From 3008659ce047532a770c36d42d04f9a7670e7b25 Mon Sep 17 00:00:00 2001 From: BlenderDumbass Date: Mon, 9 Dec 2024 20:39:23 +0200 Subject: [PATCH] Security --- modules/Render.py | 40 +++++++++++++++++++++++++++++----------- modules/Run.py | 2 ++ 2 files changed, 31 insertions(+), 11 deletions(-) diff --git a/modules/Render.py b/modules/Render.py index 4ee7c44..a084129 100644 --- a/modules/Render.py +++ b/modules/Render.py @@ -81,6 +81,14 @@ def head(title="", description="", image="", config={}, author=""): + + + + """ + if author: + html = html + """ + + """ # Author tags. @@ -173,8 +181,17 @@ def validate(cookie): return Accounts[account] return {} -def isHuman(cookie): +def isHuman(server): + cookie = server.cookie + + # Identifying probable browsers + useragent = False + for i in ["Chrome", "Firefox", "Safari", "Mozilla"]: + if i in server.headers.get("User-Agent"): + useragent = True + break + if not useragent: return False return ( cookie in ProbablyHumanCookies and cookie in KnownCookies ) or validate(cookie) def moderates(moderator, user): @@ -849,7 +866,7 @@ def AccountPage(server, account): html = html + '' # Protecting emails and stuff from scrubbers - if isHuman(server.cookie): + if isHuman(server): # Website @@ -885,15 +902,15 @@ def AccountPage(server, account): try: - mastodon = mastohead(mastodon) - mastolink = mastolink(mastodon) + Mastodon = mastohead(mastodon) + Mastolink = mastolink(mastodon) html = html + '
' html = html + '' - html = html + ' '+mastodon+'' + html = html + ' '+Mastodon+'' html = html + '
' - except: - pass + except Exception as e: + print(e) # Matrix @@ -1642,7 +1659,7 @@ def Footer(server): Accounts = accounts() if account in Accounts: - if isHuman(server.cookie): + if isHuman(server): email = Accounts[account].get("email") if email: html = html + Button("Contact Admin", "mailto:"+email, "frase") @@ -2073,7 +2090,7 @@ def Error(server, text="Some Error Happened."): send(server, html, 501) -def FreeCompetitor(free, nonfree): +def FreeCompetitor(free, nonfree, score): html = """ @@ -2084,6 +2101,7 @@ def FreeCompetitor(free, nonfree): html = html + '

[icon fc]' html = html + free.get("names", ["Software"])[0]+'

' + icon = free.get("links", {}).get("icon", "") if icon: html = html + '
[thumbnail]
' @@ -2584,7 +2602,7 @@ def UpdatePublicationRights(server): def DoComment(server): # Limiting bots from commenting - if not isHuman(server.cookie): + if not isHuman(server): AccessDenied(server) return @@ -3347,7 +3365,7 @@ def Search(server): if soft[1].get("names", [""])[0] in fcdata.get("found", {}).get("data", {}).get("names", []): continue - html = html + FreeCompetitor(soft[1], fcdata.get("found", {}).get("data",{})) + html = html + FreeCompetitor(soft[1], fcdata.get("found", {}).get("data",{}), soft[0]) diff --git a/modules/Run.py b/modules/Run.py index 21a640c..8f8f40f 100644 --- a/modules/Run.py +++ b/modules/Run.py @@ -132,6 +132,8 @@ class handler(BaseHTTPRequestHandler): self.cookie = self.headers.get("Cookie") if self.cookie: self.cookie = self.cookie[-200:] + #print(self.headers) + # ignore = ["/rss"] # if not self.cookie and not self.path.startswith(tuple(ignore)):