X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=BookReaderIA%2Fwww%2FBookReaderAuth.php;h=04f25f7aab4434016f9a39a89bf874b3552f0d03;hb=d444b1a4d2873e4ff049f3e6d4f65c3276ce132b;hp=79e0ffb64be2e4e18d8e84830e8cf81a38f1412c;hpb=992d13fcf7832c400c58a0ebe1809fa9e6439b6e;p=bookreader.git

diff --git a/BookReaderIA/www/BookReaderAuth.php b/BookReaderIA/www/BookReaderAuth.php
index 79e0ffb..04f25f7 100644
--- a/BookReaderIA/www/BookReaderAuth.php
+++ b/BookReaderIA/www/BookReaderAuth.php
@@ -18,15 +18,35 @@ This file is part of BookReader.
     along with BookReader.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-$id = $_POST['id'];
-$uuid = $_POST['uuid'];
-$token = $_POST['token'];
-$bookPath = $_POST['bookPath'];
+$id = $_REQUEST['id'];
+$uuid = $_REQUEST['uuid'];
+$token = $_REQUEST['token'];
+$bookPath = $_REQUEST['bookPath'];
+
+if (!preg_match('/^\d{10}-[0-9a-f]{32}$/', $token)) {
+    fatal();
+}
+
+//if (!preg_match('/^[0-9a-f]{32}$/', $uuid)) {
+if (!preg_match('/^\S{1,128}$/', $uuid)) {
+    fatal();
+}
+
+if (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\.\-_]{1,100}$/', $id)) {
+    fatal();
+}
+
+if (!preg_match("|^/stream/$id|", $bookPath)) {
+    fatal();
+}
 
-// XXX sanitize incoming params!
 setcookie('br-loan-' . $id, $uuid, 0, '/', '.archive.org');
 setcookie('loan-' . $id, $token, 0, '/', '.archive.org');
 
 header('Location: ' . $bookPath);
 
-?>
\ No newline at end of file
+function fatal() {
+    echo "Malformed request.";
+    die(-1);
+}
+?>