*/
//$env = 'LD_LIBRARY_PATH=/petabox/sw/lib/lxml/lib PYTHONPATH=/petabox/sw/lib/lxml/lib/python2.5/site-packages:$PYTHONPATH';
-$path=$_GET['path'];
-$page=$_GET['page'];
-$callback=$_GET['callback'];
+
+checkPrivs($_GET['path']);
+
+$path = escapeshellarg($_GET['path']);
+$page = escapeshellarg($_GET['page']);
+$callback = escapeshellarg($_GET['callback']);
+
+header('Content-Type: application/javascript');
passthru("python BookReaderGetText.py $path $page $callback");
-?>
\ No newline at end of file
+
+function checkPrivs($filename) {
+ if (!is_readable($filename)) {
+ header('HTTP/1.1 403 Forbidden');
+ exit(0);
+ }
+}
+?>