indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Check for unauthorized removals

merge-requests/30/head
Bob Mottram 2020-07-11 15:22:05 +01:00
parent edf36ecd52
commit 19232de127
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
daemon.py
View File

@ -7142,6 +7142,12 @@ class PubServer(BaseHTTPRequestHandler):
self._benchmarkPOSTtimings(POSTstartTime, POSTtimings, 8) self._benchmarkPOSTtimings(POSTstartTime, POSTtimings, 8)
# removes a post # removes a post
if not authorized and self.path.endswith('/rmpost'):
print('ERROR: attempt to remove post was not authorized. ' +
self.path)
self._400()
self.server.POSTbusy = False
return
if authorized and self.path.endswith('/rmpost'): if authorized and self.path.endswith('/rmpost'):
pageNumber = 1 pageNumber = 1
usersPath = self.path.split('/rmpost')[0] usersPath = self.path.split('/rmpost')[0]
@ -7952,7 +7958,6 @@ class PubServer(BaseHTTPRequestHandler):
if not (self.path.endswith('/outbox') or if not (self.path.endswith('/outbox') or
self.path.endswith('/inbox') or self.path.endswith('/inbox') or
self.path.endswith('/shares') or self.path.endswith('/shares') or
self.path.endswith('/rmpost') or
self.path.endswith('/moderationaction') or self.path.endswith('/moderationaction') or
self.path.endswith('/caps/new') or self.path.endswith('/caps/new') or
self.path == '/sharedInbox'): self.path == '/sharedInbox'):