From 2bae5a5a3c99d474ce8187d2efe37bfa227b37b6 Mon Sep 17 00:00:00 2001
From: GDColon <therealgdcolon@gmail.com>
Date: Fri, 10 Apr 2020 22:04:59 -0400
Subject: [PATCH] Use IP for all GJP requests (requested by rob)

---
 api/leaderboardLevel.js        | 2 +-
 api/level.js                   | 1 +
 api/messages/countMessages.js  | 3 ++-
 api/messages/deleteMessage.js  | 3 ++-
 api/messages/fetchMessage.js   | 3 ++-
 api/messages/getMessages.js    | 3 ++-
 api/messages/sendMessage.js    | 3 ++-
 api/post/like.js               | 3 ++-
 api/post/postProfileComment.js | 3 ++-
 html/comments.html             | 1 +
 html/search.html               | 2 +-
 11 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/api/leaderboardLevel.js b/api/leaderboardLevel.js
index af28fde..b1ea2f4 100644
--- a/api/leaderboardLevel.js
+++ b/api/leaderboardLevel.js
@@ -19,7 +19,7 @@ module.exports = async (app, req, res) => {
     }  
 
     request.post(app.endpoint + 'getGJLevelScores211.php', {
-    form : params}, async function(err, resp, body) { 
+    form : params, headers: {'x-forwarded-for': req.headers['x-real-ip']}}, async function(err, resp, body) { 
 
       if (err || body == '-1' || !body) return res.send("-1")
       scores = body.split('|').map(x => app.parseResponse(x))
diff --git a/api/level.js b/api/level.js
index 116f4e0..f858c67 100644
--- a/api/level.js
+++ b/api/level.js
@@ -58,6 +58,7 @@ module.exports = async (app, req, res, api, analyze) => {
 
       else return fs.readFile('./html/level.html', 'utf8', function (err, data) {
         let html = data;
+        level.songName = level.songName.replace(/[^ -~]/g, "")  // strip off unsupported characters
         let variables = Object.keys(level)
         variables.forEach(x => {
           let regex = new RegExp(`\\[\\[${x.toUpperCase()}\\]\\]`, "g")
diff --git a/api/messages/countMessages.js b/api/messages/countMessages.js
index e10419c..045d801 100644
--- a/api/messages/countMessages.js
+++ b/api/messages/countMessages.js
@@ -17,7 +17,8 @@ module.exports = async (app, req, res) => {
   }
 
   request.post(app.endpoint + 'getGJUserInfo20.php', {
-    form: params
+    form: params,
+    headers: {'x-forwarded-for': req.headers['x-real-ip']}
   }, async function (err, resp, body) {
 
     if (err || body == '-1' || body == '-2' || !body) return res.status(400).send("Error fetching profile! Make sure your username and password are entered correctly.")
diff --git a/api/messages/deleteMessage.js b/api/messages/deleteMessage.js
index fd4d560..0c950cb 100644
--- a/api/messages/deleteMessage.js
+++ b/api/messages/deleteMessage.js
@@ -18,7 +18,8 @@ module.exports = async (app, req, res, api) => {
   let deleted = params.messages.split(",").length
 
   request.post(app.endpoint + 'deleteGJMessages20.php', {
-    form: params
+    form: params,
+    headers: {'x-forwarded-for': req.headers['x-real-ip']}
   }, async function (err, resp, body) {
 
     if (body != 1) return res.status(400).send("The Geometry Dash servers refused to delete the message! Make sure your username and password are entered correctly.")
diff --git a/api/messages/fetchMessage.js b/api/messages/fetchMessage.js
index af179e0..4526150 100644
--- a/api/messages/fetchMessage.js
+++ b/api/messages/fetchMessage.js
@@ -15,7 +15,8 @@ module.exports = async (app, req, res, api) => {
   }
 
   request.post(app.endpoint + 'downloadGJMessage20.php', {
-    form: params
+    form: params,
+    headers: {'x-forwarded-for': req.headers['x-real-ip']}
   }, async function (err, resp, body) {
 
     if (err || body == '-1' || !body) return res.status(400).send("Error fetching message!")
diff --git a/api/messages/getMessages.js b/api/messages/getMessages.js
index d306701..f335498 100644
--- a/api/messages/getMessages.js
+++ b/api/messages/getMessages.js
@@ -19,7 +19,8 @@ module.exports = async (app, req, res, api) => {
   }
 
   request.post(app.endpoint + 'getGJMessages20.php', {
-    form: params
+    form: params,
+    headers: {'x-forwarded-for': req.headers['x-real-ip']}
   }, async function (err, resp, body) {
 
     if (err || body == '-1' || body == '-2' || !body) return res.status(400).send("Error fetching messages!")
diff --git a/api/messages/sendMessage.js b/api/messages/sendMessage.js
index e194c49..71fbdf8 100644
--- a/api/messages/sendMessage.js
+++ b/api/messages/sendMessage.js
@@ -21,7 +21,8 @@ module.exports = async (app, req, res, api) => {
   }
 
   request.post(app.endpoint + 'uploadGJMessage20.php', {
-    form: params
+    form: params,
+    headers: {'x-forwarded-for': req.headers['x-real-ip']}
   }, async function (err, resp, body) {
 
     if (body != 1) return res.status(400).send("The Geometry Dash servers refused to send the message! Make sure your username and password are entered correctly.")
diff --git a/api/post/like.js b/api/post/like.js
index 420d76d..764ee74 100644
--- a/api/post/like.js
+++ b/api/post/like.js
@@ -36,7 +36,8 @@ module.exports = async (app, req, res) => {
   params.chk = chk
 
   request.post(app.endpoint + 'likeGJItem211.php', {
-    form: params
+    form: params,
+    headers: {'x-forwarded-for': req.headers['x-real-ip']}
   }, function (err, resp, body) {
     if (err) return res.status(400).send("The Geometry Dash servers returned an error! Perhaps they're down for maintenance")
     if (!body || body == "-1") return res.status(400).send("The Geometry Dash servers rejected your vote! Make sure your username and password are entered correctly.")
diff --git a/api/post/postProfileComment.js b/api/post/postProfileComment.js
index 21152c2..57cb506 100644
--- a/api/post/postProfileComment.js
+++ b/api/post/postProfileComment.js
@@ -31,7 +31,8 @@ module.exports = async (app, req, res) => {
   params.chk = chk
 
   request.post(app.endpoint + 'uploadGJAccComment20.php', {
-    form: params
+    form: params,
+    headers: {'x-forwarded-for': req.headers['x-real-ip']}
   }, function (err, resp, body) {
     if (err) return res.status(400).send("The Geometry Dash servers returned an error! Perhaps they're down for maintenance")
     if (!body || body == "-1") return res.status(400).send("The Geometry Dash servers rejected your profile post! Try again later, or make sure your username and password are entered correctly.")
diff --git a/html/comments.html b/html/comments.html
index e312f7f..a9e7fdc 100644
--- a/html/comments.html
+++ b/html/comments.html
@@ -163,6 +163,7 @@ fetch(target).then(res => res.json()).then(lvl => {
 		}
 		else $('#authorLink').attr('href', '../profile/' + lvl.author)
 		$('#levelName').text(lvl.name || ("Nonexistent level " + lvlID))
+		if (!lvl.name) $('#leaveComment').hide()
 		$('#levelAuthor').text("By " + (lvl.author || "-"))
 		$('#levelID').text("ID: " + lvlID)
 		if (lvl.accountID && lvl.author != "-") 
diff --git a/html/search.html b/html/search.html
index d5a2f6d..e223f04 100644
--- a/html/search.html
+++ b/html/search.html
@@ -181,7 +181,7 @@ function Append(firstLoad) {
 		$('#searchBox').append(`<div class="searchresult">
 			<h1 class="lessspaced">${x.name}</h1>
 			<h2 class="lessSpaced smaller inline gdButton ${hasAuthor ? "" : "green unregistered"}">${hasAuthor ? `<a href="../profile/${x.author}">By ${x.author}</a>` : `<a href="../search/${x.authorID}?user">By ${x.author}</a>`}</h2><h2 class="inline" style="margin-left: 1.5%; transform:translateY(30%)"> ${x.copiedID == '0' ? "" : '<img class="valign sideSpace" src="../assets/copied.png" height="12%">'}${x.large ? '<img class="valign sideSpaceD" src="../assets/large.png" height="12%">' : ''}</h2>
-			<h3 class="lessSpaced ${x.customSong == 0 ? "blue" : "whatIfItWasPurple"}" style="overflow: hidden;">${x.songName}</h3>
+			<h3 class="lessSpaced ${x.customSong == 0 ? "blue" : "whatIfItWasPurple"}" style="overflow: hidden;">${x.songName.replace(/[^ -~]/g, "")}</h3>
 			<h3 class="lessSpaced">
 				<img class="valign" src="../assets/time.png" height="14%"> ${x.length}
 				<img class="valign" src="../assets/download.png" height="14%"> ${x.downloads}