From 2d0f584c2e934387f2938d015d3a6784588b543a Mon Sep 17 00:00:00 2001
From: ralphwetzel <theonionbox@gmx.com>
Date: Sat, 19 Nov 2016 15:06:13 +0100
Subject: [PATCH] Fixed an issue that allowed access to the raw template files
 under special conditions.

---
 theonionbox/stamp.txt      |  2 +-
 theonionbox/theonionbox.py | 24 +++++++++++++++++-------
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/theonionbox/stamp.txt b/theonionbox/stamp.txt
index 93b9a0c..7d78464 100644
--- a/theonionbox/stamp.txt
+++ b/theonionbox/stamp.txt
@@ -1 +1 @@
-20161105|141353
\ No newline at end of file
+20161119|150401
\ No newline at end of file
diff --git a/theonionbox/theonionbox.py b/theonionbox/theonionbox.py
index e5c0bcb..d189af7 100644
--- a/theonionbox/theonionbox.py
+++ b/theonionbox/theonionbox.py
@@ -2,7 +2,7 @@
 from __future__ import absolute_import
 from __future__ import print_function
 
-__version__ = '3.0.3'      # stamp will be added later
+__version__ = '3.0.4'      # stamp will be added later
 __description__ = 'The Onion Box: WebInterface to monitor Tor Relays and Bridges'
 
 
@@ -1290,9 +1290,14 @@ def send_css(session_id, filename):
     if filename in session['stylesheets']:
         if filename in session:
             file = session[filename]
-            del session[filename]
-            headers = {'Content-Type': 'text/css; charset=UTF-8'}
-            return HTTPResponse(file, **headers)
+            # 3.0.4
+            session[filename] = None
+            if file is None:
+                # This happens when the file is requested more than once!
+                raise HTTPError(404)
+            else:
+                headers = {'Content-Type': 'text/css; charset=UTF-8'}
+                return HTTPResponse(file, **headers)
 
         elif filename == 'bootstrap.css':
             return static_file(bootstrapCSS, root=bootstrapDir + '/css', mimetype='text/css')
@@ -1315,9 +1320,14 @@ def send_js(session_id, filename):
     if filename in session['scripts']:
         if filename in session:
             file = session[filename]
-            del session[filename]
-            headers = {'Content-Type': 'application/javascript; charset=UTF-8'}
-            return HTTPResponse(file, **headers)
+            # 3.0.4
+            session[filename] = None
+            if file is None:
+                # This happens when the file is requested more than once!
+                raise HTTPError(404)
+            else:
+                headers = {'Content-Type': 'application/javascript; charset=UTF-8'}
+                return HTTPResponse(file, **headers)
 
         elif filename == 'bootstrap.js':
             return static_file(bootstrapJS, root=bootstrapDir + '/js', mimetype='text/javascript')