Compare commits
No commits in common. "25bac47c3e410b7b182c257ded19131b2ef5719d" and "1d03eee56e3fa27197cab7242329550d0a38727f" have entirely different histories.
25bac47c3e
...
1d03eee56e
|
|
@ -1,6 +1,6 @@
|
|||
# Comics Viewer
|
||||
|
||||
This small project provides a web based viewer for comics in the CBZ and CBR formats. Bear in mind that much of the code in this project is **very** old and has had lots of "just get it working" updates over the decades (not kidding) to keep up with changing PHP API requirements. It is *sooooo* not pretty (but should be *safe*).
|
||||
This small project provides a web based viewer for comics in the CBZ and CBR formats.
|
||||
|
||||
## This project requires
|
||||
|
||||
|
|
|
|||
|
|
@ -5,18 +5,16 @@ require '../header.php';
|
|||
require_login();
|
||||
|
||||
if ( isset($_REQUEST['comic']) ) {
|
||||
$comicfull = realpath(COMICSDIR . base64_decode(urldecode($_REQUEST['comic'])));
|
||||
if ( $comicfull === false ) exit();
|
||||
if ( substr($comicfull, 0, strlen(COMICSDIR)) != COMICSDIR ) exit();
|
||||
$comic = substr($comicfull, strlen(COMICSDIR));
|
||||
$comic = makePathSafe(base64_decode(urldecode(($_REQUEST['comic']))));
|
||||
$comicfull = COMICSDIR . $comic;
|
||||
$comicoutputurl = "comics" . str_replace("#", "", $comic) . "/";
|
||||
$comicoutputfull = "../" . EXTRACTSDIR . str_replace("#", "", $comic) . "/";
|
||||
} else {
|
||||
exit();
|
||||
}
|
||||
|
||||
$ext = strtolower(substr($comicfull, -3));
|
||||
$_SESSION['comfile'] = basename($comicfull);
|
||||
$ext = strtolower(substr($comic, -3));
|
||||
$_SESSION['comfile'] = basename($comic);
|
||||
|
||||
$data = array();
|
||||
|
||||
|
|
|
|||
|
|
@ -5,9 +5,8 @@ require 'header.php';
|
|||
require_login();
|
||||
|
||||
if ( isset($_REQUEST['comic']) ) {
|
||||
$comicfull = realpath(COMICSDIR . base64_decode(urldecode($_REQUEST['comic'])));
|
||||
if ( $comicfull === false ) exit();
|
||||
if ( substr($comicfull, 0, strlen(COMICSDIR)) != COMICSDIR ) exit();
|
||||
$comic = makePathSafe(base64_decode(urldecode(($_REQUEST['comic']))));
|
||||
$comicfull = COMICSDIR . $comic;
|
||||
} else {
|
||||
exit();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,6 +5,30 @@ function microtime_float() {
|
|||
return ((float)$usec + (float)$sec);
|
||||
}
|
||||
|
||||
function makePathSafe($path = "") {
|
||||
if ( $path == "" ) return "";
|
||||
// Stick forward slashes on the ends to make matching more consistent
|
||||
$path = "/" . $path . "/";
|
||||
// Remove all instances of dots between forward slashes
|
||||
while ( preg_match("/\/\.{0,}\//", $path) ) {
|
||||
$path = preg_replace("/\/\.{0,}\//", "/", $path);
|
||||
}
|
||||
// Replace all instances of two consecutive forward slashes
|
||||
while ( strpos($path, "//") !== false ) {
|
||||
$path = str_replace("//", "/", $path);
|
||||
}
|
||||
// Remove all leading forward slashes
|
||||
while ( substr($path, 0, 1) == '/' ) {
|
||||
$path = substr($path, 1);
|
||||
}
|
||||
// Remove all trailing forward slashes
|
||||
while ( substr($path, -1) == '/' ) {
|
||||
$path = substr($path, 0, strlen($path)-1);
|
||||
}
|
||||
$path = "/" . $path;
|
||||
return $path;
|
||||
}
|
||||
|
||||
function makeThumb($item = "") {
|
||||
if ( $item == "" ) { return false; }
|
||||
if ( is_dir($item) ) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user