Only send paths to POST, not full urls

main
Bob Mottram 2020-07-11 21:31:25 +01:00
parent 5fb01a6368
commit 9cfb556922
2 changed files with 23 additions and 7 deletions

View File

@ -1643,7 +1643,8 @@ class PubServer(BaseHTTPRequestHandler):
self.server.domainFull + usersPath
msg = htmlRemoveSharedItem(self.server.translate,
self.server.baseDir,
actor, shareName).encode('utf-8')
actor, shareName,
callingDomain).encode('utf-8')
if not msg:
if callingDomain.endswith('.onion') and \
self.server.onionDomain:
@ -7065,7 +7066,7 @@ class PubServer(BaseHTTPRequestHandler):
maxPostsInFeed,
self.server.httpPrefix,
self.server.domainFull,
actorStr)
actorStr, callingDomain)
if sharedItemsStr:
msg = sharedItemsStr.encode('utf-8')
self._login_headers('text/html',

View File

@ -452,7 +452,8 @@ def htmlSearchSharedItems(translate: {},
pageNumber: int,
resultsPerPage: int,
httpPrefix: str,
domainFull: str, actor: str) -> str:
domainFull: str, actor: str,
callingDomain: str) -> str:
"""Search results for shared items
"""
iconsDir = getIconsDir(baseDir)
@ -549,9 +550,13 @@ def htmlSearchSharedItems(translate: {},
translate['Remove'] + '</button></a>'
sharedItemsForm += '</p></div>'
if not resultsExist and currPage > 1:
postActor = \
getUrlPath(actor, domainFull,
callingDomain)
# previous page link, needs to be a POST
sharedItemsForm += \
'<form method="POST" action="' + actor + \
'<form method="POST" action="' + \
postActor + \
'/searchhandle?page=' + \
str(pageNumber - 1) + '">'
sharedItemsForm += \
@ -578,9 +583,13 @@ def htmlSearchSharedItems(translate: {},
if ctr >= resultsPerPage:
currPage += 1
if currPage > pageNumber:
postActor = \
getUrlPath(actor, domainFull,
callingDomain)
# next page link, needs to be a POST
sharedItemsForm += \
'<form method="POST" action="' + actor + \
'<form method="POST" action="' + \
postActor + \
'/searchhandle?page=' + \
str(pageNumber + 1) + '">'
sharedItemsForm += \
@ -5060,12 +5069,17 @@ def htmlPostReplies(recentPostsCache: {}, maxRecentPosts: int,
def htmlRemoveSharedItem(translate: {}, baseDir: str,
actor: str, shareName: str) -> str:
actor: str, shareName: str,
callingDomain: str) -> str:
"""Shows a screen asking to confirm the removal of a shared item
"""
itemID = getValidSharedItemID(shareName)
nickname = getNicknameFromActor(actor)
domain, port = getDomainFromActor(actor)
domainFull = domain
if port:
if port != 80 and port != 443:
domainFull = domain + ':' + str(port)
sharesFile = baseDir + '/accounts/' + \
nickname + '@' + domain + '/shares.json'
if not os.path.isfile(sharesFile):
@ -5103,7 +5117,8 @@ def htmlRemoveSharedItem(translate: {}, baseDir: str,
sharesStr += \
' <p class="followText">' + translate['Remove'] + \
' ' + sharedItemDisplayName + ' ?</p>'
sharesStr += ' <form method="POST" action="' + actor + '/rmshare">'
postActor = getUrlPath(actor, domainFull, callingDomain)
sharesStr += ' <form method="POST" action="' + postActor + '/rmshare">'
sharesStr += ' <input type="hidden" name="actor" value="' + actor + '">'
sharesStr += ' <input type="hidden" name="shareName" value="' + \
shareName + '">'