From 9cfb556922097453edc850205349566fc0adc246 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 11 Jul 2020 21:31:25 +0100 Subject: [PATCH] Only send paths to POST, not full urls --- daemon.py | 5 +++-- webinterface.py | 25 ++++++++++++++++++++----- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/daemon.py b/daemon.py index 112e5c9f6..15ecc1c5a 100644 --- a/daemon.py +++ b/daemon.py @@ -1643,7 +1643,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.domainFull + usersPath msg = htmlRemoveSharedItem(self.server.translate, self.server.baseDir, - actor, shareName).encode('utf-8') + actor, shareName, + callingDomain).encode('utf-8') if not msg: if callingDomain.endswith('.onion') and \ self.server.onionDomain: @@ -7065,7 +7066,7 @@ class PubServer(BaseHTTPRequestHandler): maxPostsInFeed, self.server.httpPrefix, self.server.domainFull, - actorStr) + actorStr, callingDomain) if sharedItemsStr: msg = sharedItemsStr.encode('utf-8') self._login_headers('text/html', diff --git a/webinterface.py b/webinterface.py index 26683ac9d..d62f12cad 100644 --- a/webinterface.py +++ b/webinterface.py @@ -452,7 +452,8 @@ def htmlSearchSharedItems(translate: {}, pageNumber: int, resultsPerPage: int, httpPrefix: str, - domainFull: str, actor: str) -> str: + domainFull: str, actor: str, + callingDomain: str) -> str: """Search results for shared items """ iconsDir = getIconsDir(baseDir) @@ -549,9 +550,13 @@ def htmlSearchSharedItems(translate: {}, translate['Remove'] + '' sharedItemsForm += '

' if not resultsExist and currPage > 1: + postActor = \ + getUrlPath(actor, domainFull, + callingDomain) # previous page link, needs to be a POST sharedItemsForm += \ - '
' sharedItemsForm += \ @@ -578,9 +583,13 @@ def htmlSearchSharedItems(translate: {}, if ctr >= resultsPerPage: currPage += 1 if currPage > pageNumber: + postActor = \ + getUrlPath(actor, domainFull, + callingDomain) # next page link, needs to be a POST sharedItemsForm += \ - '' sharedItemsForm += \ @@ -5060,12 +5069,17 @@ def htmlPostReplies(recentPostsCache: {}, maxRecentPosts: int, def htmlRemoveSharedItem(translate: {}, baseDir: str, - actor: str, shareName: str) -> str: + actor: str, shareName: str, + callingDomain: str) -> str: """Shows a screen asking to confirm the removal of a shared item """ itemID = getValidSharedItemID(shareName) nickname = getNicknameFromActor(actor) domain, port = getDomainFromActor(actor) + domainFull = domain + if port: + if port != 80 and port != 443: + domainFull = domain + ':' + str(port) sharesFile = baseDir + '/accounts/' + \ nickname + '@' + domain + '/shares.json' if not os.path.isfile(sharesFile): @@ -5103,7 +5117,8 @@ def htmlRemoveSharedItem(translate: {}, baseDir: str, sharesStr += \ '

' + translate['Remove'] + \ ' ' + sharedItemDisplayName + ' ?

' - sharesStr += ' ' + postActor = getUrlPath(actor, domainFull, callingDomain) + sharesStr += ' ' sharesStr += ' ' sharesStr += ' '