1.1 --- a/imiptools/handlers/resource.py Wed Oct 29 01:05:08 2014 +0100
1.2 +++ b/imiptools/handlers/resource.py Wed Oct 29 18:46:58 2014 +0100
1.3 @@ -57,7 +57,12 @@
1.4 if not oa:
1.5 return None
1.6
1.7 - (organiser, organiser_attr), attendees = oa
1.8 + organiser_item, attendees = oa
1.9 +
1.10 + # Validate the organiser, ignoring spoofed requests.
1.11 +
1.12 + if not self.validate_identities([organiser_item]):
1.13 + return None
1.14
1.15 # Process each attendee separately.
1.16
1.17 @@ -119,7 +124,12 @@
1.18 if not oa:
1.19 return None
1.20
1.21 - (organiser, organiser_attr), attendees = oa
1.22 + (organiser, organiser_attr), attendees = organiser_item, attendees = oa
1.23 +
1.24 + # Validate the organiser, ignoring spoofed requests.
1.25 +
1.26 + if not self.validate_identities([organiser_item]):
1.27 + return None
1.28
1.29 # Construct an appropriate fragment.
1.30