X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=BookReaderIA%2Fdatanode%2FBookReaderGetTextWrapper.php;h=03d6367b5eda4bf913194bef677bbdf490ce3c2e;hb=ceb1ecd0ab3d4cd22cbc5e86eff76df6f759ddd6;hp=8e3fd25e001d54e69a7c74466e20065b130bf29a;hpb=f46f1f50b0e5f87c7ab744f2e6bbf867a2502c59;p=bookreader.git

diff --git a/BookReaderIA/datanode/BookReaderGetTextWrapper.php b/BookReaderIA/datanode/BookReaderGetTextWrapper.php
index 8e3fd25..03d6367 100644
--- a/BookReaderIA/datanode/BookReaderGetTextWrapper.php
+++ b/BookReaderIA/datanode/BookReaderGetTextWrapper.php
@@ -22,9 +22,20 @@ This file is part of BookReader.
 */
 
 //$env = 'LD_LIBRARY_PATH=/petabox/sw/lib/lxml/lib PYTHONPATH=/petabox/sw/lib/lxml/lib/python2.5/site-packages:$PYTHONPATH';
+
+checkPrivs($_GET['path']);
+
 $path     = escapeshellarg($_GET['path']);
 $page     = escapeshellarg($_GET['page']);
 $callback = escapeshellarg($_GET['callback']);
+
 header('Content-Type: application/javascript');
 passthru("python BookReaderGetText.py $path $page $callback");
+
+function checkPrivs($filename) {
+    if (!is_readable($filename)) {        
+        header('HTTP/1.1 403 Forbidden');
+        exit(0);
+    }
+}
 ?>