From 9c14ae0fe246bdfb41203b65eaa15906033fcf9e Mon Sep 17 00:00:00 2001 From: Michael Ang Date: Thu, 29 Apr 2010 21:32:48 +0000 Subject: [PATCH] Add privs check to metadata generator. Update unit tests. --- BookReaderIA/datanode/BookReaderMeta.inc.php | 24 +++++++---- BookReaderIA/test/unit/Preview.js | 44 +++++++++++++++++--- 2 files changed, 56 insertions(+), 12 deletions(-) diff --git a/BookReaderIA/datanode/BookReaderMeta.inc.php b/BookReaderIA/datanode/BookReaderMeta.inc.php index a68c4b9..9601a52 100644 --- a/BookReaderIA/datanode/BookReaderMeta.inc.php +++ b/BookReaderIA/datanode/BookReaderMeta.inc.php @@ -83,8 +83,10 @@ class BookReaderMeta { $scanDataFile = "${subItemPath}_scandata.xml"; $scanDataZip = "$itemPath/scandata.zip"; if (file_exists($scanDataFile)) { + $this->checkPrivs($scanDataFile); $scanData = simplexml_load_file($scanDataFile); } else if (file_exists($scanDataZip)) { + $this->checkPrivs($scanDataZip); $cmd = 'unzip -p ' . escapeshellarg($scanDataZip) . ' scandata.xml'; exec($cmd, $output, $retval); if ($retval != 0) { @@ -149,10 +151,10 @@ class BookReaderMeta { } // General metadata - $response['title'] = $metaData->title . ''; // XXX renamed - $response['numPages'] = count($pageNums); // XXX renamed + $response['title'] = $metaData->title . ''; // $$$ renamed + $response['numPages'] = count($pageNums); // $$$ renamed if ('' != $titleLeaf) { - $response['titleLeaf'] = $titleLeaf; // XXX change to titleIndex - do leaf mapping here + $response['titleLeaf'] = $titleLeaf; // $$$ change to titleIndex - do leaf mapping here $titleIndex = $this->indexForLeaf($titleLeaf, $leafNums); if ($titleIndex !== NULL) { $response['titleIndex'] = intval($titleIndex); @@ -165,8 +167,8 @@ class BookReaderMeta { $response['pageNums'] = $pageNums; // Internet Archive specific - $response['itemId'] = $id; // XXX renamed - $response['bookId'] = $bookId; // XXX renamed + $response['itemId'] = $id; // $$$ renamed + $response['bookId'] = $bookId; // $$$ renamed $response['itemPath'] = $itemPath; $response['zip'] = $imageStackFile; $response['server'] = $server; @@ -324,9 +326,9 @@ class BookReaderMeta { } function processRequest($requestEnv) { - $id = $requestEnv['itemId']; // XXX renamed + $id = $requestEnv['itemId']; // $$$ renamed $itemPath = $requestEnv['itemPath']; - $bookId = $requestEnv['bookId']; // XXX renamed + $bookId = $requestEnv['bookId']; // $$$ renamed $server = $requestEnv['server']; // Check if we're on a dev vhost and point to JSIA in the user's public_html on the datanode @@ -339,6 +341,14 @@ class BookReaderMeta { $this->emitResponse( $this->buildMetadata($id, $itemPath, $bookId, $server) ); } + + function checkPrivs($filename) { + if (!is_readable($filename)) { + header('HTTP/1.1 403 Forbidden'); + exit(0); + } + } + } ?> diff --git a/BookReaderIA/test/unit/Preview.js b/BookReaderIA/test/unit/Preview.js index 87e2415..b7222b8 100644 --- a/BookReaderIA/test/unit/Preview.js +++ b/BookReaderIA/test/unit/Preview.js @@ -4,11 +4,15 @@ module("Preview"); -function Book(identifier, previewWidth, coverWidth, titleWidth) { +function Book(identifier, previewWidth, coverWidth, titleWidth, bookId = undefined) { this.identifier = identifier; this.previewWidth = previewWidth; this.coverWidth = coverWidth; this.titleWidth = titleWidth; + if (bookId === undefined) { + bookId = identifier; + } + this.bookId = bookId; } var books = [ @@ -27,7 +31,7 @@ for (index in books) { var book = books[i]; var identifier = book.identifier; - var pageURI = previewURL(identifier, identifier, 'preview'); + var pageURI = previewURL(identifier, book.bookId, 'preview'); var img = new Image(); $(img).bind( 'load error', function(eventObj) { equals(eventObj.type, 'load', 'Load image (' + pageURI + '). Event handler called'); @@ -45,7 +49,7 @@ for (index in books) { var book = books[i]; var identifier = book.identifier; - var pageURI = previewURL(identifier, identifier, 'cover'); + var pageURI = previewURL(identifier, book.bookId, 'cover'); var img = new Image(); $(img).bind( 'load error', function(eventObj) { equals(eventObj.type, 'load', 'Load image (' + pageURI + '). Event handler called'); @@ -63,7 +67,7 @@ for (index in books) { var book = books[i]; var identifier = book.identifier; - var pageURI = previewURL(identifier, identifier, 'title'); + var pageURI = previewURL(identifier, book.bookId, 'title'); var img = new Image(); $(img).bind( 'load error', function(eventObj) { equals(eventObj.type, 'load', 'Load image (' + pageURI + '). Event handler called'); @@ -75,4 +79,34 @@ for (index in books) { img = null; }); })(); -} \ No newline at end of file +} + +// Multi-book item +var identifier = 'SubBookTest'; +asyncTest("Load title for " + identifier, function() { + expect(1); + + var pageURI = previewURL(identifier, identifier, 'title'); + var img = new Image(); + $(img).bind( 'load error', function(eventObj) { + equals(eventObj.type, 'error', 'Load image (' + pageURI + '). Event handler called'); + start(); + }) + .attr('src', pageURI); + + img = null; +}); + +asyncTest("Load title for " + identifier, function() { + expect(1); + + var pageURI = previewURL(identifier, identifier, 'title'); + var img = new Image(); + $(img).bind( 'load error', function(eventObj) { + equals(eventObj.type, 'error', 'Load image (' + pageURI + '). Event handler called'); + start(); + }) + .attr('src', pageURI); + + img = null; +}); -- 2.20.1