From 7bbb636993ef664a19e890e37fba2a18e942defe Mon Sep 17 00:00:00 2001
From: quenousimporte <quenousimporte@riseup.net>
Date: Thu, 21 Sep 2023 08:55:22 +0200
Subject: [PATCH] fix(py): improve security by checking curl output upon saving

---
 cli/app.py  | 6 +++++-
 handler.php | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/cli/app.py b/cli/app.py
index 801ee37..24bc301 100644
--- a/cli/app.py
+++ b/cli/app.py
@@ -64,7 +64,11 @@ def savedata():
 		newdata = readtextfile("data/data.acs")
 		postdata = "action=push&password=" + settings["password"] + "&data=" + urllib.parse.quote_plus(newdata)
 		writetextfile("data/postdata", postdata)
-		subprocess.call(["curl", "-X", "POST", "-d", "@data/postdata", settings["url"] + "/handler.php"])
+		output = subprocess.check_output(["curl", "-X", "POST", "-d", "@data/postdata", settings["url"] + "/handler.php"]).decode("utf-8")
+		print("curl output: " + output)
+		if output != '{"result": "ok"}':
+			if ask("Save failed. Try again?"):
+				savedata()
 	else:
 		writetextfile("data/local.json", json.dumps(data))
 
diff --git a/handler.php b/handler.php
index 676b025..e4db0ad 100644
--- a/handler.php
+++ b/handler.php
@@ -36,7 +36,7 @@ else if (isset($_POST['action']))
 			}
 			else
 			{
-				echo '{}';
+				echo '{"result": "ok"}';
 			}
 		break;