Domains were previously not validated before being handled, leading to a
potential scenario where someone could pass something like
"element_url=127.0.0.1:<port>/<resource>" to access other resources on a
machine running Whoogle. This change ensures that the resource used in
both endpoints is a valid domain.
This also includes validation of config names to prevent names from
including path values such as "../../(etc)".
When starting whoogle from another directory, the path to the calculator
widget was previously invalid. It now specifies the path relative to the widget
loader file.
The calculator was previously triggered for partial matches with words
like "calc", which meant searches containing the word "calcium" would
cause the calculator widget to appear.
Redirects to alternative frontends can now be defined using the
WHOOGLE_REDIRECTS environment variable. Usage is documented in the
readme, but is basically defined as <parent>:<new>.
Closes#988
This relates to an issue with an unknown cause (unable to reproduce on
my end) where the preferences string does not contain the correct amount
of padding on a base64 encoded value. This is mediated by appending
padding to the end of the encoded value, since any extra padding is
removed anyways.
Fixes#987
Defines separate environment variables for setting mobile vs desktop user
agents
Defines an environment variable for using the client's User-Agent
Co-authored-by: Ben Busby <contact@benbusby.com>
The .replit file gets autofilled with a ton of garbage when Whoogle is
imported, including a required "entrypoint" field that defaults to
"main.py" (even though the run and onBoot fields were already included
and should negate the need to specify an entrypoint, but whatever).
I'm not going to restructure Whoogle to fit what Replit wants, so I've
moved the startup commands to their own script (misc/replit.py) and
updated the "entrypoint" field in .replit.
More MarkupResemblesLocatorWarning warnings have been appearing. This
seems to be caused by parsing HTML content that contains a URL.
This new change suppresses the warning at the root level of the app
before any content has been parsed, so this error shouldn't appear
again.
Fixes#968
* Add translation for new strings from 7041b43db9
Use same terms as Google's zh-tw interface.
* Fix missing period
* Sync string order with en (easier for future updates)
Fix the exception `AttributeError: 'Filter' object has no attribute 'block_url'`
introduced in this commit [1].
`self.block_title` and `self.block_url` were members of the Filter
object[2], but not anymore after commit [1].
This bug can be reproduced with setting WHOOGLE_CONFIG_BLOCK_URL to a
non-empty string.
[1] 10a15e06e1
[2] 284a8102c8
An invalid parsing warning was being thrown by the latest version of the
bs4 library. This suppresses that warning from being shown in the
console.
A 404 handler was added to move logging from the console to the error
template, since a lot of users assumed that 404 errors from the result
page were problems with Whoogle itself.
Fixes#967