Check that authorized path corresponds with the post being deleted

2019-08-27 13:49:53 +01:00 · 2019-08-27 13:49:53 +01:00 · be84d50759
parent 3d01f3c2af
commit be84d50759
1 changed files with 12 additions and 11 deletions
--- a/daemon.py
+++ b/daemon.py
@ -2592,6 +2592,7 @@ class PubServer(BaseHTTPRequestHandler):
                    removeMessageId=removeMessageId.split('&')[0]
                if '/statuses/' in removeMessageId:
                    removePostActor=removeMessageId.split('/statuses/')[0]
+                if originPathStr in removePostActor:
                    deleteJson= {
                        "@context": "https://www.w3.org/ns/activitystreams",
                        'actor': removePostActor,