From c9e5a248269f01f82fd5095021414183504c3d11 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 25 Nov 2019 11:04:27 +0000 Subject: [PATCH] Remove likes,shares,replies and bookmarks for unauthorized requests on individual posts --- daemon.py | 16 ++++++++++++++++ posts.py | 2 +- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/daemon.py b/daemon.py index e55586f8..444a49a9 100644 --- a/daemon.py +++ b/daemon.py @@ -2113,6 +2113,22 @@ class PubServer(BaseHTTPRequestHandler): if not authorized: if postJsonObject.get('likes'): postJsonObject['likes']={'items': []} + if postJsonObject.get('shares'): + postJsonObject['shares']={} + if postJsonObject.get('replies'): + postJsonObject['replies']={} + if postJsonObject.get('bookmarks'): + postJsonObject['bookmarks']={} + if postJsonObject.get('object'): + if isinstance(postJsonObject['object'], dict): + if postJsonObject['object'].get('likes'): + postJsonObject['object']['likes']={'items': []} + if postJsonObject['object'].get('shares'): + postJsonObject['object']['shares']={} + if postJsonObject['object'].get('replies'): + postJsonObject['object']['replies']={} + if postJsonObject['object'].get('bookmarks'): + postJsonObject['object']['bookmarks']={} if self._requestHTTP(): msg= \ htmlIndividualPost(self.server.recentPostsCache, \ diff --git a/posts.py b/posts.py index 8461d9c1..23497a00 100644 --- a/posts.py +++ b/posts.py @@ -2227,7 +2227,7 @@ def createBoxIndexed(recentPostsCache: {}, \ if p.get('object'): if isinstance(p['object'], dict): if p['object'].get('likes'): - p['likes']={} + p['likes']={'items': []} if p['object'].get('replies'): p['replies']={} if p['object'].get('shares'):