quenousimporte
/
notes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(py): improve security by checking curl output upon saving

This commit is contained in:
quenousimporte 2023-09-21 08:55:22 +02:00
parent 8985683bb9
commit 7bbb636993
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cli/app.py
View File

@ -64,7 +64,11 @@ def savedata():
newdata = readtextfile("data/data.acs") newdata = readtextfile("data/data.acs")
postdata = "action=push&password=" + settings["password"] + "&data=" + urllib.parse.quote_plus(newdata) postdata = "action=push&password=" + settings["password"] + "&data=" + urllib.parse.quote_plus(newdata)
writetextfile("data/postdata", postdata) writetextfile("data/postdata", postdata)
subprocess.call(["curl", "-X", "POST", "-d", "@data/postdata", settings["url"] + "/handler.php"]) output = subprocess.check_output(["curl", "-X", "POST", "-d", "@data/postdata", settings["url"] + "/handler.php"]).decode("utf-8")
print("curl output: " + output)
if output != '{"result": "ok"}':
if ask("Save failed. Try again?"):
savedata()
else: else:
writetextfile("data/local.json", json.dumps(data)) writetextfile("data/local.json", json.dumps(data))

2
handler.php
View File

@ -36,7 +36,7 @@ else if (isset($_POST['action']))
} }
else else
{ {
echo '{}'; echo '{"result": "ok"}';
} }
break; break;