#44: Allow arbitrary end-user requests

This commit is contained in:
Benjamin Loison 2023-02-22 17:48:24 +01:00
parent 7626c7bad1
commit f44ee4b3c1
Signed by: Benjamin_Loison
SSH Key Fingerprint: SHA256:BtnEgYTlHdOg1u+RmYcDE0mnfz1rhv5dSbQ2gyxW8B8
2 changed files with 4 additions and 6 deletions

View File

@ -12,7 +12,7 @@ See <?php echoUrl('https://gitea.lemnoslife.com/Benjamin_Loison/YouTube_captions
Access raw data with: <?php echoUrl('channels/'); ?>.
<form id="form">
<input type="text" autofocus id="search" pattern="[A-Za-z0-9-_ ]+" placeholder="Your [A-Za-z0-9-_ ]+ search"></input>
<input type="text" autofocus id="search" placeholder="Your search"></input>
<input type="submit" id="search" value="Search">
<input type="submit" id="search-only-captions" value="Search only captions">
</form>

View File

@ -92,10 +92,8 @@ class MyProcess implements MessageComponentInterface
public function onMessage(ConnectionInterface $from, $msg)
{
// As we are going to use this argument in a shell command, we verify a limited set of characters that are safe once quoted.
if (preg_match("/^[a-zA-Z0-9-_ ]+$/", $msg) !== 1) {
return;
}
// As we are going to use this argument in a shell command, we escape it.
$msg = escapeshellarg($msg);
$client = $this->clients->offsetGet($from);
// If a previous request was received, we execute the new one with another client for simplicity otherwise with current file deletion approach, we can't tell the worker `search.py` that we don't care about its execution anymore.
if ($client->pid !== null) {
@ -109,7 +107,7 @@ class MyProcess implements MessageComponentInterface
file_put_contents($clientFilePath, '');
// Start the independent worker.
// Redirecting `stdout` is mandatory otherwise `exec` is blocking.
$client->pid = exec("./search.py $clientId '$msg' > /dev/null & echo $!");
$client->pid = exec("./search.py $clientId $msg > /dev/null & echo $!");
// `addTimer` doesn't enable us to use independently `$from->send` multiple times with blocking instructions between.
$client->timer = $this->loop->addPeriodicTimer(1, function () use ($from, $clientId, $clientFilePath, $client) {
echo "Checking news from $clientId\n";