[Mapbender-commits] r5387 - trunk/mapbender/http/print

[svn_mapbender at osgeo.org]

Author: christoph
Date: 2010-01-21 04:57:22 -0500 (Thu, 21 Jan 2010)
New Revision: 5387

Modified:
   trunk/mapbender/http/print/printPDF_download.php
Log:
security leak and MIME type

Modified: trunk/mapbender/http/print/printPDF_download.php
===================================================================
--- trunk/mapbender/http/print/printPDF_download.php	2010-01-21 09:56:00 UTC (rev 5386)
+++ trunk/mapbender/http/print/printPDF_download.php	2010-01-21 09:57:22 UTC (rev 5387)
@@ -1,16 +1,24 @@
 <?php
 require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
 
-if (isset($_REQUEST["f"]) && $_REQUEST["f"]!="" && file_exists(TMPDIR."/".$_REQUEST["f"])) {
-	$filename = TMPDIR."/".$_REQUEST["f"];
+$filename = basename($_GET["f"]);
+if (!preg_match("/^[a-zA-Z0-9_-]+(\.[a-zA-Z0-9]+)$/", $filename)) {
+	$errorMessage = _mb("Invalid filename.");
+	echo htmlentities($errorMessage, ENT_QUOTES, CHARSET);
+	$e = new mb_exception($errorMessage);
+	die;
+}
+
+if (isset($filename) && $filename != "" && file_exists(TMPDIR."/".$filename)) {
+	$filenameWithPath = TMPDIR."/".$filename;
 	header("Pragma: private");
 	header("Cache-control: private, must-revalidate");
-	header("Content-Type: x-type/subtype");
-	header("Content-Disposition: attachment; filename=\"".basename($filename)."\"");	
+	header("Content-Type: application/pdf");
+	header("Content-Disposition: attachment; filename=\"".$filename."\"");	
 	
     ob_clean();
     flush();
-    readfile($filename);
+    readfile($filenameWithPath);
     exit;
 }
 else {