add checkPrivs to work with perms system for in-browser loans

diff --git a/BookReaderIA/datanode/BookReaderGetTextWrapper.php b/BookReaderIA/datanode/BookReaderGetTextWrapper.php
index 8e3fd25..03d6367 100644 (file)
--- a/BookReaderIA/datanode/BookReaderGetTextWrapper.php
+++ b/BookReaderIA/datanode/BookReaderGetTextWrapper.php
@@ -22,9 +22,20 @@ This file is part of BookReader.
 */
 
 //$env = 'LD_LIBRARY_PATH=/petabox/sw/lib/lxml/lib PYTHONPATH=/petabox/sw/lib/lxml/lib/python2.5/site-packages:$PYTHONPATH';
+
+checkPrivs($_GET['path']);
+
 $path     = escapeshellarg($_GET['path']);
 $page     = escapeshellarg($_GET['page']);
 $callback = escapeshellarg($_GET['callback']);
+
 header('Content-Type: application/javascript');
 passthru("python BookReaderGetText.py $path $page $callback");
+
+function checkPrivs($filename) {
+    if (!is_readable($filename)) {        
+        header('HTTP/1.1 403 Forbidden');
+        exit(0);
+    }
+}
 ?>