From aa56023788812ca8071bee8c3fd8064d0fa6c628 Mon Sep 17 00:00:00 2001
From: Daniel Friesel <derf@finalrewind.org>
Date: Thu, 2 Mar 2023 21:54:17 +0100
Subject: user_status redirect: check visibility independent of token

---
 lib/Travelynx/Controller/Traveling.pm | 43 ++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 24 deletions(-)

diff --git a/lib/Travelynx/Controller/Traveling.pm b/lib/Travelynx/Controller/Traveling.pm
index 6a8e1f9..e627ae5 100755
--- a/lib/Travelynx/Controller/Traveling.pm
+++ b/lib/Travelynx/Controller/Traveling.pm
@@ -528,32 +528,27 @@ sub user_status {
 			)
 		  )
 		{
-			my $token = $self->param('token');
-			if ($token) {
-				my $visibility = $self->compute_effective_visibility(
-					$user->{default_visibility_str},
-					$journey->{visibility_str}
-				);
-				if (
-					$visibility eq 'public'
-					or (    $visibility eq 'unlisted'
-						and $self->journey_token_ok( $journey, $ts ) )
-					or (
-						$visibility eq 'travelynx'
-						and (  $self->is_user_authenticated
-							or $self->journey_token_ok( $journey, $ts ) )
-					)
-				  )
-				{
-					$self->redirect_to(
-						"/p/${name}/j/$journey->{id}?token=${token}-${ts}");
-				}
-				else {
-					$self->render('not_found');
-				}
+			my $visibility
+			  = $self->compute_effective_visibility(
+				$user->{default_visibility_str},
+				$journey->{visibility_str} );
+			if (
+				$visibility eq 'public'
+				or (    $visibility eq 'unlisted'
+					and $self->journey_token_ok( $journey, $ts ) )
+				or (
+					$visibility eq 'travelynx'
+					and (  $self->is_user_authenticated
+						or $self->journey_token_ok( $journey, $ts ) )
+				)
+			  )
+			{
+				my $token = $self->param('token') // q{};
+				$self->redirect_to(
+					"/p/${name}/j/$journey->{id}?token=${token}-${ts}");
 			}
 			else {
-				$self->redirect_to("/p/${name}/j/$journey->{id}");
+				$self->render('not_found');
 			}
 			return;
 		}
-- 
cgit v1.2.3