From 33b30b1be5655ed7319c9aad8b77ad2e1346ebd5 Mon Sep 17 00:00:00 2001
From: Michael Ang <mang@archive.org>
Date: Mon, 3 May 2010 23:06:54 +0000
Subject: [PATCH] Check privs when searching.  See
 https://bugs.edge.launchpad.net/bookreader/+bug/573223

---
 BookReaderIA/datanode/flipbook_search_br.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/BookReaderIA/datanode/flipbook_search_br.php b/BookReaderIA/datanode/flipbook_search_br.php
index 90ef2c6..ea95e52 100644
--- a/BookReaderIA/datanode/flipbook_search_br.php
+++ b/BookReaderIA/datanode/flipbook_search_br.php
@@ -136,6 +136,8 @@ else
   fatal("Unknown format request. ");
 }
  
+// Ensure file is readable
+checkPrivs($url);
 
 // This looks like where we load the djvu.xml - $$$ and rapidly exhaust memory for large books such as OED
 if (!($document = file_get_contents($url)))
@@ -309,5 +311,12 @@ function debug_msg($msg, $level)
   }
 }
 
+function checkPrivs($filename) {
+    if (!is_readable($filename)) {
+        header('HTTP/1.1 403 Forbidden');
+        exit(0);
+    }
+}
+
 
 ?>
-- 
2.20.1