[geeklog-cvs] geeklog-1.3/public_html pdfgenerator.php,1.8,1.9
tony at iowaoutdoors.org
tony at iowaoutdoors.org
Wed Jun 9 14:11:06 EDT 2004
Update of /var/cvs/geeklog-1.3/public_html
In directory www:/tmp/cvs-serv25509
Modified Files:
pdfgenerator.php
Log Message:
Now securely serves up images (i.e. can't use relative pathing to serve a pdf)
Index: pdfgenerator.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/pdfgenerator.php,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** pdfgenerator.php 9 Jun 2004 17:54:26 -0000 1.8
--- pdfgenerator.php 9 Jun 2004 18:11:03 -0000 1.9
***************
*** 75,82 ****
function PDF_servePDF($pdfFileName)
{
! global $_CONF;
require_once $_CONF['path_system'] . 'classes/downloader.class.php';
!
$downloader = new downloader();
$downloader->setLogFile($_CONF['path_log'] . 'error.log');
--- 75,82 ----
function PDF_servePDF($pdfFileName)
{
! global $_CONF, $LANG_PDF;
require_once $_CONF['path_system'] . 'classes/downloader.class.php';
!
$downloader = new downloader();
$downloader->setLogFile($_CONF['path_log'] . 'error.log');
***************
*** 84,91 ****
$downloader->setAllowedExtensions(array('pdf' => 'application/pdf'));
$downloader->setPath($_CONF['path_pdf']);
! if (is_file($downloader->getPath() . $pdfFileName)) {
$downloader->downloadFile($pdfFileName);
} else {
! header ('HTTP/1.0 404 Not Found');
}
}
--- 84,97 ----
$downloader->setAllowedExtensions(array('pdf' => 'application/pdf'));
$downloader->setPath($_CONF['path_pdf']);
! $fileToGet = $_CONF['path_pdf'] . $pdfFileName;
! // OK, now make sure the file they requested exists and ensure they didn't
! // try to use relative pathing (e.g. ../../some.pdf)
! if ((dirname(realpath($fileToGet)) == strtolower(realpath($_CONF['path_pdf']))) AND
! (is_file($fileToGet))) {
$downloader->downloadFile($pdfFileName);
} else {
! echo COM_siteHeader();
! echo $LANG_PDF[14];
! echo COM_siteFooter();
}
}
More information about the geeklog-cvs
mailing list