|
@@ -1,5 +1,7 @@
|
1
|
1
|
import logging
|
|
2
|
+import shlex
|
2
|
3
|
import subprocess
|
|
4
|
+import unicodedata
|
3
|
5
|
|
4
|
6
|
from flask import Flask, request
|
5
|
7
|
|
|
@@ -12,6 +14,11 @@ def setup_logging():
|
12
|
14
|
app.logger.setLevel(logging.INFO)
|
13
|
15
|
|
14
|
16
|
|
|
17
|
+def sanitize_input(input):
|
|
18
|
+ input = "".join(ch for ch in input if unicodedata.category(ch)[0] != "C")
|
|
19
|
+ return shlex.quote(input.replace('^', ''))
|
|
20
|
+
|
|
21
|
+
|
15
|
22
|
@app.route('/chat/', methods=['POST'])
|
16
|
23
|
def send_chat():
|
17
|
24
|
if request.method == 'POST':
|
|
@@ -20,11 +27,17 @@ def send_chat():
|
20
|
27
|
if not request.form.get('say-text', None):
|
21
|
28
|
return 'No message to send!', 422
|
22
|
29
|
if request.form.get('say-username', None):
|
23
|
|
- subprocess.call(['/usr/bin/screen', '-S', 'mc-panic-shack', '-p', '0', '-X', 'stuff',
|
24
|
|
- '/say [{}]: {}\015'.format(request.form['say-username'], request.form['say-text'])])
|
|
30
|
+ subprocess.call([
|
|
31
|
+ '/usr/bin/screen', '-S', 'mc-panic-shack', '-p', '0', '-X', 'stuff',
|
|
32
|
+ '/say [{}]: {}\015'.format(
|
|
33
|
+ sanitize_input(request.form['say-username']),
|
|
34
|
+ sanitize_input(request.form['say-text']))
|
|
35
|
+ ])
|
25
|
36
|
else:
|
26
|
|
- subprocess.call(['/usr/bin/screen', '-S', 'mc-panic-shack', '-p', '0', '-X', 'stuff',
|
27
|
|
- '/say {}\015'.format(request.form['say-text'])])
|
|
37
|
+ subprocess.call([
|
|
38
|
+ '/usr/bin/screen', '-S', 'mc-panic-shack', '-p', '0', '-X', 'stuff',
|
|
39
|
+ '/say {}\015'.format(sanitize_input(request.form['say-text']))
|
|
40
|
+ ])
|
28
|
41
|
return 'Sending chat: ' + request.form.get('say-username', '') + ': ' + request.form['say-text']
|
29
|
42
|
|
30
|
43
|
if __name__ == "__main__":
|