inside Habbie's mind

Entries in the Category “python”

importing toggl.com Time Entries CSV in iWork Numbers

written by peter, on Oct 22, 2011 7:53:00 PM.

When trying to put a time report together for a client, to attach to an invoice, I figured getting a CSV from toggl would be a good start. As it turns out, their CSV is not entirely suitable for importing in Numbers.

This script fixes the CSV up in a few ways:

  • it puts a single quote character in front of all timestamp fields - without it, Numbers will interpret the dates and, for me, it is confused about day field vs. month field
  • it sorts the CSV by start time, ascending instead of descending

Code: (download here) 

#!/usr/bin/env python
import csv
import sys
import operator

r = csv.reader(sys.stdin)
rows=[]
for row in r:
        row[5] = "'%s" % row[5]
        row[6] = "'%s" % row[6]
        row[7] = "'%s" % row[7]
        rows.append(row)

rows = [rows[0]] + sorted(
       rows[1:],
       key=operator.itemgetter(5)
)

w = csv.writer(sys.stdout)
for row in rows:
        w.writerow(row)
The script may be useful for Excel users too, I have not checked.

Categories: internet, python, raves, software | Tagged as: csv, excel, numbers, python, toggl | 0 comments

disabling the family filter on Dailymotion for iPhone/iPad

written by peter, on Jan 31, 2011 6:07:00 AM.

The Dailymotion REST APIs currently honour the family_filter cookie that their user-facing website uses to manage filter settings. This makes the API, effectively, not RESTful because there is state involved.

The bigger implication however, is that injecting one cookie (family_filter=off) into your iPhone/iPad-application will fully disable the family filter for that client. This would be, I suspect, a violation of Apple App Store guidelines. Of course, if people do this for their own devices, nobody cares. However, this issue would allow a competent malicious third party (or a dedicated teenager ;)) to silently enable the viewing of adult material on a device that is expected to be family-safe.

Note that jailbreaking or similar hacks are not needed to exploit this issue. Hijacking traffic at the network level, or simply pointing the iPhone/iPad’s proxy configuration to a specifically prepared server, is enough.

(On a sidenote, the iPad/iPhone app uses an older REST API that does not conform to the current API docs and also does not use HTTPS, making this issue slightly easier to exploit).

Simple working example of such a specifically prepared server: 

from twisted.web import server, resource
from twisted.internet import reactor

from twisted.python import log
import sys
log.startLogging(sys.stdout)

class Simple(resource.Resource):
    isLeaf = True
    def render_GET(self, request):
        request.addCookie(
            "family_filter",
            "off",
            path="/",
            expires="Tue, 24-Jan-2012 22:26:22 GMT"
        )
        return "{}"

site = server.Site(Simple())
reactor.listenTCP(8080, site)
reactor.run()

I doubt Dailymotion is the first or only iOS app that can be influenced by getting some cookies in. Will we see more of this?

Categories: internet, python, random thoughts, software | Tagged as: cookie, dailymotion, ios | 3 comments

Pages

Latest Posts

Archive

Proudly powered by Zine.