From 80b91435cf37d80a93ee830e28198773e6a35980 Mon Sep 17 00:00:00 2001 From: cuom1999 Date: Sat, 13 Jan 2024 19:05:36 -0600 Subject: [PATCH] Remove user script --- judge/admin/profile.py | 10 ---------- judge/fixtures/demo.json | 1 - judge/forms.py | 2 -- judge/migrations/0178_remove_user_script.py | 17 +++++++++++++++++ judge/models/profile.py | 7 ------- judge/user_log.py | 1 - templates/base.html | 5 ----- templates/user/edit-profile.html | 11 ----------- 8 files changed, 17 insertions(+), 37 deletions(-) create mode 100644 judge/migrations/0178_remove_user_script.py diff --git a/judge/admin/profile.py b/judge/admin/profile.py index 68ecee1..65522b3 100644 --- a/judge/admin/profile.py +++ b/judge/admin/profile.py @@ -71,7 +71,6 @@ class ProfileAdmin(VersionAdmin): "is_banned_problem_voting", "notes", "is_totp_enabled", - "user_script", "current_contest", ) readonly_fields = ("user",) @@ -160,15 +159,6 @@ class ProfileAdmin(VersionAdmin): recalculate_points.short_description = _("Recalculate scores") - def get_form(self, request, obj=None, **kwargs): - form = super(ProfileAdmin, self).get_form(request, obj, **kwargs) - if "user_script" in form.base_fields: - # form.base_fields['user_script'] does not exist when the user has only view permission on the model. - form.base_fields["user_script"].widget = AceWidget( - "javascript", request.profile.ace_theme - ) - return form - class UserAdmin(OldUserAdmin): # Customize the fieldsets for adding and editing users diff --git a/judge/fixtures/demo.json b/judge/fixtures/demo.json index 749128e..64b3012 100644 --- a/judge/fixtures/demo.json +++ b/judge/fixtures/demo.json @@ -19,7 +19,6 @@ "rating": null, "timezone": "America/Toronto", "user": 1, - "user_script": "" }, "model": "judge.profile", "pk": 1 diff --git a/judge/forms.py b/judge/forms.py index 8daeaba..c52eabe 100644 --- a/judge/forms.py +++ b/judge/forms.py @@ -78,12 +78,10 @@ class ProfileForm(ModelForm): "timezone", "language", "ace_theme", - "user_script", "profile_image", "css_background", ] widgets = { - "user_script": AceWidget(theme="github"), "timezone": Select2Widget(attrs={"style": "width:200px"}), "language": Select2Widget(attrs={"style": "width:200px"}), "ace_theme": Select2Widget(attrs={"style": "width:200px"}), diff --git a/judge/migrations/0178_remove_user_script.py b/judge/migrations/0178_remove_user_script.py new file mode 100644 index 0000000..dc4b560 --- /dev/null +++ b/judge/migrations/0178_remove_user_script.py @@ -0,0 +1,17 @@ +# Generated by Django 3.2.18 on 2024-01-14 01:04 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("judge", "0177_test_formatter"), + ] + + operations = [ + migrations.RemoveField( + model_name="profile", + name="user_script", + ), + ] diff --git a/judge/models/profile.py b/judge/models/profile.py index b8d3332..7c5b59c 100644 --- a/judge/models/profile.py +++ b/judge/models/profile.py @@ -207,13 +207,6 @@ class Profile(models.Model): default=False, ) rating = models.IntegerField(null=True, default=None, db_index=True) - user_script = models.TextField( - verbose_name=_("user script"), - default="", - blank=True, - max_length=65536, - help_text=_("User-defined JavaScript for site customization."), - ) current_contest = models.OneToOneField( "ContestParticipation", verbose_name=_("current contest"), diff --git a/judge/user_log.py b/judge/user_log.py index ab4ee53..b718b30 100644 --- a/judge/user_log.py +++ b/judge/user_log.py @@ -24,6 +24,5 @@ class LogUserAccessMiddleware(object): updates["ip"] = request.META.get(settings.META_REMOTE_ADDRESS_KEY) Profile.objects.filter(user_id=request.user.pk).update(**updates) cache.set(f"user_log_update_{request.user.id}", True, 120) - print("UPDATE", updates) return response diff --git a/templates/base.html b/templates/base.html index 4673ab2..f500306 100644 --- a/templates/base.html +++ b/templates/base.html @@ -374,11 +374,6 @@ {{ misc_config.analytics|safe }} {% endif %} - {# Don't run userscript since it may be malicious #} - {% if request.user.is_authenticated and request.profile.user_script and not request.user.is_impersonate %} - - {% endif %} -
{% block extra_js %}{% endblock %}
diff --git a/templates/user/edit-profile.html b/templates/user/edit-profile.html index 4356ccb..e857c5e 100644 --- a/templates/user/edit-profile.html +++ b/templates/user/edit-profile.html @@ -57,13 +57,6 @@ {% block js_media %} {% include "timezone/media-js.html" %} {{ form.media.js }} -