projects
/
bookreader.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
0afd0ad
)
add checkPrivs to work with perms system for in-browser loans
author
rajbot
<raj@archive.org>
Thu, 11 Nov 2010 22:46:44 +0000
(22:46 +0000)
committer
rajbot
<raj@archive.org>
Thu, 11 Nov 2010 22:46:44 +0000
(22:46 +0000)
BookReaderIA/datanode/BookReaderGetTextWrapper.php
patch
|
blob
|
history
diff --git
a/BookReaderIA/datanode/BookReaderGetTextWrapper.php
b/BookReaderIA/datanode/BookReaderGetTextWrapper.php
index
8e3fd25
..
03d6367
100644
(file)
--- a/
BookReaderIA/datanode/BookReaderGetTextWrapper.php
+++ b/
BookReaderIA/datanode/BookReaderGetTextWrapper.php
@@
-22,9
+22,20
@@
This file is part of BookReader.
*/
//$env = 'LD_LIBRARY_PATH=/petabox/sw/lib/lxml/lib PYTHONPATH=/petabox/sw/lib/lxml/lib/python2.5/site-packages:$PYTHONPATH';
*/
//$env = 'LD_LIBRARY_PATH=/petabox/sw/lib/lxml/lib PYTHONPATH=/petabox/sw/lib/lxml/lib/python2.5/site-packages:$PYTHONPATH';
+
+checkPrivs($_GET['path']);
+
$path = escapeshellarg($_GET['path']);
$page = escapeshellarg($_GET['page']);
$callback = escapeshellarg($_GET['callback']);
$path = escapeshellarg($_GET['path']);
$page = escapeshellarg($_GET['page']);
$callback = escapeshellarg($_GET['callback']);
+
header('Content-Type: application/javascript');
passthru("python BookReaderGetText.py $path $page $callback");
header('Content-Type: application/javascript');
passthru("python BookReaderGetText.py $path $page $callback");
+
+function checkPrivs($filename) {
+ if (!is_readable($filename)) {
+ header('HTTP/1.1 403 Forbidden');
+ exit(0);
+ }
+}
?>
?>