From 7bbb636993ef664a19e890e37fba2a18e942defe Mon Sep 17 00:00:00 2001 From: quenousimporte Date: Thu, 21 Sep 2023 08:55:22 +0200 Subject: [PATCH] fix(py): improve security by checking curl output upon saving --- cli/app.py | 6 +++++- handler.php | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/cli/app.py b/cli/app.py index 801ee37..24bc301 100644 --- a/cli/app.py +++ b/cli/app.py @@ -64,7 +64,11 @@ def savedata(): newdata = readtextfile("data/data.acs") postdata = "action=push&password=" + settings["password"] + "&data=" + urllib.parse.quote_plus(newdata) writetextfile("data/postdata", postdata) - subprocess.call(["curl", "-X", "POST", "-d", "@data/postdata", settings["url"] + "/handler.php"]) + output = subprocess.check_output(["curl", "-X", "POST", "-d", "@data/postdata", settings["url"] + "/handler.php"]).decode("utf-8") + print("curl output: " + output) + if output != '{"result": "ok"}': + if ask("Save failed. Try again?"): + savedata() else: writetextfile("data/local.json", json.dumps(data)) diff --git a/handler.php b/handler.php index 676b025..e4db0ad 100644 --- a/handler.php +++ b/handler.php @@ -36,7 +36,7 @@ else if (isset($_POST['action'])) } else { - echo '{}'; + echo '{"result": "ok"}'; } break;