@@ 15,6 15,8 @@ def handle_api(request, callback=None, k
)
required = ('command', 'hash')
+ valid_commands = ('CREATE', 'REMOVE', 'COMPLETE')
+
cf_key = getattr(settings, key_name)
for req in required:
if req not in request.POST:
@@ 24,7 26,10 @@ def handle_api(request, callback=None, k
in_hash = request.POST.get('hash')
command = request.POST.get('command')
_hash = hashlib.sha1(cf_key + command).hexdigest()
-
+
+ if command not in valid_commands:
+ return HttpResponse(ERROR_STR % 'Invalid command sent')
+
if _hash != in_hash:
return HttpResponse(ERROR_STR % 'Invalid hash sent')