sanitize inputs

author rajbot <raj@archive.org>

Fri, 28 Jan 2011 01:53:17 +0000 (01:53 +0000)

committer rajbot <raj@archive.org>

Fri, 28 Jan 2011 01:53:17 +0000 (01:53 +0000)
author rajbot <raj@archive.org>
Fri, 28 Jan 2011 01:53:17 +0000 (01:53 +0000)
committer rajbot <raj@archive.org>
Fri, 28 Jan 2011 01:53:17 +0000 (01:53 +0000)
diff --git a/BookReaderIA/www/BookReaderAuth.php b/BookReaderIA/www/BookReaderAuth.php

index 79e0ffb..878a6b6 100644 (file)
--- a/BookReaderIA/www/BookReaderAuth.php
+++ b/BookReaderIA/www/BookReaderAuth.php
@@ -23,10 +23,29 @@ $uuid = $_POST['uuid'];
  $token = $_POST['token'];
  $bookPath = $_POST['bookPath'];
  
-// XXX sanitize incoming params!
+if (!preg_match('/^\d{10}-[0-9a-f]{32}$/', $token)) {
+    fatal();
+}
+
+if (!preg_match('/^[0-9a-f]{32}$/', $uuid)) {
+    fatal();
+}
+
+if (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\.\-_]{1,100}$/', $id)) {
+    fatal();
+}
+
+if (!preg_match("|^/stream/$id|", $bookPath)) {
+    fatal();
+}
+
  setcookie('br-loan-' . $id, $uuid, 0, '/', '.archive.org');
  setcookie('loan-' . $id, $token, 0, '/', '.archive.org');
  
  header('Location: ' . $bookPath);
  
-?>
-\ No newline at end of file
+function fatal() {
+    echo "Malformed request.";
+    die(-1);
+}
+?>
author	rajbot <raj@archive.org>
	Fri, 28 Jan 2011 01:53:17 +0000 (01:53 +0000)
committer	rajbot <raj@archive.org>
	Fri, 28 Jan 2011 01:53:17 +0000 (01:53 +0000)