From edf36ecd52a565afa769692fa534757a2ac8681d Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 15:00:49 +0100
Subject: [PATCH 01/18] Permitted path

---
 daemon.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/daemon.py b/daemon.py
index 152285641..c1ea430d6 100644
--- a/daemon.py
+++ b/daemon.py
@@ -7952,6 +7952,7 @@ class PubServer(BaseHTTPRequestHandler):
         if not (self.path.endswith('/outbox') or
                 self.path.endswith('/inbox') or
                 self.path.endswith('/shares') or
+                self.path.endswith('/rmpost') or
                 self.path.endswith('/moderationaction') or
                 self.path.endswith('/caps/new') or
                 self.path == '/sharedInbox'):

From 19232de12744b7a0369fda30b1a2361ee7656db8 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 15:22:05 +0100
Subject: [PATCH 02/18] Check for unauthorized removals

---
 daemon.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/daemon.py b/daemon.py
index c1ea430d6..e262ce630 100644
--- a/daemon.py
+++ b/daemon.py
@@ -7142,6 +7142,12 @@ class PubServer(BaseHTTPRequestHandler):
         self._benchmarkPOSTtimings(POSTstartTime, POSTtimings, 8)
 
         # removes a post
+        if not authorized and self.path.endswith('/rmpost'):
+            print('ERROR: attempt to remove post was not authorized. ' +
+                  self.path)
+            self._400()
+            self.server.POSTbusy = False
+            return
         if authorized and self.path.endswith('/rmpost'):
             pageNumber = 1
             usersPath = self.path.split('/rmpost')[0]
@@ -7952,7 +7958,6 @@ class PubServer(BaseHTTPRequestHandler):
         if not (self.path.endswith('/outbox') or
                 self.path.endswith('/inbox') or
                 self.path.endswith('/shares') or
-                self.path.endswith('/rmpost') or
                 self.path.endswith('/moderationaction') or
                 self.path.endswith('/caps/new') or
                 self.path == '/sharedInbox'):

From 68a1559881b8ebc29519b2fe35796719abf5388a Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 16:10:30 +0100
Subject: [PATCH 03/18] Report auth failures

---
 daemon.py | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/daemon.py b/daemon.py
index e262ce630..623264b96 100644
--- a/daemon.py
+++ b/daemon.py
@@ -1067,19 +1067,18 @@ class PubServer(BaseHTTPRequestHandler):
                     # to be authorized to use an account you don't own
                     if '/' + nickname + '/' in self.path:
                         return True
-                    if '/' + nickname + '?' in self.path:
+                    elif '/' + nickname + '?' in self.path:
                         return True
-                    if self.path.endswith('/'+nickname):
+                    elif self.path.endswith('/'+nickname):
                         return True
                     print('AUTH: nickname ' + nickname +
                           ' was not found in path ' + self.path)
                     return False
-                if self.server.debug:
-                    print('AUTH: epicyon cookie ' +
-                          'authorization failed, header=' +
-                          self.headers['Cookie'].replace('epicyon=', '') +
-                          ' tokenStr=' + tokenStr + ' tokens=' +
-                          str(self.server.tokensLookup))
+                print('AUTH: epicyon cookie ' +
+                      'authorization failed, header=' +
+                      self.headers['Cookie'].replace('epicyon=', '') +
+                      ' tokenStr=' + tokenStr + ' tokens=' +
+                      str(self.server.tokensLookup))
                 return False
             print('AUTH: Header cookie was not authorized')
             return False

From bbaa8ac8419b338d4d4172b854a0f3288c4278dc Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 16:45:22 +0100
Subject: [PATCH 04/18] Show authorization

---
 daemon.py | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/daemon.py b/daemon.py
index 623264b96..6f4cf0768 100644
--- a/daemon.py
+++ b/daemon.py
@@ -5786,12 +5786,11 @@ class PubServer(BaseHTTPRequestHandler):
 
         # check authorization
         authorized = self._isAuthorized()
-        if self.server.debug:
-            if authorized:
-                print('POST Authorization granted')
-            else:
-                print('POST Not authorized')
-                print(str(self.headers))
+        if authorized:
+            print('POST Authorization granted')
+        else:
+            print('POST Not authorized')
+            print(str(self.headers))
 
         # if this is a POST to the outbox then check authentication
         self.outboxAuthenticated = False

From cb533b1222dd72eead3a96ae33e42c54987ad819 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 16:49:26 +0100
Subject: [PATCH 05/18] Simplify

---
 daemon.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/daemon.py b/daemon.py
index 6f4cf0768..f93c3456e 100644
--- a/daemon.py
+++ b/daemon.py
@@ -5786,9 +5786,7 @@ class PubServer(BaseHTTPRequestHandler):
 
         # check authorization
         authorized = self._isAuthorized()
-        if authorized:
-            print('POST Authorization granted')
-        else:
+        if not authorized:
             print('POST Not authorized')
             print(str(self.headers))
 

From 4b5040890ae9c387350bb882406d2ddf5ea68cca Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 16:54:58 +0100
Subject: [PATCH 06/18] Debug

---
 daemon.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/daemon.py b/daemon.py
index f93c3456e..670ee4f1c 100644
--- a/daemon.py
+++ b/daemon.py
@@ -3090,6 +3090,12 @@ class PubServer(BaseHTTPRequestHandler):
 
         # delete a post from the web interface icon
         if htmlGET and '?delete=' in self.path:
+            if not cookie:
+                print('ERROR: no cookie given when deleting')
+                self._400()
+                self.server.GETbusy = False
+                return
+            print('Cookie for delete: ' + str(cookie))
             pageNumber = 1
             if '?page=' in self.path:
                 pageNumberStr = self.path.split('?page=')[1]

From e59796b42693458fd3efaf2b8d5426487933e34e Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 17:57:00 +0100
Subject: [PATCH 07/18] Use calling domain when generating delete screen

---
 daemon.py       |  2 +-
 webinterface.py | 18 ++++++++++++++++--
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/daemon.py b/daemon.py
index 670ee4f1c..7cf42ff95 100644
--- a/daemon.py
+++ b/daemon.py
@@ -3164,7 +3164,7 @@ class PubServer(BaseHTTPRequestHandler):
                                    self.server.session, self.server.baseDir,
                                    deleteUrl, self.server.httpPrefix,
                                    __version__, self.server.cachedWebfingers,
-                                   self.server.personCache)
+                                   self.server.personCache, callingDomain)
                 if deleteStr:
                     self._set_headers('text/html', len(deleteStr),
                                       cookie, callingDomain)
diff --git a/webinterface.py b/webinterface.py
index d7e86d6cd..b57c388c8 100644
--- a/webinterface.py
+++ b/webinterface.py
@@ -5112,7 +5112,8 @@ def htmlDeletePost(recentPostsCache: {}, maxRecentPosts: int,
                    translate, pageNumber: int,
                    session, baseDir: str, messageId: str,
                    httpPrefix: str, projectVersion: str,
-                   wfRequest: {}, personCache: {}) -> str:
+                   wfRequest: {}, personCache: {},
+                   callingDomain: str) -> str:
     """Shows a screen asking to confirm the deletion of a post
     """
     if '/statuses/' not in messageId:
@@ -5121,6 +5122,10 @@ def htmlDeletePost(recentPostsCache: {}, maxRecentPosts: int,
     actor = messageId.split('/statuses/')[0]
     nickname = getNicknameFromActor(actor)
     domain, port = getDomainFromActor(actor)
+    domainFull = domain
+    if port:
+        if port != 80 and port != 443:
+            domainFull = domain + ':' + str(port)
 
     postFilename = locatePost(baseDir, nickname, domain, messageId)
     if not postFilename:
@@ -5157,7 +5162,16 @@ def htmlDeletePost(recentPostsCache: {}, maxRecentPosts: int,
         deletePostStr += \
             '  <p class="followText">' + \
             translate['Delete this post?'] + '</p>'
-        deletePostStr += '  <form method="POST" action="' + actor + '/rmpost">'
+        postActor = actor
+        if callingDomain not in actor and domainFull in actor:
+            if callingDomain.endswith('.onion') or \
+               callingDomain.endswith('.i2p'):
+                postActor = \
+                    'http://' + callingDomain + actor.split(domainFull)[1]
+                print('Changed POST domain from ' + actor + ' to ' + postActor)
+
+        deletePostStr += \
+            '  <form method="POST" action="' + postActor + '/rmpost">'
         deletePostStr += \
             '    <input type="hidden" name="pageNumber" value="' + \
             str(pageNumber) + '">'

From 3c811e9809846ec22c0c9af5ed76960d374fe9b0 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 18:00:56 +0100
Subject: [PATCH 08/18] Remove debug

---
 daemon.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/daemon.py b/daemon.py
index 7cf42ff95..9c0036492 100644
--- a/daemon.py
+++ b/daemon.py
@@ -3095,7 +3095,6 @@ class PubServer(BaseHTTPRequestHandler):
                 self._400()
                 self.server.GETbusy = False
                 return
-            print('Cookie for delete: ' + str(cookie))
             pageNumber = 1
             if '?page=' in self.path:
                 pageNumberStr = self.path.split('?page=')[1]

From 51d8b9fbe25a4f64383669e94f2e2c4ccdeb9c98 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 18:45:45 +0100
Subject: [PATCH 09/18] Calendar relative path

---
 webinterface.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/webinterface.py b/webinterface.py
index b57c388c8..53b63e600 100644
--- a/webinterface.py
+++ b/webinterface.py
@@ -5829,20 +5829,24 @@ def htmlCalendar(translate: {},
     with open(cssFilename, 'r') as cssFile:
         calendarStyle = cssFile.read()
 
+    calActor = actor
+    if '/users/' in actor:
+        calActor = '/users/' + actor.split('/users/')[1]
+
     calendarStr = htmlHeader(cssFilename, calendarStyle)
     calendarStr += '<main><table class="calendar">\n'
     calendarStr += '<caption class="calendar__banner--month">\n'
     calendarStr += \
-        '  <a href="' + actor + '/calendar?year=' + str(prevYear) + \
+        '  <a href="' + calActor + '/calendar?year=' + str(prevYear) + \
         '?month=' + str(prevMonthNumber) + '">'
     calendarStr += \
         '  <img loading="lazy" alt="' + translate['Previous month'] + \
         '" title="' + translate['Previous month'] + '" src="/' + iconsDir + \
         '/prev.png" class="buttonprev"/></a>\n'
-    calendarStr += '  <a href="' + actor + '/inbox">'
+    calendarStr += '  <a href="' + calActor + '/inbox">'
     calendarStr += '  <h1>' + monthName + '</h1></a>\n'
     calendarStr += \
-        '  <a href="' + actor + '/calendar?year=' + str(nextYear) + \
+        '  <a href="' + calActor + '/calendar?year=' + str(nextYear) + \
         '?month=' + str(nextMonthNumber) + '">'
     calendarStr += \
         '  <img loading="lazy" alt="' + translate['Next month'] + \
@@ -5884,7 +5888,7 @@ def htmlCalendar(translate: {},
                         if dayOfMonth == currDate.day:
                             isToday = True
                 if events.get(str(dayOfMonth)):
-                    url = actor + '/calendar?year=' + str(year) + '?month=' + \
+                    url = calActor + '/calendar?year=' + str(year) + '?month=' + \
                         str(monthNumber) + '?day=' + str(dayOfMonth)
                     dayLink = '<a href="' + url + '">' + \
                         str(dayOfMonth) + '</a>'

From ce04a4cf7ab2a76fc5d017117f05837c42a715e6 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 18:49:45 +0100
Subject: [PATCH 10/18] Calendar day

---
 webinterface.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/webinterface.py b/webinterface.py
index 53b63e600..77ebd0060 100644
--- a/webinterface.py
+++ b/webinterface.py
@@ -5648,11 +5648,15 @@ def htmlCalendarDay(translate: {},
     with open(cssFilename, 'r') as cssFile:
         calendarStyle = cssFile.read()
 
+    calActor = actor
+    if '/users/' in actor:
+        calActor = '/users/' + actor.split('/users/')[1]
+
     calendarStr = htmlHeader(cssFilename, calendarStyle)
     calendarStr += '<main><table class="calendar">\n'
     calendarStr += '<caption class="calendar__banner--month">\n'
     calendarStr += \
-        '  <a href="' + actor + '/calendar?year=' + str(year) + \
+        '  <a href="' + calActor + '/calendar?year=' + str(year) + \
         '?month=' + str(monthNumber) + '">'
     calendarStr += \
         '  <h1>' + str(dayNumber) + ' ' + monthName + \
@@ -5687,7 +5691,7 @@ def htmlCalendarDay(translate: {},
             deleteButtonStr = ''
             if postId:
                 deleteButtonStr = \
-                    '<td class="calendar__day__icons"><a href="' + actor + \
+                    '<td class="calendar__day__icons"><a href="' + calActor + \
                     '/eventdelete?id=' + postId + '?year=' + str(year) + \
                     '?month=' + str(monthNumber) + '?day=' + str(dayNumber) + \
                     '?time=' + eventTime + \

From 9f38c43254d870eb02e2a243d9fd8d91c57be5d2 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 18:51:40 +0100
Subject: [PATCH 11/18] Tidying

---
 webinterface.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/webinterface.py b/webinterface.py
index 77ebd0060..59ef09d1b 100644
--- a/webinterface.py
+++ b/webinterface.py
@@ -5892,7 +5892,8 @@ def htmlCalendar(translate: {},
                         if dayOfMonth == currDate.day:
                             isToday = True
                 if events.get(str(dayOfMonth)):
-                    url = calActor + '/calendar?year=' + str(year) + '?month=' + \
+                    url = calActor + '/calendar?year=' + \
+                        str(year) + '?month=' + \
                         str(monthNumber) + '?day=' + str(dayOfMonth)
                     dayLink = '<a href="' + url + '">' + \
                         str(dayOfMonth) + '</a>'

From 5fb01a6368b7f82c3f2d7885ea8f9e203cb6ad10 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 21:17:55 +0100
Subject: [PATCH 12/18] Tidying

---
 daemon.py       |  3 ++-
 webinterface.py | 28 +++++++++++++++++++---------
 2 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/daemon.py b/daemon.py
index 9c0036492..112e5c9f6 100644
--- a/daemon.py
+++ b/daemon.py
@@ -2386,7 +2386,8 @@ class PubServer(BaseHTTPRequestHandler):
                                                 self.server.httpPrefix,
                                                 self.server.domainFull,
                                                 postId, postTime,
-                                                postYear, postMonth, postDay)
+                                                postYear, postMonth, postDay,
+                                                callingDomain)
                 if not msg:
                     actor = \
                         self.server.httpPrefix + '://' + \
diff --git a/webinterface.py b/webinterface.py
index 59ef09d1b..26683ac9d 100644
--- a/webinterface.py
+++ b/webinterface.py
@@ -79,6 +79,19 @@ from petnames import getPetName
 from followingCalendar import receivingCalendarEvents
 
 
+def getUrlPath(actor: str, domainFull: str, callingDomain: str) -> str:
+    """Returns path from url
+    """
+    postActor = actor
+    if callingDomain not in actor and domainFull in actor:
+        if callingDomain.endswith('.onion') or \
+           callingDomain.endswith('.i2p'):
+            postActor = \
+                'http://' + callingDomain + actor.split(domainFull)[1]
+            print('Changed POST domain from ' + actor + ' to ' + postActor)
+    return postActor
+
+
 def getContentWarningButton(postID: str, translate: {},
                             content: str) -> str:
     """Returns the markup for a content warning button
@@ -5162,14 +5175,8 @@ def htmlDeletePost(recentPostsCache: {}, maxRecentPosts: int,
         deletePostStr += \
             '  <p class="followText">' + \
             translate['Delete this post?'] + '</p>'
-        postActor = actor
-        if callingDomain not in actor and domainFull in actor:
-            if callingDomain.endswith('.onion') or \
-               callingDomain.endswith('.i2p'):
-                postActor = \
-                    'http://' + callingDomain + actor.split(domainFull)[1]
-                print('Changed POST domain from ' + actor + ' to ' + postActor)
 
+        postActor = getUrlPath(actor, domainFull, callingDomain)
         deletePostStr += \
             '  <form method="POST" action="' + postActor + '/rmpost">'
         deletePostStr += \
@@ -5194,7 +5201,7 @@ def htmlCalendarDeleteConfirm(translate: {}, baseDir: str,
                               path: str, httpPrefix: str,
                               domainFull: str, postId: str, postTime: str,
                               year: int, monthNumber: int,
-                              dayNumber: int) -> str:
+                              dayNumber: int, callingDomain: str) -> str:
     """Shows a screen asking to confirm the deletion of a calendar event
     """
     nickname = getNicknameFromActor(path)
@@ -5232,7 +5239,10 @@ def htmlCalendarDeleteConfirm(translate: {}, baseDir: str,
         deletePostStr += '<center>'
         deletePostStr += '  <p class="followText">' + \
             translate['Delete this event'] + '</p>'
-        deletePostStr += '  <form method="POST" action="' + actor + '/rmpost">'
+
+        postActor = getUrlPath(actor, domainFull, callingDomain)
+        deletePostStr += \
+            '  <form method="POST" action="' + postActor + '/rmpost">'
         deletePostStr += '    <input type="hidden" name="year" value="' + \
             str(year) + '">'
         deletePostStr += '    <input type="hidden" name="month" value="' + \

From 9cfb556922097453edc850205349566fc0adc246 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 21:31:25 +0100
Subject: [PATCH 13/18] Only send paths to POST, not full urls

---
 daemon.py       |  5 +++--
 webinterface.py | 25 ++++++++++++++++++++-----
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/daemon.py b/daemon.py
index 112e5c9f6..15ecc1c5a 100644
--- a/daemon.py
+++ b/daemon.py
@@ -1643,7 +1643,8 @@ class PubServer(BaseHTTPRequestHandler):
                 self.server.domainFull + usersPath
             msg = htmlRemoveSharedItem(self.server.translate,
                                        self.server.baseDir,
-                                       actor, shareName).encode('utf-8')
+                                       actor, shareName,
+                                       callingDomain).encode('utf-8')
             if not msg:
                 if callingDomain.endswith('.onion') and \
                    self.server.onionDomain:
@@ -7065,7 +7066,7 @@ class PubServer(BaseHTTPRequestHandler):
                                               maxPostsInFeed,
                                               self.server.httpPrefix,
                                               self.server.domainFull,
-                                              actorStr)
+                                              actorStr, callingDomain)
                     if sharedItemsStr:
                         msg = sharedItemsStr.encode('utf-8')
                         self._login_headers('text/html',
diff --git a/webinterface.py b/webinterface.py
index 26683ac9d..d62f12cad 100644
--- a/webinterface.py
+++ b/webinterface.py
@@ -452,7 +452,8 @@ def htmlSearchSharedItems(translate: {},
                           pageNumber: int,
                           resultsPerPage: int,
                           httpPrefix: str,
-                          domainFull: str, actor: str) -> str:
+                          domainFull: str, actor: str,
+                          callingDomain: str) -> str:
     """Search results for shared items
     """
     iconsDir = getIconsDir(baseDir)
@@ -549,9 +550,13 @@ def htmlSearchSharedItems(translate: {},
                                     translate['Remove'] + '</button></a>'
                             sharedItemsForm += '</p></div>'
                             if not resultsExist and currPage > 1:
+                                postActor = \
+                                    getUrlPath(actor, domainFull,
+                                               callingDomain)
                                 # previous page link, needs to be a POST
                                 sharedItemsForm += \
-                                    '<form method="POST" action="' + actor + \
+                                    '<form method="POST" action="' + \
+                                    postActor + \
                                     '/searchhandle?page=' + \
                                     str(pageNumber - 1) + '">'
                                 sharedItemsForm += \
@@ -578,9 +583,13 @@ def htmlSearchSharedItems(translate: {},
                         if ctr >= resultsPerPage:
                             currPage += 1
                             if currPage > pageNumber:
+                                postActor = \
+                                    getUrlPath(actor, domainFull,
+                                               callingDomain)
                                 # next page link, needs to be a POST
                                 sharedItemsForm += \
-                                    '<form method="POST" action="' + actor + \
+                                    '<form method="POST" action="' + \
+                                    postActor + \
                                     '/searchhandle?page=' + \
                                     str(pageNumber + 1) + '">'
                                 sharedItemsForm += \
@@ -5060,12 +5069,17 @@ def htmlPostReplies(recentPostsCache: {}, maxRecentPosts: int,
 
 
 def htmlRemoveSharedItem(translate: {}, baseDir: str,
-                         actor: str, shareName: str) -> str:
+                         actor: str, shareName: str,
+                         callingDomain: str) -> str:
     """Shows a screen asking to confirm the removal of a shared item
     """
     itemID = getValidSharedItemID(shareName)
     nickname = getNicknameFromActor(actor)
     domain, port = getDomainFromActor(actor)
+    domainFull = domain
+    if port:
+        if port != 80 and port != 443:
+            domainFull = domain + ':' + str(port)
     sharesFile = baseDir + '/accounts/' + \
         nickname + '@' + domain + '/shares.json'
     if not os.path.isfile(sharesFile):
@@ -5103,7 +5117,8 @@ def htmlRemoveSharedItem(translate: {}, baseDir: str,
     sharesStr += \
         '  <p class="followText">' + translate['Remove'] + \
         ' ' + sharedItemDisplayName + ' ?</p>'
-    sharesStr += '  <form method="POST" action="' + actor + '/rmshare">'
+    postActor = getUrlPath(actor, domainFull, callingDomain)
+    sharesStr += '  <form method="POST" action="' + postActor + '/rmshare">'
     sharesStr += '    <input type="hidden" name="actor" value="' + actor + '">'
     sharesStr += '    <input type="hidden" name="shareName" value="' + \
         shareName + '">'

From b9cbbdb9c8de68140cdf348dbece47115059822a Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 21:41:25 +0100
Subject: [PATCH 14/18] Comment

---
 webinterface.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/webinterface.py b/webinterface.py
index d62f12cad..b607f7111 100644
--- a/webinterface.py
+++ b/webinterface.py
@@ -81,6 +81,7 @@ from followingCalendar import receivingCalendarEvents
 
 def getUrlPath(actor: str, domainFull: str, callingDomain: str) -> str:
     """Returns path from url
+    eg. https://somedomain/users/bob becomes /users/bob
     """
     postActor = actor
     if callingDomain not in actor and domainFull in actor:

From ad55ea6f970b42430c18c80fc0521860e4a24d7d Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 21:44:20 +0100
Subject: [PATCH 15/18] Rename function

---
 webinterface.py | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/webinterface.py b/webinterface.py
index b607f7111..85faa020b 100644
--- a/webinterface.py
+++ b/webinterface.py
@@ -79,9 +79,9 @@ from petnames import getPetName
 from followingCalendar import receivingCalendarEvents
 
 
-def getUrlPath(actor: str, domainFull: str, callingDomain: str) -> str:
-    """Returns path from url
-    eg. https://somedomain/users/bob becomes /users/bob
+def getAltPath(actor: str, domainFull: str, callingDomain: str) -> str:
+    """Returns alternate path from the actor
+    eg. https://clearnetdomain/path becomes http://oniondomain/path
     """
     postActor = actor
     if callingDomain not in actor and domainFull in actor:
@@ -552,7 +552,7 @@ def htmlSearchSharedItems(translate: {},
                             sharedItemsForm += '</p></div>'
                             if not resultsExist and currPage > 1:
                                 postActor = \
-                                    getUrlPath(actor, domainFull,
+                                    getAltPath(actor, domainFull,
                                                callingDomain)
                                 # previous page link, needs to be a POST
                                 sharedItemsForm += \
@@ -585,7 +585,7 @@ def htmlSearchSharedItems(translate: {},
                             currPage += 1
                             if currPage > pageNumber:
                                 postActor = \
-                                    getUrlPath(actor, domainFull,
+                                    getAltPath(actor, domainFull,
                                                callingDomain)
                                 # next page link, needs to be a POST
                                 sharedItemsForm += \
@@ -5118,7 +5118,7 @@ def htmlRemoveSharedItem(translate: {}, baseDir: str,
     sharesStr += \
         '  <p class="followText">' + translate['Remove'] + \
         ' ' + sharedItemDisplayName + ' ?</p>'
-    postActor = getUrlPath(actor, domainFull, callingDomain)
+    postActor = getAltPath(actor, domainFull, callingDomain)
     sharesStr += '  <form method="POST" action="' + postActor + '/rmshare">'
     sharesStr += '    <input type="hidden" name="actor" value="' + actor + '">'
     sharesStr += '    <input type="hidden" name="shareName" value="' + \
@@ -5192,7 +5192,7 @@ def htmlDeletePost(recentPostsCache: {}, maxRecentPosts: int,
             '  <p class="followText">' + \
             translate['Delete this post?'] + '</p>'
 
-        postActor = getUrlPath(actor, domainFull, callingDomain)
+        postActor = getAltPath(actor, domainFull, callingDomain)
         deletePostStr += \
             '  <form method="POST" action="' + postActor + '/rmpost">'
         deletePostStr += \
@@ -5256,7 +5256,7 @@ def htmlCalendarDeleteConfirm(translate: {}, baseDir: str,
         deletePostStr += '  <p class="followText">' + \
             translate['Delete this event'] + '</p>'
 
-        postActor = getUrlPath(actor, domainFull, callingDomain)
+        postActor = getAltPath(actor, domainFull, callingDomain)
         deletePostStr += \
             '  <form method="POST" action="' + postActor + '/rmpost">'
         deletePostStr += '    <input type="hidden" name="year" value="' + \

From e61e8bb21b841666dfeb9cff8e0e7ebabaaeaa37 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 22:01:08 +0100
Subject: [PATCH 16/18] More descriptive

---
 inbox.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/inbox.py b/inbox.py
index 20496828e..5b96a53fa 100644
--- a/inbox.py
+++ b/inbox.py
@@ -1913,11 +1913,11 @@ def inboxUpdateCalendar(baseDir: str, handle: str, postJsonObject: {}) -> None:
     actor = postJsonObject['actor']
     actorNickname = getNicknameFromActor(actor)
     actorDomain, actorPort = getDomainFromActor(actor)
+    handleNickname = handle.split('@')[0]
+    handleDomain = handle.split('@')[1]
     if not receivingCalendarEvents(baseDir,
-                                   handle.split('@')[0],
-                                   handle.split('@')[1],
-                                   actorNickname,
-                                   actorDomain):
+                                   handleNickname, handleDomain,
+                                   actorNickname, actorDomain):
         return
     for tagDict in postJsonObject['object']['tag']:
         if tagDict['type'] != 'Event':

From e007168cd6c3d39e67a869a438ac1fb4db2fc9ee Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 23:36:52 +0100
Subject: [PATCH 17/18] Check for type field

---
 inbox.py | 2 ++
 posts.py | 3 +--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/inbox.py b/inbox.py
index 5b96a53fa..c8545e49a 100644
--- a/inbox.py
+++ b/inbox.py
@@ -1920,6 +1920,8 @@ def inboxUpdateCalendar(baseDir: str, handle: str, postJsonObject: {}) -> None:
                                    actorNickname, actorDomain):
         return
     for tagDict in postJsonObject['object']['tag']:
+        if not tagDict.get('type'):
+            continue
         if tagDict['type'] != 'Event':
             continue
         if not tagDict.get('startTime'):
diff --git a/posts.py b/posts.py
index 8dd550806..dfcfc100f 100644
--- a/posts.py
+++ b/posts.py
@@ -1918,8 +1918,7 @@ def addToField(activityType: str, postJsonObject: {},
 
 
 def sendToNamedAddresses(session, baseDir: str,
-                         nickname: str,
-                         domain: str,
+                         nickname: str, domain: str,
                          onionDomain: str, i2pDomain: str, port: int,
                          httpPrefix: str, federationList: [],
                          sendThreads: [], postLog: [],

From e94a58074881c94ecf07978366b6f6e9a9d33b6e Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Jul 2020 23:39:30 +0100
Subject: [PATCH 18/18] Allow reminders

---
 followingCalendar.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/followingCalendar.py b/followingCalendar.py
index 86ee92b67..f414634b7 100644
--- a/followingCalendar.py
+++ b/followingCalendar.py
@@ -15,6 +15,9 @@ def receivingCalendarEvents(baseDir: str, nickname: str, domain: str,
     """Returns true if receiving calendar events from the given
     account from following.txt
     """
+    if followingNickname == nickname and followingDomain == domain:
+        # reminder post
+        return True
     calendarFilename = baseDir + '/accounts/' + \
         nickname + '@' + domain + '/followingCalendar.txt'
     handle = followingNickname + '@' + followingDomain