. */ $id = $_REQUEST['id']; $uuid = $_REQUEST['uuid']; $token = $_REQUEST['token']; $bookPath = $_REQUEST['bookPath']; $olHost = $_REQUEST['olHost']; if (!preg_match('/^\d{10}-[0-9a-f]{32}$/', $token)) { fatal(); } //if (!preg_match('/^[0-9a-f]{32}$/', $uuid)) { if (!preg_match('/^\S{1,128}$/', $uuid)) { fatal(); } if (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\.\-_]{1,100}$/', $id)) { fatal(); } if (!preg_match("|^/stream/$id|", $bookPath)) { fatal(); } setcookie('br-loan-' . $id, $uuid, 0, '/', '.archive.org'); setcookie('loan-' . $id, $token, 0, '/', '.archive.org'); setcookie('ol-host', $olHost, 0, '/', '.archive.org'); header('Location: ' . $bookPath); function fatal() { echo "Malformed request."; die(-1); } ?>