diff --git a/WebHostLib/api/generate.py b/WebHostLib/api/generate.py
index 528a14df..1d9e6fd9 100644
--- a/WebHostLib/api/generate.py
+++ b/WebHostLib/api/generate.py
@@ -2,7 +2,7 @@ import json
import pickle
from uuid import UUID
-from flask import request, session, url_for
+from flask import request, session, url_for, Markup
from pony.orm import commit
from WebHostLib import app
@@ -21,7 +21,9 @@ def generate_api():
if 'file' in request.files:
file = request.files['file']
options = get_yaml_data(file)
- if type(options) == str:
+ if isinstance(options, Markup):
+ return {"text": options.striptags()}, 400
+ if isinstance(options, str):
return {"text": options}, 400
if "race" in request.form:
race = bool(0 if request.form["race"] in {"false"} else int(request.form["race"]))
diff --git a/WebHostLib/check.py b/WebHostLib/check.py
index cd45dff4..5ca44231 100644
--- a/WebHostLib/check.py
+++ b/WebHostLib/check.py
@@ -1,7 +1,7 @@
import zipfile
from typing import *
-from flask import request, flash, redirect, url_for, render_template
+from flask import request, flash, redirect, url_for, render_template, Markup
from WebHostLib import app
@@ -25,7 +25,7 @@ def check():
else:
file = request.files['file']
options = get_yaml_data(file)
- if type(options) == str:
+ if isinstance(options, str):
flash(options)
else:
results, _ = roll_options(options)
@@ -38,7 +38,7 @@ def mysterycheck():
return redirect(url_for("check"), 301)
-def get_yaml_data(file) -> Union[Dict[str, str], str]:
+def get_yaml_data(file) -> Union[Dict[str, str], str, Markup]:
options = {}
# if user does not select file, browser also
# submit an empty part without filename
@@ -50,6 +50,10 @@ def get_yaml_data(file) -> Union[Dict[str, str], str]:
with zipfile.ZipFile(file, 'r') as zfile:
infolist = zfile.infolist()
+ if any(file.filename.endswith(".archipelago") for file in infolist):
+ return Markup("Error: Your .zip file contains an .archipelago file. "
+ 'Did you mean to host a game?')
+
for file in infolist:
if file.filename.endswith(banned_zip_contents):
return "Uploaded data contained a rom file, which is likely to contain copyrighted material. Your file was deleted."
diff --git a/WebHostLib/generate.py b/WebHostLib/generate.py
index 11d70da2..c229698c 100644
--- a/WebHostLib/generate.py
+++ b/WebHostLib/generate.py
@@ -52,7 +52,7 @@ def generate(race=False):
else:
file = request.files['file']
options = get_yaml_data(file)
- if type(options) == str:
+ if isinstance(options, str):
flash(options)
else:
meta = get_meta(request.form)
diff --git a/WebHostLib/static/styles/globalStyles.css b/WebHostLib/static/styles/globalStyles.css
index d8b10d1c..a787b0c6 100644
--- a/WebHostLib/static/styles/globalStyles.css
+++ b/WebHostLib/static/styles/globalStyles.css
@@ -105,6 +105,9 @@ h5, h6{
margin-bottom: 20px;
background-color: #ffff00;
}
+.user-message a{
+ color: #ff7700;
+}
.interactive{
color: #ffef00;
diff --git a/WebHostLib/upload.py b/WebHostLib/upload.py
index 1aa60ffc..dd0d218e 100644
--- a/WebHostLib/upload.py
+++ b/WebHostLib/upload.py
@@ -5,7 +5,7 @@ import uuid
import zipfile
from io import BytesIO
-from flask import request, flash, redirect, url_for, session, render_template
+from flask import request, flash, redirect, url_for, session, render_template, Markup
from pony.orm import flush, select
import MultiServer
@@ -22,6 +22,10 @@ def upload_zip_to_db(zfile: zipfile.ZipFile, owner=None, meta={"race": False}, s
if not owner:
owner = session["_id"]
infolist = zfile.infolist()
+ if all(file.filename.endswith((".yaml", ".yml")) or file.is_dir() for file in infolist):
+ flash(Markup("Error: Your .zip file only contains .yaml files. "
+ 'Did you mean to generate a game?'))
+ return
slots: typing.Set[Slot] = set()
spoiler = ""
files = {}