only allow big M to forge new content
This commit is contained in:
Ted Unangst
parent
16d05c5eea
commit
bf505478ce
2 changed files with 5 additions and 2 deletions
5
fun.go
5
fun.go
|
|
@ -385,7 +385,7 @@ func thoudostbitethythumb(userid int64, who []string, objid string) bool {
|
|||
return false
|
||||
}
|
||||
|
||||
func keymatch(keyname string, actor string, userid int64) bool {
|
||||
func keymatch(keyname string, actor string, what string, userid int64) bool {
|
||||
hash := strings.IndexByte(keyname, '#')
|
||||
if hash == -1 {
|
||||
hash = len(keyname)
|
||||
|
|
@ -394,6 +394,9 @@ func keymatch(keyname string, actor string, userid int64) bool {
|
|||
if owner == actor {
|
||||
return true
|
||||
}
|
||||
if what != "Create" {
|
||||
return false
|
||||
}
|
||||
row := stmtHasHonker.QueryRow(owner, userid)
|
||||
var id int64
|
||||
err := row.Scan(&id)
|
||||
|
|
|
|||
2
honk.go
2
honk.go
|
|
@ -314,7 +314,7 @@ func inbox(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
who, _ := jsongetstring(j, "actor")
|
||||
if !keymatch(keyname, who, user.ID) {
|
||||
if !keymatch(keyname, who, what, user.ID) {
|
||||
log.Printf("keyname actor mismatch: %s <> %s", keyname, who)
|
||||
return
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue