Check privs when searching. See https://bugs.edge.launchpad.net/bookreader/+bug...

author Michael Ang <mang@archive.org>

Mon, 3 May 2010 23:06:54 +0000 (23:06 +0000)

committer Michael Ang <mang@archive.org>

Mon, 3 May 2010 23:06:54 +0000 (23:06 +0000)
author Michael Ang <mang@archive.org>
Mon, 3 May 2010 23:06:54 +0000 (23:06 +0000)
committer Michael Ang <mang@archive.org>
Mon, 3 May 2010 23:06:54 +0000 (23:06 +0000)
diff --git a/BookReaderIA/datanode/flipbook_search_br.php b/BookReaderIA/datanode/flipbook_search_br.php

index 90ef2c6..ea95e52 100644 (file)
--- a/BookReaderIA/datanode/flipbook_search_br.php
+++ b/BookReaderIA/datanode/flipbook_search_br.php
@@ -136,6 +136,8 @@ else
    fatal("Unknown format request. ");
  }
   
+// Ensure file is readable
+checkPrivs($url);
  
  // This looks like where we load the djvu.xml - $$$ and rapidly exhaust memory for large books such as OED
  if (!($document = file_get_contents($url)))
@@ -309,5 +311,12 @@ function debug_msg($msg, $level)
    }
  }
  
+function checkPrivs($filename) {
+    if (!is_readable($filename)) {
+        header('HTTP/1.1 403 Forbidden');
+        exit(0);
+    }
+}
+
  
  ?>
author	Michael Ang <mang@archive.org>
	Mon, 3 May 2010 23:06:54 +0000 (23:06 +0000)
committer	Michael Ang <mang@archive.org>
	Mon, 3 May 2010 23:06:54 +0000 (23:06 +0000)