flounder

A simple gemini site builder
Log | Files | Refs | README | LICENSE

commit b78509c99c42f8e034d677322eb7ffa727ee7de1
parent 7dbd33126b29caac5ffbfd9fa34ead2afb2a406f
Author: alex wennerberg <alex@alexwennerberg.com>
Date:   Sun, 27 Dec 2020 12:11:24 -0800

Fix nested impersonation

Diffstat:
Mhttp.go | 5+++++
1 file changed, 5 insertions(+), 0 deletions(-)

diff --git a/http.go b/http.go @@ -654,6 +654,11 @@ func adminUserHandler(w http.ResponseWriter, r *http.Request) { if action == "activate" { err = activateUser(userName) } else if action == "impersonate" { + if user.ImpersonatingUser != "" { + // Don't allow nested impersonation + renderError(w, "Cannot nest impersonation, log out from impersonated user first.", 400) + return + } session, _ := SessionStore.Get(r, "cookie-session") session.Values["auth_user"] = userName session.Values["impersonating_user"] = user.Username