Properly test if the file requested (cover or book) exists and send a 404 if it doesn't. Should fix #70

2013-07-07 10:15:49 +02:00 · 2013-07-07 10:15:49 +02:00 · f408a71f80
parent f90077154f
commit f408a71f80
2 changed files with 26 additions and 1 deletions
--- a/book.php
+++ b/book.php
@ -357,6 +357,7 @@ class Book extends Base {
        else
        {
            $data = $this->getDataById ($idData);
+            if (!$data) return NULL;
            $file = $data->name . "." . strtolower ($data->format);
        }

--- a/fetch.php
+++ b/fetch.php
@ -10,6 +10,13 @@
    require_once ("book.php");
    require_once ("data.php");

+function notFound () {
+    header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
+    header("Status: 404 Not Found");
+
+    $_SERVER['REDIRECT_STATUS'] = 404;
+}
+    
    global $config;
    $expires = 60*60*24*14;
    header("Pragma: public");
@ -27,6 +34,23 @@
        $book = Book::getBookById($bookId);
    }
    
+    if (!$book) {
+        notFound ();
+        return;     
+    }
+    
+    if ($book && ($type == "jpg" || empty ($config['calibre_internal_directory']))) {
+        if ($type == "jpg") {
+            $file = $book->getFilePath ($type);
+        } else {
+            $file = $book->getFilePath ($type, $idData);
+        }
+        if (!$file || !file_exists ($file)) {
+            notFound ();
+            return;
+        }
+    }
+     
    switch ($type)
    {
        case "jpg":