From 59243e9b581cfc2e0a186e2a295853569f506d1e Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@libreserver.org>
Date: Mon, 19 May 2025 11:23:23 +0100
Subject: [PATCH] Reject attempts to get python files

---
 daemon_get.py  | 6 ++++++
 daemon_post.py | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/daemon_get.py b/daemon_get.py
index 0cba9ae0d..116c56b1e 100644
--- a/daemon_get.py
+++ b/daemon_get.py
@@ -311,6 +311,12 @@ def daemon_http_get(self) -> None:
         http_404(self, 145)
         return
 
+    # py
+    if self.path.endswith('.py'):
+        print('GET HTTP Attempt to access Python file ' + self.path)
+        http_404(self, 146)
+        return
+
     if contains_invalid_chars(str(self.headers)):
         print('GET HTTP headers contain invalid characters ' +
               str(self.headers))
diff --git a/daemon_post.py b/daemon_post.py
index ba76759c9..33db6ef48 100644
--- a/daemon_post.py
+++ b/daemon_post.py
@@ -122,6 +122,12 @@ def daemon_http_post(self) -> None:
         http_404(self, 146)
         return
 
+    # py
+    if self.path.endswith('.py'):
+        print('POST HTTP Attempt to access Python file ' + self.path)
+        http_404(self, 146)
+        return
+
     calling_domain = self.server.domain_full
     if self.headers.get('Host'):
         calling_domain = decoded_host(self.headers['Host'])