mirror of
https://gitlab.com/SIGBUS/nyaa.git
synced 2024-12-22 13:00:00 +00:00
backend: count IP uploads in the user ratelimit
Users could double their ratelimit by uploading some torrents as anonymous submissions, then log into their account and post more. We can stop this by making the filter_uploader helper function use an sqlalchemy.or_ query to check for uploads from either that user or that user's IP.
This commit is contained in:
parent
532439356f
commit
8ee687cb89
|
@ -139,7 +139,9 @@ def check_uploader_ratelimit(user):
|
|||
|
||||
def filter_uploader(query):
|
||||
if user:
|
||||
return query.filter(Torrent.user == user)
|
||||
return query.filter(sqlalchemy.or_(
|
||||
Torrent.user == user,
|
||||
Torrent.uploader_ip == ip_address(flask.request.remote_addr).packed))
|
||||
else:
|
||||
return query.filter(Torrent.uploader_ip == ip_address(flask.request.remote_addr).packed)
|
||||
|
||||
|
|
Loading…
Reference in a new issue