fix(py): improve security by checking curl output upon saving

2023-09-21 08:55:22 +02:00 · 2023-09-21 08:55:22 +02:00 · 7bbb636993
parent 8985683bb9
commit 7bbb636993
2 changed files with 6 additions and 2 deletions
--- a/cli/app.py
+++ b/cli/app.py
@ -64,7 +64,11 @@ def savedata():
 		newdata = readtextfile("data/data.acs")
 		postdata = "action=push&password=" + settings["password"] + "&data=" + urllib.parse.quote_plus(newdata)
 		writetextfile("data/postdata", postdata)
-		subprocess.call(["curl", "-X", "POST", "-d", "@data/postdata", settings["url"] + "/handler.php"])
+		output = subprocess.check_output(["curl", "-X", "POST", "-d", "@data/postdata", settings["url"] + "/handler.php"]).decode("utf-8")
+		print("curl output: " + output)
+		if output != '{"result": "ok"}':
+			if ask("Save failed. Try again?"):
+				savedata()
 	else:
 		writetextfile("data/local.json", json.dumps(data))

--- a/handler.php
+++ b/handler.php
@ -36,7 +36,7 @@ else if (isset($_POST['action']))
 			}
 			else
 			{
-				echo '{}';
+				echo '{"result": "ok"}';
 			}
 		break;