From 87c274dd3004b7183748c80163447cfbb9f2f964 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Tue, 27 Oct 2020 20:01:30 +0000 Subject: [PATCH] Check authorization --- daemon.py | 44 +++++++++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/daemon.py b/daemon.py index 3c3084309..a647650fc 100644 --- a/daemon.py +++ b/daemon.py @@ -9434,30 +9434,32 @@ class PubServer(BaseHTTPRequestHandler): 'permitted directory', 'login shown done') - if authorized and htmlGET and '/users/' in self.path and \ + if htmlGET and '/users/' in self.path and \ self.path.endswith('/newswiremobile'): - nickname = getNicknameFromActor(self.path) - if not nickname: - self._404() + if (authorized or (not authorized and '/users/news/' in self.path)): + nickname = getNicknameFromActor(self.path) + if not nickname: + self._404() + self.server.GETbusy = False + return + timelinePath = \ + '/users/' + nickname + '/' + self.server.defaultTimeline + showPublishAsIcon = self.server.showPublishAsIcon + msg = htmlNewswireMobile(self.server.baseDir, + nickname, + self.server.domain, + self.server.domainFull, + self.server.httpPrefix, + self.server.translate, + self.server.newswire, + self.server.positiveVoting, + timelinePath, + showPublishAsIcon).encode('utf-8') + self._set_headers('text/html', len(msg), + cookie, callingDomain) + self._write(msg) self.server.GETbusy = False return - timelinePath = \ - '/users/' + nickname + '/' + self.server.defaultTimeline - showPublishAsIcon = self.server.showPublishAsIcon - msg = htmlNewswireMobile(self.server.baseDir, - nickname, - self.server.domain, - self.server.domainFull, - self.server.httpPrefix, - self.server.translate, - self.server.newswire, - self.server.positiveVoting, - timelinePath, - showPublishAsIcon).encode('utf-8') - self._set_headers('text/html', len(msg), cookie, callingDomain) - self._write(msg) - self.server.GETbusy = False - return if authorized and htmlGET and '/users/' in self.path and \ self.path.endswith('/linksmobile'):