mj-saunders
/
epicyon
forked from indymedia/epicyon
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Test for permitted posts

master
Bob Mottram 2019-06-28 21:35:34 +01:00
parent 27099e6450
commit 8e81d4b7df
1 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
daemon.py
View File

@ -77,6 +77,20 @@ class PubServer(BaseHTTPRequestHandler):
return False return False
return True return True
def _permittedMessage(self,message):
""" check that we are posting to a permitted domain
"""
testParam='actor'
if not message.get(testParam):
return False
actor=message[testParam]
permittedDomain=False
for domain in allowedDomains:
if domain in actor:
permittedDomain=True
break
return permittedDomain
def do_GET(self): def do_GET(self):
if not self.permittedDir(self.path): if not self.permittedDir(self.path):
self._404() self._404()
@ -127,6 +141,9 @@ class PubServer(BaseHTTPRequestHandler):
length = int(self.headers.getheader('content-length')) length = int(self.headers.getheader('content-length'))
message = json.loads(self.rfile.read(length)) message = json.loads(self.rfile.read(length))
if not self._permittedMessage(message):
self._404()
else:
# add a property to the object, just to mess with data # add a property to the object, just to mess with data
message['received'] = 'ok' message['received'] = 'ok'