mj-saunders
/
epicyon
forked from indymedia/epicyon
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Check that authorized path corresponds with the post being deleted

master
Bob Mottram 2019-08-27 13:49:53 +01:00
parent 3d01f3c2af
commit be84d50759
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
daemon.py
View File

@ -2592,17 +2592,18 @@ class PubServer(BaseHTTPRequestHandler):
removeMessageId=removeMessageId.split('&')[0] removeMessageId=removeMessageId.split('&')[0]
if '/statuses/' in removeMessageId: if '/statuses/' in removeMessageId:
removePostActor=removeMessageId.split('/statuses/')[0] removePostActor=removeMessageId.split('/statuses/')[0]
deleteJson= { if originPathStr in removePostActor:
"@context": "https://www.w3.org/ns/activitystreams", deleteJson= {
'actor': removePostActor, "@context": "https://www.w3.org/ns/activitystreams",
'object': removeMessageId, 'actor': removePostActor,
'to': ['https://www.w3.org/ns/activitystreams#Public',removePostActor], 'object': removeMessageId,
'cc': [removePostActor+'/followers'], 'to': ['https://www.w3.org/ns/activitystreams#Public',removePostActor],
'type': 'Delete' 'cc': [removePostActor+'/followers'],
} 'type': 'Delete'
if self.server.debug: }
pprint(deleteJson) if self.server.debug:
self._postToOutbox(deleteJson) pprint(deleteJson)
self._postToOutbox(deleteJson)
self._redirect_headers(originPathStr+'/outbox',cookie) self._redirect_headers(originPathStr+'/outbox',cookie)
self.server.POSTbusy=False self.server.POSTbusy=False
return return