only allow big M to forge new content

This commit is contained in:
Ted Unangst 2019-04-28 23:26:12 -04:00
parent 16d05c5eea
commit bf505478ce
2 changed files with 5 additions and 2 deletions

5
fun.go
View File

@ -385,7 +385,7 @@ func thoudostbitethythumb(userid int64, who []string, objid string) bool {
return false
}
func keymatch(keyname string, actor string, userid int64) bool {
func keymatch(keyname string, actor string, what string, userid int64) bool {
hash := strings.IndexByte(keyname, '#')
if hash == -1 {
hash = len(keyname)
@ -394,6 +394,9 @@ func keymatch(keyname string, actor string, userid int64) bool {
if owner == actor {
return true
}
if what != "Create" {
return false
}
row := stmtHasHonker.QueryRow(owner, userid)
var id int64
err := row.Scan(&id)

View File

@ -314,7 +314,7 @@ func inbox(w http.ResponseWriter, r *http.Request) {
return
}
who, _ := jsongetstring(j, "actor")
if !keymatch(keyname, who, user.ID) {
if !keymatch(keyname, who, what, user.ID) {
log.Printf("keyname actor mismatch: %s <> %s", keyname, who)
return
}