mj-saunders
/
epicyon
forked from indymedia/epicyon
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Authorized default to inbox

main2
Bob Mottram 2019-10-23 23:27:52 +01:00
parent fdb26967b3
commit 204c9905c4
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
daemon.py
View File

@ -613,9 +613,12 @@ class PubServer(BaseHTTPRequestHandler):
tokenStr=self.headers['Cookie'].split('=',1)[1] tokenStr=self.headers['Cookie'].split('=',1)[1]
if self.server.tokensLookup.get(tokenStr): if self.server.tokensLookup.get(tokenStr):
nickname=self.server.tokensLookup[tokenStr] nickname=self.server.tokensLookup[tokenStr]
# default to the inbox of the person
if self.path=='/':
self.path='/users/'+nickname+'/inbox'
# check that the path contains the same nickname as the cookie # check that the path contains the same nickname as the cookie
# otherwise it would be possible to be authorized to use # otherwise it would be possible to be authorized to use
# an account you don't own # an account you don't own
if '/'+nickname+'/' in self.path: if '/'+nickname+'/' in self.path:
return True return True
if self.path.endswith('/'+nickname): if self.path.endswith('/'+nickname):