false, 'error' => 'ใช้ POST เท่านั้น'], 405); } $body = require_json_body(); $raw = isset($body['message']) ? trim((string) $body['message']) : ''; if (strlen($raw) > 180) { json_response(['ok' => false, 'error' => 'ข้อความ commit ยาวเกิน 180 ตัวอักษร'], 400); } // กันทำลาย shell / git -m $safe = str_replace(["\n", "\r", "\0", '"', "'", '`', '$', '\\'], '', $raw); $msg = $safe !== '' ? $safe : ('Admin: Gitea justice ' . gmdate('Y-m-d H:i:s') . ' UTC'); $cmd = 'sudo /usr/local/sbin/justice-gitea-sync.sh ' . escapeshellarg($msg) . ' 2>&1'; $output = []; $code = 0; exec($cmd, $output, $code); $log = implode("\n", $output); if ($code !== 0) { json_response([ 'ok' => false, 'error' => 'ซิงค์หรือ push ไม่สำเร็จ', 'exitCode' => $code, 'log' => $log, ], 500); } json_response([ 'ok' => true, 'message' => $msg, 'log' => $log, ]);