diff --git a/daemon_get_css.py b/daemon_get_css.py index 4159be5b5..dadab8ef6 100644 --- a/daemon_get_css.py +++ b/daemon_get_css.py @@ -14,6 +14,7 @@ from httpcodes import http_404 from httpcodes import write2 from httpheaders import set_headers_etag from httpheaders import set_headers +from utils import string_ends_with from utils import get_css from fitnessFunctions import fitness_performance from daemon_utils import etag_exists @@ -69,10 +70,8 @@ def get_fonts(self, calling_domain: str, path: str, """Returns a font """ font_str = path.split('/fonts/')[1] - if font_str.endswith('.otf') or \ - font_str.endswith('.ttf') or \ - font_str.endswith('.woff') or \ - font_str.endswith('.woff2'): + possible_extensions = ('.otf', '.ttf', '.woff', '.woff2') + if string_ends_with(font_str, possible_extensions): if font_str.endswith('.otf'): font_type = 'font/otf' elif font_str.endswith('.ttf'): diff --git a/daemon_post.py b/daemon_post.py index bf44cab81..b9486033f 100644 --- a/daemon_post.py +++ b/daemon_post.py @@ -11,6 +11,7 @@ import time import errno import json from socket import error as SocketError +from utils import string_ends_with from utils import get_config_param from utils import decoded_host from utils import get_new_post_endpoints @@ -705,9 +706,8 @@ def daemon_http_post(self) -> None: '_POST', 'receive post', self.server.debug) - if self.path.endswith('/outbox') or \ - self.path.endswith('/wanted') or \ - self.path.endswith('/shares'): + possible_path_endings = ('/outbox', '/wanted', '/shares') + if string_ends_with(self.path, possible_path_endings): if users_in_path: if authorized: self.outbox_authenticated = True @@ -724,12 +724,10 @@ def daemon_http_post(self) -> None: self.server.debug) # check that the post is to an expected path - if not (self.path.endswith('/outbox') or - self.path.endswith('/inbox') or - self.path.endswith('/wanted') or - self.path.endswith('/shares') or - self.path.endswith('/moderationaction') or - self.path == '/sharedInbox'): + possible_endings = ('/outbox', '/inbox', '/wanted', '/shares', + '/moderationaction') + if not string_ends_with(self.path, possible_endings) and \ + self.path != '/sharedInbox': print('Attempt to POST to invalid path ' + self.path) http_400(self) self.server.postreq_busy = False diff --git a/daemon_post_search.py b/daemon_post_search.py index 4d4525aef..20c7fd1b5 100644 --- a/daemon_post_search.py +++ b/daemon_post_search.py @@ -14,6 +14,7 @@ from utils import get_instance_url from httpcodes import write2 from httpheaders import login_headers from httpheaders import redirect_headers +from utils import string_ends_with from utils import has_users_path from utils import get_nickname_from_actor from utils import get_domain_from_actor @@ -100,6 +101,10 @@ def receive_search_query(self, calling_domain: str, cookie: str, print('search_str: ' + search_str) if search_for_emoji: search_str = ':' + search_str + ':' + my_posts_endings = ( + ' history', ' in sent', ' in outbox', ' in outgoing', + ' in sent items', ' in sent posts', ' in outgoing posts', + ' in my history', ' in my outbox', ' in my posts') if search_str.startswith('#'): nickname = get_nickname_from_actor(actor_str) if not nickname: @@ -186,16 +191,8 @@ def receive_search_query(self, calling_domain: str, cookie: str, self.server.postreq_busy = False return elif (search_str.startswith("'") or - search_str.endswith(' history') or - search_str.endswith(' in sent') or - search_str.endswith(' in outbox') or - search_str.endswith(' in outgoing') or - search_str.endswith(' in sent items') or - search_str.endswith(' in sent posts') or - search_str.endswith(' in outgoing posts') or - search_str.endswith(' in my history') or - search_str.endswith(' in my outbox') or - search_str.endswith(' in my posts')): + string_ends_with(search_str, my_posts_endings)): + # your post history search possible_endings = ( ' in my posts', ' in my history', @@ -213,7 +210,6 @@ def receive_search_query(self, calling_domain: str, cookie: str, if search_str.endswith(poss_ending): search_str = search_str.replace(poss_ending, '') break - # your post history search nickname = get_nickname_from_actor(actor_str) if not nickname: self.send_response(400)