mirror of https://gitlab.com/bashrc2/epicyon
				
				
				
			Only send paths to POST, not full urls
							parent
							
								
									5fb01a6368
								
							
						
					
					
						commit
						9cfb556922
					
				|  | @ -1643,7 +1643,8 @@ class PubServer(BaseHTTPRequestHandler): | |||
|                 self.server.domainFull + usersPath | ||||
|             msg = htmlRemoveSharedItem(self.server.translate, | ||||
|                                        self.server.baseDir, | ||||
|                                        actor, shareName).encode('utf-8') | ||||
|                                        actor, shareName, | ||||
|                                        callingDomain).encode('utf-8') | ||||
|             if not msg: | ||||
|                 if callingDomain.endswith('.onion') and \ | ||||
|                    self.server.onionDomain: | ||||
|  | @ -7065,7 +7066,7 @@ class PubServer(BaseHTTPRequestHandler): | |||
|                                               maxPostsInFeed, | ||||
|                                               self.server.httpPrefix, | ||||
|                                               self.server.domainFull, | ||||
|                                               actorStr) | ||||
|                                               actorStr, callingDomain) | ||||
|                     if sharedItemsStr: | ||||
|                         msg = sharedItemsStr.encode('utf-8') | ||||
|                         self._login_headers('text/html', | ||||
|  |  | |||
|  | @ -452,7 +452,8 @@ def htmlSearchSharedItems(translate: {}, | |||
|                           pageNumber: int, | ||||
|                           resultsPerPage: int, | ||||
|                           httpPrefix: str, | ||||
|                           domainFull: str, actor: str) -> str: | ||||
|                           domainFull: str, actor: str, | ||||
|                           callingDomain: str) -> str: | ||||
|     """Search results for shared items | ||||
|     """ | ||||
|     iconsDir = getIconsDir(baseDir) | ||||
|  | @ -549,9 +550,13 @@ def htmlSearchSharedItems(translate: {}, | |||
|                                     translate['Remove'] + '</button></a>' | ||||
|                             sharedItemsForm += '</p></div>' | ||||
|                             if not resultsExist and currPage > 1: | ||||
|                                 postActor = \ | ||||
|                                     getUrlPath(actor, domainFull, | ||||
|                                                callingDomain) | ||||
|                                 # previous page link, needs to be a POST | ||||
|                                 sharedItemsForm += \ | ||||
|                                     '<form method="POST" action="' + actor + \ | ||||
|                                     '<form method="POST" action="' + \ | ||||
|                                     postActor + \ | ||||
|                                     '/searchhandle?page=' + \ | ||||
|                                     str(pageNumber - 1) + '">' | ||||
|                                 sharedItemsForm += \ | ||||
|  | @ -578,9 +583,13 @@ def htmlSearchSharedItems(translate: {}, | |||
|                         if ctr >= resultsPerPage: | ||||
|                             currPage += 1 | ||||
|                             if currPage > pageNumber: | ||||
|                                 postActor = \ | ||||
|                                     getUrlPath(actor, domainFull, | ||||
|                                                callingDomain) | ||||
|                                 # next page link, needs to be a POST | ||||
|                                 sharedItemsForm += \ | ||||
|                                     '<form method="POST" action="' + actor + \ | ||||
|                                     '<form method="POST" action="' + \ | ||||
|                                     postActor + \ | ||||
|                                     '/searchhandle?page=' + \ | ||||
|                                     str(pageNumber + 1) + '">' | ||||
|                                 sharedItemsForm += \ | ||||
|  | @ -5060,12 +5069,17 @@ def htmlPostReplies(recentPostsCache: {}, maxRecentPosts: int, | |||
| 
 | ||||
| 
 | ||||
| def htmlRemoveSharedItem(translate: {}, baseDir: str, | ||||
|                          actor: str, shareName: str) -> str: | ||||
|                          actor: str, shareName: str, | ||||
|                          callingDomain: str) -> str: | ||||
|     """Shows a screen asking to confirm the removal of a shared item | ||||
|     """ | ||||
|     itemID = getValidSharedItemID(shareName) | ||||
|     nickname = getNicknameFromActor(actor) | ||||
|     domain, port = getDomainFromActor(actor) | ||||
|     domainFull = domain | ||||
|     if port: | ||||
|         if port != 80 and port != 443: | ||||
|             domainFull = domain + ':' + str(port) | ||||
|     sharesFile = baseDir + '/accounts/' + \ | ||||
|         nickname + '@' + domain + '/shares.json' | ||||
|     if not os.path.isfile(sharesFile): | ||||
|  | @ -5103,7 +5117,8 @@ def htmlRemoveSharedItem(translate: {}, baseDir: str, | |||
|     sharesStr += \ | ||||
|         '  <p class="followText">' + translate['Remove'] + \ | ||||
|         ' ' + sharedItemDisplayName + ' ?</p>' | ||||
|     sharesStr += '  <form method="POST" action="' + actor + '/rmshare">' | ||||
|     postActor = getUrlPath(actor, domainFull, callingDomain) | ||||
|     sharesStr += '  <form method="POST" action="' + postActor + '/rmshare">' | ||||
|     sharesStr += '    <input type="hidden" name="actor" value="' + actor + '">' | ||||
|     sharesStr += '    <input type="hidden" name="shareName" value="' + \ | ||||
|         shareName + '">' | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue