From a45c1ce152011e8fe25eb1d25594ac5705f65404 Mon Sep 17 00:00:00 2001
From: rako
Date: Fri, 28 Nov 2025 10:37:49 +0100
Subject: Fix user matching

In order to be a proper prefix, the actor url must end with a '/'
otherwise it can match another user that starts with the same prefix:
for example 'testuser' will match anything made by 'testuser2'
---
 html.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'html.c')

diff --git a/html.c b/html.c
index 12d269a..d6223b9 100644
--- a/html.c
+++ b/html.c
@@ -1898,7 +1898,7 @@ xs_html *html_entry_controls(snac *user, const char *actor,
                 xs_html_attr("name",     "redir"),
                 xs_html_attr("value",    redir))));
 
-    if (!xs_startswith(id, user->actor)) {
+    if (!is_msg_mine(user, id)) {
         if (xs_list_in(likes, user->md5) == -1) {
             /* not already liked; add button */
             xs_html_add(form,
@@ -2426,7 +2426,7 @@ xs_html *html_entry(snac *user, xs_dict *msg, int read_only,
         if (read_only)
             closed = 1; /* non-identified page; show as closed */
         else
-        if (user && xs_startswith(id, user->actor))
+        if (user && is_msg_mine(user, id))
             closed = 1; /* we questioned; closed for us */
         else
         if (user && was_question_voted(user, id))
@@ -5022,7 +5022,7 @@ int html_post_handler(const xs_dict *req, const char *q_path,
             }
             else {
                 /* delete an entry */
-                if (xs_startswith(id, snac.actor) && !is_draft(&snac, id)) {
+                if (is_msg_mine(&snac, id) && !is_draft(&snac, id)) {
                     /* it's a post by us: generate a delete */
                     xs *msg = msg_delete(&snac, id);
 
-- 
cgit v1.2.3