custom code, fix thread and comment deletions

forum/db/sqlite.py

@@ -7,17 +7,6 @@ class DB:
         self.conn = conn
         pass
 
-    # ~ def get_config(self):
-    # ~ return (
-    # ~ self._db()
-    # ~ .execute(
-    # ~ """
-    # ~ select version, name, description, secret_key, captcha_key, registration_enabled, login_required from config
-    # ~ """
-    # ~ )
-    # ~ .fetchone()
-    # ~ )
-
     def get_forums(self):
         return self._db().execute(
             """
@@ -205,6 +194,21 @@ class DB:
             .fetchone()
         )
 
+    def get_comment_thread(self, comment_id):
+        """ Get the thread of a comment """
+        return (
+            self._db()
+            .execute(
+                """
+            select thread_id
+            from comments
+            where comment_id = ?
+            """,
+                (comment_id,),
+            )
+            .fetchone()[0]
+        )
+
     def get_subcomments(self, comment_id):
         db = self._db()
         thread_id, parent_id, title = db.execute(
@@ -628,26 +632,6 @@ class DB:
         )
         db.commit()
 
-    # ~ def set_config(
-    # ~ self, server_name, server_description, registration_enabled, login_required
-    # ~ ):
-    # ~ return self.change_one(
-    # ~ """
-    # ~ update config
-    # ~ set name = ?, description = ?, registration_enabled = ?, login_required = ?
-    # ~ """,
-    # ~ (server_name, server_description, registration_enabled, login_required),
-    # ~ )
-
-    # ~ def set_config_secrets(self, secret_key, captcha_key):
-    # ~ return self.change_one(
-    # ~ """
-    # ~ update config
-    # ~ set secret_key = ?, captcha_key = ?
-    # ~ """,
-    # ~ (secret_key, captcha_key),
-    # ~ )
-
     def set_user_ban(self, user_id, until):
         return self.change_one(
             """

forum/main.py

@@ -13,27 +13,13 @@ import captcha, password, minimd
 app = Flask(__name__)
 db = DB(os.getenv("DB"))
 config = Config(os.getenv("CONF"))
+custom_code = os.getenv("CUSTOM_PY",'custom.py')
 # This defaults to None, which allows CSRF attacks in FireFox
 # and older versions of Chrome.
 # 'Lax' is sufficient to prevent malicious POST requests.
 app.config["SESSION_COOKIE_SAMESITE"] = "Lax"
 app.config["SECRET_KEY"] = config.secret_key
 
-# ~ class Config:
-# ~ pass
-# ~ config = Config()
-# ~ (
-# ~ config.version,
-# ~ config.server_name,
-# ~ config.server_description,
-# ~ app.config["SECRET_KEY"],
-# ~ config.captcha_key,
-# ~ config.registration_enabled,
-# ~ config.login_required
-# ~ ) = db.get_config()
-# ~ app.config['user_css'] = os.path.exists(os.path.join(app.static_folder, 'user.css'))
-# ~ config.threads_per_page = 50
-
 if config.version != VERSION:
     print(f"Incompatible version {config.version} (expected {VERSION})")
     sys.exit(1)
@@ -281,6 +267,7 @@ def confirm_delete_thread(thread_id):
         config=config,
         user=get_user(),
         thread_title=title,
+        thread_id=thread_id
     )
 
 
@@ -289,13 +276,13 @@ def delete_thread(thread_id):
     user_id = session.get("user_id")
     if user_id is None:
         return redirect(url_for("login"))
-
+    forum_id = db.get_thread_forum(thread_id)
     if db.delete_thread(user_id, thread_id):
         flash("Thread has been deleted", "success")
     else:
         flash("Thread could not be removed", "error")
         # TODO return 403, maybe?
-    return redirect(url_for("index"))
+    return redirect(url_for("forum", forum_id=forum_id))
 
 
 def _add_comment_check_user():
@@ -346,6 +333,7 @@ def confirm_delete_comment(comment_id):
         user=get_user(),
         thread_title=title,
         text=text,
+        comment_id=comment_id
     )
 
 
@@ -354,13 +342,13 @@ def delete_comment(comment_id):
     user_id = session.get("user_id")
     if user_id is None:
         return redirect(url_for("login"))
-
+    thread_id = db.get_comment_thread(comment_id)
     if db.delete_comment(user_id, comment_id):
         flash("Comment has been deleted", "success")
     else:
         flash("Comment could not be removed", "error")
         # TODO return 403, maybe?
-    return redirect(url_for("index"))
+    return redirect(url_for("thread", thread_id = thread_id))
 
 
 @app.route("/thread/<int:thread_id>/edit/", methods=["GET", "POST"])
@@ -925,3 +913,10 @@ def trim_text(s):
     Because browsers LOVE \\r, trailing whitespace etc.
     """
     return s.replace("\r", "")
+
+
+#### custom code
+if os.path.exists(custom_code):
+    with open(custom_code, "rb") as source_file:
+        code = compile(source_file.read(), custom_code, "exec")
+    exec(code, globals(), locals())

forum/templates/confirm_delete_comment.html

@@ -4,10 +4,10 @@
 <p>Are you sure you want to delete this comment on "{{ thread_title }}"?</p>
 <div class=comment>{{ minimd(text) | safe }}</div>
 <p>
-	<form method="post" action="../delete" style=inline>
+	<form method="post" action="{{ url_for('delete_comment', comment_id = comment_id) }}" style=inline>
 		<input type="submit" value="Yes">
 	</form>
-	<form method="get" action=".." style=inline>
+	<form method="get" action="{{ url_for('comment', comment_id = comment_id) }}" style=inline>
 		<input type="submit" value="No">
 	</form>
 </p>

forum/templates/confirm_delete_thread.html

@@ -3,10 +3,10 @@
 {% block content %}
 <p>Are you sure you want to delete "{{ thread_title }}"?</p>
 <p>
-	<form method="post" action="../delete" style=inline>
+	<form method="post" action="{{ url_for('delete_thread', thread_id = thread_id) }}" style=inline>
 		<input type="submit" value="Yes">
 	</form>
-	<form method="get" action=".." style=inline>
+	<form method="get" action="{{ url_for('thread', thread_id = thread_id) }}" style=inline>
 		<input type="submit" value="No">
 	</form>
 </p>