projects
/
bookreader.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
e299332
)
Check privs when searching. See https://bugs.edge.launchpad.net/bookreader/+bug...
author
Michael Ang
<mang@archive.org>
Mon, 3 May 2010 23:06:54 +0000
(23:06 +0000)
committer
Michael Ang
<mang@archive.org>
Mon, 3 May 2010 23:06:54 +0000
(23:06 +0000)
BookReaderIA/datanode/flipbook_search_br.php
patch
|
blob
|
history
diff --git
a/BookReaderIA/datanode/flipbook_search_br.php
b/BookReaderIA/datanode/flipbook_search_br.php
index
90ef2c6
..
ea95e52
100644
(file)
--- a/
BookReaderIA/datanode/flipbook_search_br.php
+++ b/
BookReaderIA/datanode/flipbook_search_br.php
@@
-136,6
+136,8
@@
else
fatal("Unknown format request. ");
}
+// Ensure file is readable
+checkPrivs($url);
// This looks like where we load the djvu.xml - $$$ and rapidly exhaust memory for large books such as OED
if (!($document = file_get_contents($url)))
@@
-309,5
+311,12
@@
function debug_msg($msg, $level)
}
}
+function checkPrivs($filename) {
+ if (!is_readable($filename)) {
+ header('HTTP/1.1 403 Forbidden');
+ exit(0);
+ }
+}
+
?>