From ff4f644cd073d63ad8bb03b3de671f98039a07e2 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Sat, 28 Mar 2020 21:17:28 +0100
Subject: [PATCH] Fix possible security issue with these cookie files

---
 data/helpers.d/utils | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/data/helpers.d/utils b/data/helpers.d/utils
index 50671dba0..133a47247 100644
--- a/data/helpers.d/utils
+++ b/data/helpers.d/utils
@@ -237,9 +237,14 @@ ynh_local_curl () {
 
     # Wait untils nginx has fully reloaded (avoid curl fail with http2)
     sleep 2
+    
+    local cookiefile=/tmp/ynh-$app-cookie.txt
+    touch $cookiefile
+    chown root $cookiefile
+    chmod 700 $cookiefile
 
     # Curl the URL
-    curl --silent --show-error -kL -H "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url" --cookie-jar /tmp/ynh-$app-cookie.txt --cookie /tmp/ynh-$app-cookie.txt
+    curl --silent --show-error -kL -H "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url" --cookie-jar $cookiefile --cookie $cookiefile
 }
 
 # Render templates with Jinja2