From 0ce6c608ed250e39b0c85909a2e4dd97378f2a13 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Thu, 20 May 2021 10:41:36 +0100 Subject: [PATCH 1/3] Don't remove + from fields --- content.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content.py b/content.py index baabd8c9e..f73198d1e 100644 --- a/content.py +++ b/content.py @@ -1049,5 +1049,5 @@ def extractTextFieldsInPOST(postBytes, boundary, debug: bool, if line > 2: postValue += '\n' postValue += postLines[line] - fields[postKey] = urllib.parse.unquote_plus(postValue) + fields[postKey] = urllib.parse.unquote(postValue) return fields From c6f65aed6a14a824ba3bb4e761956a6af182a835 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Thu, 20 May 2021 11:30:05 +0100 Subject: [PATCH 2/3] Indicate path for attempted deletes --- daemon.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon.py b/daemon.py index fb9f1ba8a..748bc99e0 100644 --- a/daemon.py +++ b/daemon.py @@ -7023,7 +7023,7 @@ class PubServer(BaseHTTPRequestHandler): """Delete button is pressed on a post """ if not cookie: - print('ERROR: no cookie given when deleting') + print('ERROR: no cookie given when deleting ' + path) self._400() self.server.GETbusy = False return From 0c5b44be09490006273a13e6156a33405eb17e62 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Thu, 20 May 2021 11:56:11 +0100 Subject: [PATCH 3/3] Check authorization --- daemon.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/daemon.py b/daemon.py index 748bc99e0..6cdc6a303 100644 --- a/daemon.py +++ b/daemon.py @@ -12067,7 +12067,7 @@ class PubServer(BaseHTTPRequestHandler): repeatPrivate = True self.path = self.path.replace('?repeatprivate=', '?repeat=') # announce/repeat button was pressed - if htmlGET and '?repeat=' in self.path: + if authorized and htmlGET and '?repeat=' in self.path: self._announceButton(callingDomain, self.path, self.server.baseDir, cookie, self.server.proxyType, @@ -12086,11 +12086,11 @@ class PubServer(BaseHTTPRequestHandler): 'emoji search shown done', 'show announce done') - if htmlGET and '?unrepeatprivate=' in self.path: + if authorized and htmlGET and '?unrepeatprivate=' in self.path: self.path = self.path.replace('?unrepeatprivate=', '?unrepeat=') # undo an announce/repeat from the web interface - if htmlGET and '?unrepeat=' in self.path: + if authorized and htmlGET and '?unrepeat=' in self.path: self._undoAnnounceButton(callingDomain, self.path, self.server.baseDir, cookie, self.server.proxyType, @@ -12189,7 +12189,7 @@ class PubServer(BaseHTTPRequestHandler): 'follow deny done') # like from the web interface icon - if htmlGET and '?like=' in self.path: + if authorized and htmlGET and '?like=' in self.path: self._likeButton(callingDomain, self.path, self.server.baseDir, self.server.httpPrefix, @@ -12208,7 +12208,7 @@ class PubServer(BaseHTTPRequestHandler): 'like shown done') # undo a like from the web interface icon - if htmlGET and '?unlike=' in self.path: + if authorized and htmlGET and '?unlike=' in self.path: self._undoLikeButton(callingDomain, self.path, self.server.baseDir, self.server.httpPrefix, @@ -12226,7 +12226,7 @@ class PubServer(BaseHTTPRequestHandler): 'unlike shown done') # bookmark from the web interface icon - if htmlGET and '?bookmark=' in self.path: + if authorized and htmlGET and '?bookmark=' in self.path: self._bookmarkButton(callingDomain, self.path, self.server.baseDir, self.server.httpPrefix, @@ -12245,7 +12245,7 @@ class PubServer(BaseHTTPRequestHandler): 'bookmark shown done') # undo a bookmark from the web interface icon - if htmlGET and '?unbookmark=' in self.path: + if authorized and htmlGET and '?unbookmark=' in self.path: self._undoBookmarkButton(callingDomain, self.path, self.server.baseDir, self.server.httpPrefix, @@ -12264,7 +12264,7 @@ class PubServer(BaseHTTPRequestHandler): 'unbookmark shown done') # delete button is pressed on a post - if htmlGET and '?delete=' in self.path: + if authorized and htmlGET and '?delete=' in self.path: self._deleteButton(callingDomain, self.path, self.server.baseDir, self.server.httpPrefix, @@ -12283,7 +12283,7 @@ class PubServer(BaseHTTPRequestHandler): 'delete shown done') # The mute button is pressed - if htmlGET and '?mute=' in self.path: + if authorized and htmlGET and '?mute=' in self.path: self._muteButton(callingDomain, self.path, self.server.baseDir, self.server.httpPrefix, @@ -12302,7 +12302,7 @@ class PubServer(BaseHTTPRequestHandler): 'post muted done') # unmute a post from the web interface icon - if htmlGET and '?unmute=' in self.path: + if authorized and htmlGET and '?unmute=' in self.path: self._undoMuteButton(callingDomain, self.path, self.server.baseDir, self.server.httpPrefix,