indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Check that actor owns the object to be deleted

master
Bob Mottram 2019-07-11 22:42:15 +01:00
parent ab475f05f6
commit 93eefb1601
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
inbox.py
View File

@ -472,6 +472,9 @@ def receiveDelete(session,handle: str,baseDir: str, \
if debug: if debug:
print('DEBUG: "statuses" missing from object in '+messageJson['type']) print('DEBUG: "statuses" missing from object in '+messageJson['type'])
return False return False
if messageJson['actor'] not in messageJson['object']:
if debug:
print('DEBUG: actor is not the owner of the post to be deleted')
if not os.path.isdir(baseDir+'/accounts/'+handle): if not os.path.isdir(baseDir+'/accounts/'+handle):
print('DEBUG: unknown recipient of like - '+handle) print('DEBUG: unknown recipient of like - '+handle)
# if this post in the outbox of the person? # if this post in the outbox of the person?
@ -480,7 +483,7 @@ def receiveDelete(session,handle: str,baseDir: str, \
if debug: if debug:
print('DEBUG: delete post not found in inbox or outbox') print('DEBUG: delete post not found in inbox or outbox')
print(messageJson['object']) print(messageJson['object'])
return True return True
os.remove(postFilename) os.remove(postFilename)
if debug: if debug:
print('DEBUG: post deleted - '+postFilename) print('DEBUG: post deleted - '+postFilename)