From 4b10eac7b4cbcae211f79b65fc8049bcad221bf9 Mon Sep 17 00:00:00 2001
From: rajbot <raj@archive.org>
Date: Fri, 28 Jan 2011 01:53:17 +0000
Subject: [PATCH] sanitize inputs

---
 BookReaderIA/www/BookReaderAuth.php | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/BookReaderIA/www/BookReaderAuth.php b/BookReaderIA/www/BookReaderAuth.php
index 79e0ffb..878a6b6 100644
--- a/BookReaderIA/www/BookReaderAuth.php
+++ b/BookReaderIA/www/BookReaderAuth.php
@@ -23,10 +23,29 @@ $uuid = $_POST['uuid'];
 $token = $_POST['token'];
 $bookPath = $_POST['bookPath'];
 
-// XXX sanitize incoming params!
+if (!preg_match('/^\d{10}-[0-9a-f]{32}$/', $token)) {
+    fatal();
+}
+
+if (!preg_match('/^[0-9a-f]{32}$/', $uuid)) {
+    fatal();
+}
+
+if (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\.\-_]{1,100}$/', $id)) {
+    fatal();
+}
+
+if (!preg_match("|^/stream/$id|", $bookPath)) {
+    fatal();
+}
+
 setcookie('br-loan-' . $id, $uuid, 0, '/', '.archive.org');
 setcookie('loan-' . $id, $token, 0, '/', '.archive.org');
 
 header('Location: ' . $bookPath);
 
-?>
\ No newline at end of file
+function fatal() {
+    echo "Malformed request.";
+    die(-1);
+}
+?>
-- 
2.20.1