, showPublishedDateOnly, peertubeInstances, + allowLocalNetworkAccess, False, False, False, False, False) cssFilename = baseDir + '/epicyon-profile.css' diff --git a/webapp_profile.py b/webapp_profile.py index a439d38d8..91c4a7906 100644 --- a/webapp_profile.py +++ b/webapp_profile.py @@ -63,7 +63,8 @@ def htmlProfileAfterSearch(cssCache: {}, YTReplacementDomain: str, showPublishedDateOnly: bool, defaultTimeline: str, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show a profile page after a search for a fediverse address """ if hasUsersPath(profileHandle) or '/@' in profileHandle: @@ -292,7 +293,7 @@ def htmlProfileAfterSearch(cssCache: {}, httpPrefix, projectVersion, 'inbox', YTReplacementDomain, showPublishedDateOnly, - peertubeInstances, + peertubeInstances, allowLocalNetworkAccess, False, False, False, False, False) i += 1 if i >= 20: @@ -468,6 +469,7 @@ def htmlProfile(rssIconAtTop: bool, showPublishedDateOnly: bool, newswire: {}, theme: str, dormantMonths: int, peertubeInstances: [], + allowLocalNetworkAccess: bool, extraJson=None, pageNumber=None, maxItemsPerPage=None) -> str: """Show the profile page as html @@ -487,6 +489,7 @@ def htmlProfile(rssIconAtTop: bool, YTReplacementDomain, showPublishedDateOnly, newswire, theme, extraJson, + allowLocalNetworkAccess, pageNumber, maxItemsPerPage) domain, port = getDomainFromActor(profileJson['id']) @@ -756,7 +759,8 @@ def htmlProfile(rssIconAtTop: bool, projectVersion, YTReplacementDomain, showPublishedDateOnly, - peertubeInstances) + licenseStr + peertubeInstances, + allowLocalNetworkAccess) + licenseStr elif selected == 'following': profileStr += \ _htmlProfileFollowing(translate, baseDir, httpPrefix, @@ -805,7 +809,8 @@ def _htmlProfilePosts(recentPostsCache: {}, maxRecentPosts: int, projectVersion: str, YTReplacementDomain: str, showPublishedDateOnly: bool, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Shows posts on the profile screen These should only be public posts """ @@ -844,6 +849,7 @@ def _htmlProfilePosts(recentPostsCache: {}, maxRecentPosts: int, YTReplacementDomain, showPublishedDateOnly, peertubeInstances, + allowLocalNetworkAccess, False, False, False, True, False) if postStr: profileStr += postStr + separatorStr diff --git a/webapp_search.py b/webapp_search.py index 858cedec5..a574cb31b 100644 --- a/webapp_search.py +++ b/webapp_search.py @@ -520,7 +520,8 @@ def htmlHistorySearch(cssCache: {}, translate: {}, baseDir: str, port: int, YTReplacementDomain: str, showPublishedDateOnly: bool, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show a page containing search results for your post history """ if historysearch.startswith('!'): @@ -596,6 +597,7 @@ def htmlHistorySearch(cssCache: {}, translate: {}, baseDir: str, YTReplacementDomain, showPublishedDateOnly, peertubeInstances, + allowLocalNetworkAccess, showIndividualPostIcons, showIndividualPostIcons, False, False, False) @@ -617,7 +619,8 @@ def htmlHashtagSearch(cssCache: {}, httpPrefix: str, projectVersion: str, YTReplacementDomain: str, showPublishedDateOnly: bool, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show a page containing search results for a hashtag """ if hashtag.startswith('#'): @@ -766,6 +769,7 @@ def htmlHashtagSearch(cssCache: {}, YTReplacementDomain, showPublishedDateOnly, peertubeInstances, + allowLocalNetworkAccess, showRepeats, showIcons, manuallyApprovesFollowers, showPublicOnly, diff --git a/webapp_timeline.py b/webapp_timeline.py index 21c029e7b..c14d7c805 100644 --- a/webapp_timeline.py +++ b/webapp_timeline.py @@ -63,7 +63,8 @@ def htmlTimeline(cssCache: {}, defaultTimeline: str, authorized: bool, moderationActionStr: str, theme: str, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show the timeline as html """ enableTimingLog = False @@ -574,6 +575,7 @@ def htmlTimeline(cssCache: {}, defaultTimeline: str, YTReplacementDomain, showPublishedDateOnly, peertubeInstances, + allowLocalNetworkAccess, boxName != 'dm', showIndividualPostIcons, manuallyApproveFollowers, @@ -730,7 +732,8 @@ def htmlShares(cssCache: {}, defaultTimeline: str, rssIconAtTop: bool, publishButtonAtTop: bool, authorized: bool, theme: str, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show the shares timeline as html """ manuallyApproveFollowers = \ @@ -750,7 +753,8 @@ def htmlShares(cssCache: {}, defaultTimeline: str, positiveVoting, showPublishAsIcon, fullWidthTimelineButtonHeader, iconsAsButtons, rssIconAtTop, publishButtonAtTop, - authorized, None, theme, peertubeInstances) + authorized, None, theme, peertubeInstances, + allowLocalNetworkAccess) def htmlInbox(cssCache: {}, defaultTimeline: str, @@ -770,7 +774,8 @@ def htmlInbox(cssCache: {}, defaultTimeline: str, rssIconAtTop: bool, publishButtonAtTop: bool, authorized: bool, theme: str, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show the inbox as html """ manuallyApproveFollowers = \ @@ -790,7 +795,8 @@ def htmlInbox(cssCache: {}, defaultTimeline: str, positiveVoting, showPublishAsIcon, fullWidthTimelineButtonHeader, iconsAsButtons, rssIconAtTop, publishButtonAtTop, - authorized, None, theme, peertubeInstances) + authorized, None, theme, peertubeInstances, + allowLocalNetworkAccess) def htmlBookmarks(cssCache: {}, defaultTimeline: str, @@ -810,7 +816,8 @@ def htmlBookmarks(cssCache: {}, defaultTimeline: str, rssIconAtTop: bool, publishButtonAtTop: bool, authorized: bool, theme: str, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show the bookmarks as html """ manuallyApproveFollowers = \ @@ -830,7 +837,8 @@ def htmlBookmarks(cssCache: {}, defaultTimeline: str, positiveVoting, showPublishAsIcon, fullWidthTimelineButtonHeader, iconsAsButtons, rssIconAtTop, publishButtonAtTop, - authorized, None, theme, peertubeInstances) + authorized, None, theme, peertubeInstances, + allowLocalNetworkAccess) def htmlEvents(cssCache: {}, defaultTimeline: str, @@ -850,7 +858,8 @@ def htmlEvents(cssCache: {}, defaultTimeline: str, rssIconAtTop: bool, publishButtonAtTop: bool, authorized: bool, theme: str, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show the events as html """ manuallyApproveFollowers = \ @@ -870,7 +879,8 @@ def htmlEvents(cssCache: {}, defaultTimeline: str, positiveVoting, showPublishAsIcon, fullWidthTimelineButtonHeader, iconsAsButtons, rssIconAtTop, publishButtonAtTop, - authorized, None, theme, peertubeInstances) + authorized, None, theme, peertubeInstances, + allowLocalNetworkAccess) def htmlInboxDMs(cssCache: {}, defaultTimeline: str, @@ -890,7 +900,8 @@ def htmlInboxDMs(cssCache: {}, defaultTimeline: str, rssIconAtTop: bool, publishButtonAtTop: bool, authorized: bool, theme: str, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show the DM timeline as html """ return htmlTimeline(cssCache, defaultTimeline, @@ -905,7 +916,8 @@ def htmlInboxDMs(cssCache: {}, defaultTimeline: str, showPublishAsIcon, fullWidthTimelineButtonHeader, iconsAsButtons, rssIconAtTop, publishButtonAtTop, - authorized, None, theme, peertubeInstances) + authorized, None, theme, peertubeInstances, + allowLocalNetworkAccess) def htmlInboxReplies(cssCache: {}, defaultTimeline: str, @@ -925,7 +937,8 @@ def htmlInboxReplies(cssCache: {}, defaultTimeline: str, rssIconAtTop: bool, publishButtonAtTop: bool, authorized: bool, theme: str, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show the replies timeline as html """ return htmlTimeline(cssCache, defaultTimeline, @@ -941,7 +954,8 @@ def htmlInboxReplies(cssCache: {}, defaultTimeline: str, positiveVoting, showPublishAsIcon, fullWidthTimelineButtonHeader, iconsAsButtons, rssIconAtTop, publishButtonAtTop, - authorized, None, theme, peertubeInstances) + authorized, None, theme, peertubeInstances, + allowLocalNetworkAccess) def htmlInboxMedia(cssCache: {}, defaultTimeline: str, @@ -961,7 +975,8 @@ def htmlInboxMedia(cssCache: {}, defaultTimeline: str, rssIconAtTop: bool, publishButtonAtTop: bool, authorized: bool, theme: str, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show the media timeline as html """ return htmlTimeline(cssCache, defaultTimeline, @@ -977,7 +992,8 @@ def htmlInboxMedia(cssCache: {}, defaultTimeline: str, positiveVoting, showPublishAsIcon, fullWidthTimelineButtonHeader, iconsAsButtons, rssIconAtTop, publishButtonAtTop, - authorized, None, theme, peertubeInstances) + authorized, None, theme, peertubeInstances, + allowLocalNetworkAccess) def htmlInboxBlogs(cssCache: {}, defaultTimeline: str, @@ -997,7 +1013,8 @@ def htmlInboxBlogs(cssCache: {}, defaultTimeline: str, rssIconAtTop: bool, publishButtonAtTop: bool, authorized: bool, theme: str, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show the blogs timeline as html """ return htmlTimeline(cssCache, defaultTimeline, @@ -1013,7 +1030,8 @@ def htmlInboxBlogs(cssCache: {}, defaultTimeline: str, positiveVoting, showPublishAsIcon, fullWidthTimelineButtonHeader, iconsAsButtons, rssIconAtTop, publishButtonAtTop, - authorized, None, theme, peertubeInstances) + authorized, None, theme, peertubeInstances, + allowLocalNetworkAccess) def htmlInboxFeatures(cssCache: {}, defaultTimeline: str, @@ -1034,7 +1052,8 @@ def htmlInboxFeatures(cssCache: {}, defaultTimeline: str, publishButtonAtTop: bool, authorized: bool, theme: str, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show the features timeline as html """ return htmlTimeline(cssCache, defaultTimeline, @@ -1050,7 +1069,8 @@ def htmlInboxFeatures(cssCache: {}, defaultTimeline: str, positiveVoting, showPublishAsIcon, fullWidthTimelineButtonHeader, iconsAsButtons, rssIconAtTop, publishButtonAtTop, - authorized, None, theme, peertubeInstances) + authorized, None, theme, peertubeInstances, + allowLocalNetworkAccess) def htmlInboxNews(cssCache: {}, defaultTimeline: str, @@ -1070,7 +1090,8 @@ def htmlInboxNews(cssCache: {}, defaultTimeline: str, rssIconAtTop: bool, publishButtonAtTop: bool, authorized: bool, theme: str, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show the news timeline as html """ return htmlTimeline(cssCache, defaultTimeline, @@ -1086,7 +1107,8 @@ def htmlInboxNews(cssCache: {}, defaultTimeline: str, positiveVoting, showPublishAsIcon, fullWidthTimelineButtonHeader, iconsAsButtons, rssIconAtTop, publishButtonAtTop, - authorized, None, theme, peertubeInstances) + authorized, None, theme, peertubeInstances, + allowLocalNetworkAccess) def htmlOutbox(cssCache: {}, defaultTimeline: str, @@ -1106,7 +1128,8 @@ def htmlOutbox(cssCache: {}, defaultTimeline: str, rssIconAtTop: bool, publishButtonAtTop: bool, authorized: bool, theme: str, - peertubeInstances: []) -> str: + peertubeInstances: [], + allowLocalNetworkAccess: bool) -> str: """Show the Outbox as html """ manuallyApproveFollowers = \ @@ -1123,4 +1146,5 @@ def htmlOutbox(cssCache: {}, defaultTimeline: str, newswire, False, False, positiveVoting, showPublishAsIcon, fullWidthTimelineButtonHeader, iconsAsButtons, rssIconAtTop, publishButtonAtTop, - authorized, None, theme, peertubeInstances) + authorized, None, theme, peertubeInstances, + allowLocalNetworkAccess)