projects
/
bookreader.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
For old loans, the uuid is actually a text string, not a uuid.
[bookreader.git]
/
BookReaderIA
/
www
/
BookReaderAuth.php
diff --git
a/BookReaderIA/www/BookReaderAuth.php
b/BookReaderIA/www/BookReaderAuth.php
index
878a6b6
..
04f25f7
100644
(file)
--- a/
BookReaderIA/www/BookReaderAuth.php
+++ b/
BookReaderIA/www/BookReaderAuth.php
@@
-18,16
+18,17
@@
This file is part of BookReader.
along with BookReader. If not, see <http://www.gnu.org/licenses/>.
*/
along with BookReader. If not, see <http://www.gnu.org/licenses/>.
*/
-$id = $_
PO
ST['id'];
-$uuid = $_
PO
ST['uuid'];
-$token = $_
PO
ST['token'];
-$bookPath = $_
PO
ST['bookPath'];
+$id = $_
REQUE
ST['id'];
+$uuid = $_
REQUE
ST['uuid'];
+$token = $_
REQUE
ST['token'];
+$bookPath = $_
REQUE
ST['bookPath'];
if (!preg_match('/^\d{10}-[0-9a-f]{32}$/', $token)) {
fatal();
}
if (!preg_match('/^\d{10}-[0-9a-f]{32}$/', $token)) {
fatal();
}
-if (!preg_match('/^[0-9a-f]{32}$/', $uuid)) {
+//if (!preg_match('/^[0-9a-f]{32}$/', $uuid)) {
+if (!preg_match('/^\S{1,128}$/', $uuid)) {
fatal();
}
fatal();
}