diff options
author | ꦌꦫꦶꦏ꧀ꦦꦿꦧꦮꦑꦩꦭ꧀ <erik@darapsa.co.id> | 2023-05-15 10:43:46 +0800 |
---|---|---|
committer | ꦌꦫꦶꦏ꧀ꦦꦿꦧꦮꦑꦩꦭ꧀ <erik@darapsa.co.id> | 2023-05-15 10:43:46 +0800 |
commit | 42ad93d1f6e7dbca2264c2cf62db3b8c79a5120b (patch) | |
tree | ef64244afb7df437e848ae1642424324d21fd7ed | |
parent | 33c252c6b2f509b6420c24d610dd99a15cda5593 (diff) |
POST copies contents so quantity doesn't leak
-rw-r--r-- | ord.c | 4 | ||||
-rw-r--r-- | request.c | 8 |
2 files changed, 9 insertions, 3 deletions
@@ -15,7 +15,7 @@ void interchange_ord_order(const char *sku, const char *item, do { length++; } while ((qty /= 10)); - char qty_str[length + 1]; + char *qty_str = malloc(length + 1); sprintf(qty_str, "%d", quantity); request(parser, NULL, &(struct body){ 4, { { "mv_action", "refresh" }, @@ -34,7 +34,7 @@ void interchange_ord_update(const char *name, const unsigned int quantity, do { length++; } while ((qty /= 10)); - char qty_str[length + 1]; + char *qty_str = malloc(length + 1); sprintf(qty_str, "%d", quantity); request(parser, NULL, &(struct body){ 4 + (nextpage ? 1 : 0), { { "mv_quantity_update", "1" }, @@ -134,6 +134,8 @@ void request(void (*handler)(interchange_response *), void (*callback)(void *), if (i) strcat(post, "&"); sprintf(post, "%s%s=%s", post, pair.key, pair.value); + if (!strncmp(pair.key, "quantity", 8)) + free(pair.value); } strcpy(attr.requestMethod, "POST"); static const char *headers[] = { "Content-Type", @@ -173,7 +175,11 @@ void request(void (*handler)(interchange_response *), void (*callback)(void *), struct pair pair = body->pairs[i]; if (!pair.value) continue; - curl_formadd(&post, &last, CURLFORM_COPYNAME, pair.key, CURLFORM_PTRCONTENTS, pair.value, CURLFORM_END); + curl_formadd(&post, &last, CURLFORM_COPYNAME, pair.key, + CURLFORM_COPYCONTENTS, pair.value, + CURLFORM_END); + if (!strncmp(pair.key, "quantity", 8)) + free(pair.value); } last = NULL; curl_easy_setopt(curl, CURLOPT_HTTPPOST, post); |