From aa56023788812ca8071bee8c3fd8064d0fa6c628 Mon Sep 17 00:00:00 2001 From: Daniel Friesel Date: Thu, 2 Mar 2023 21:54:17 +0100 Subject: [PATCH] user_status redirect: check visibility independent of token --- lib/Travelynx/Controller/Traveling.pm | 43 ++++++++++++--------------- 1 file changed, 19 insertions(+), 24 deletions(-) diff --git a/lib/Travelynx/Controller/Traveling.pm b/lib/Travelynx/Controller/Traveling.pm index 6a8e1f9..e627ae5 100755 --- a/lib/Travelynx/Controller/Traveling.pm +++ b/lib/Travelynx/Controller/Traveling.pm @@ -528,32 +528,27 @@ sub user_status { ) ) { - my $token = $self->param('token'); - if ($token) { - my $visibility = $self->compute_effective_visibility( - $user->{default_visibility_str}, - $journey->{visibility_str} - ); - if ( - $visibility eq 'public' - or ( $visibility eq 'unlisted' - and $self->journey_token_ok( $journey, $ts ) ) - or ( - $visibility eq 'travelynx' - and ( $self->is_user_authenticated - or $self->journey_token_ok( $journey, $ts ) ) - ) - ) - { - $self->redirect_to( - "/p/${name}/j/$journey->{id}?token=${token}-${ts}"); - } - else { - $self->render('not_found'); - } + my $visibility + = $self->compute_effective_visibility( + $user->{default_visibility_str}, + $journey->{visibility_str} ); + if ( + $visibility eq 'public' + or ( $visibility eq 'unlisted' + and $self->journey_token_ok( $journey, $ts ) ) + or ( + $visibility eq 'travelynx' + and ( $self->is_user_authenticated + or $self->journey_token_ok( $journey, $ts ) ) + ) + ) + { + my $token = $self->param('token') // q{}; + $self->redirect_to( + "/p/${name}/j/$journey->{id}?token=${token}-${ts}"); } else { - $self->redirect_to("/p/${name}/j/$journey->{id}"); + $self->render('not_found'); } return; }