statianzo
/
honk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

only allow big M to forge new content

Browse Source
master
Ted Unangst 5 years ago
parent 16d05c5eea
commit bf505478ce
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File

5
fun.go
Unescape View File

@ -385,7 +385,7 @@ func thoudostbitethythumb(userid int64, who []string, objid string) bool {
return false return false
} }
func keymatch(keyname string, actor string, userid int64) bool { func keymatch(keyname string, actor string, what string, userid int64) bool {
hash := strings.IndexByte(keyname, '#') hash := strings.IndexByte(keyname, '#')
if hash == -1 { if hash == -1 {
hash = len(keyname) hash = len(keyname)
@ -394,6 +394,9 @@ func keymatch(keyname string, actor string, userid int64) bool {
if owner == actor { if owner == actor {
return true return true
} }
if what != "Create" {
return false
}
row := stmtHasHonker.QueryRow(owner, userid) row := stmtHasHonker.QueryRow(owner, userid)
var id int64 var id int64
err := row.Scan(&id) err := row.Scan(&id)

2
honk.go
Unescape View File

@ -314,7 +314,7 @@ func inbox(w http.ResponseWriter, r *http.Request) {
return return
} }
who, _ := jsongetstring(j, "actor") who, _ := jsongetstring(j, "actor")
if !keymatch(keyname, who, user.ID) { if !keymatch(keyname, who, what, user.ID) {
log.Printf("keyname actor mismatch: %s <> %s", keyname, who) log.Printf("keyname actor mismatch: %s <> %s", keyname, who)
return return
} }

Write Preview
Loading…
Cancel
Save