diff options
| author | Vika Shleina <vika@fireburn.ru> | 2021-07-19 10:32:42 +0300 |
|---|---|---|
| committer | Vika Shleina <vika@fireburn.ru> | 2021-07-19 10:55:32 +0300 |
| commit | 47c3b54d1d0b276fb87d1b4b71a584e0e0c7b43d (patch) | |
| tree | 9b9b9d2512a91da502187d17cb9c1e5dce398009 /src/micropub | |
| parent | 8399371adc5c48e1847061deee1936c0d64f2a85 (diff) | |
| download | kittybox-47c3b54d1d0b276fb87d1b4b71a584e0e0c7b43d.tar.zst | |
Relaxed anti-takeover URL check to simply not place redirects at foreign URLs
Diffstat (limited to 'src/micropub')
| -rw-r--r-- | src/micropub/post.rs | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/src/micropub/post.rs b/src/micropub/post.rs index 639346b..eaa603a 100644 --- a/src/micropub/post.rs +++ b/src/micropub/post.rs @@ -171,12 +171,7 @@ pub async fn new_post<S: Storage>( // This software might also be used in a multi-user setting // where several users or identities share one Micropub server // (maybe a family website or a shitpost sideblog?) - if post["properties"]["url"] - .as_array() - .unwrap() - .iter() - .any(|url| !url.as_str().unwrap().starts_with(user.me.as_str())) - || !post["properties"]["uid"][0] + if !post["properties"]["uid"][0] .as_str() .unwrap() .starts_with(user.me.as_str()) @@ -209,7 +204,7 @@ pub async fn new_post<S: Storage>( Err(err) => return Ok(err.into()), } - if let Err(err) = storage.put_post(&post).await { + if let Err(err) = storage.put_post(&post, user.me.as_str()).await { return error_json!(500, "database_error", format!("{}", err)); } @@ -303,7 +298,7 @@ async fn create_feed( }), &user, ); - storage.put_post(&feed).await + storage.put_post(&feed, user.me.as_str()).await } async fn post_process_new_post<S: Storage>( |