indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

DMs aren't visible to unathorized users, even if they know the postId

main
Bob Mottram 2021-01-08 22:38:24 +00:00
parent 4f8580dcce
commit 55bec518c0
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
daemon.py
View File

@ -65,6 +65,7 @@ from person import removeAccount
from person import canRemovePost from person import canRemovePost
from person import personSnooze from person import personSnooze
from person import personUnsnooze from person import personUnsnooze
from posts import isDM
from posts import isModerator from posts import isModerator
from posts import mutePost from posts import mutePost
from posts import unmutePost from posts import unmutePost
@ -6996,6 +6997,10 @@ class PubServer(BaseHTTPRequestHandler):
# more social graph info # more social graph info
if not authorized: if not authorized:
pjo = postJsonObject pjo = postJsonObject
if isDM(pjo):
self._404()
self.server.GETbusy = False
return True
self._removePostInteractions(pjo) self._removePostInteractions(pjo)
if self._requestHTTP(): if self._requestHTTP():
recentPostsCache = \ recentPostsCache = \
@ -7114,6 +7119,10 @@ class PubServer(BaseHTTPRequestHandler):
if not authorized: if not authorized:
pjo = postJsonObject pjo = postJsonObject
self._removePostInteractions(pjo) self._removePostInteractions(pjo)
if isDM(pjo):
self._404()
self.server.GETbusy = False
return True
if self._requestHTTP(): if self._requestHTTP():
recentPostsCache = \ recentPostsCache = \