only allow big M to forge new content
This commit is contained in:
Ted Unangst
parent
16d05c5eea
commit
bf505478ce
5
fun.go
5
fun.go
|
|
@ -385,7 +385,7 @@ func thoudostbitethythumb(userid int64, who []string, objid string) bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
func keymatch(keyname string, actor string, userid int64) bool {
|
func keymatch(keyname string, actor string, what string, userid int64) bool {
|
||||||
hash := strings.IndexByte(keyname, '#')
|
hash := strings.IndexByte(keyname, '#')
|
||||||
if hash == -1 {
|
if hash == -1 {
|
||||||
hash = len(keyname)
|
hash = len(keyname)
|
||||||
|
|
@ -394,6 +394,9 @@ func keymatch(keyname string, actor string, userid int64) bool {
|
||||||
if owner == actor {
|
if owner == actor {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
if what != "Create" {
|
||||||
|
return false
|
||||||
|
}
|
||||||
row := stmtHasHonker.QueryRow(owner, userid)
|
row := stmtHasHonker.QueryRow(owner, userid)
|
||||||
var id int64
|
var id int64
|
||||||
err := row.Scan(&id)
|
err := row.Scan(&id)
|
||||||
|
|
|
||||||
2
honk.go
2
honk.go
|
|
@ -314,7 +314,7 @@ func inbox(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
who, _ := jsongetstring(j, "actor")
|
who, _ := jsongetstring(j, "actor")
|
||||||
if !keymatch(keyname, who, user.ID) {
|
if !keymatch(keyname, who, what, user.ID) {
|
||||||
log.Printf("keyname actor mismatch: %s <> %s", keyname, who)
|
log.Printf("keyname actor mismatch: %s <> %s", keyname, who)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue