junior/ComicsViewer
junior/ComicsViewer
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: junior:25bac47c3e410b7b182c257ded19131b2ef5719d
Branches Tags
junior:master
..
compare: junior:1d03eee56e3fa27197cab7242329550d0a38727f
Branches Tags
junior:master

No commits in common. "25bac47c3e410b7b182c257ded19131b2ef5719d" and "1d03eee56e3fa27197cab7242329550d0a38727f" have entirely different histories.
25bac47c3e ... 1d03eee56e

4 changed files with 31 additions and 10 deletions
Show Stats Expand all files Collapse all files

2
README.md
View File

@ -1,6 +1,6 @@
# Comics Viewer # Comics Viewer
This small project provides a web based viewer for comics in the CBZ and CBR formats. Bear in mind that much of the code in this project is **very** old and has had lots of "just get it working" updates over the decades (not kidding) to keep up with changing PHP API requirements. It is *sooooo* not pretty (but should be *safe*). This small project provides a web based viewer for comics in the CBZ and CBR formats.
## This project requires ## This project requires

10
ajax/showcomic.php
View File

@ -5,18 +5,16 @@ require '../header.php';
require_login(); require_login();
if ( isset($_REQUEST['comic']) ) { if ( isset($_REQUEST['comic']) ) {
$comicfull = realpath(COMICSDIR . base64_decode(urldecode($_REQUEST['comic']))); $comic = makePathSafe(base64_decode(urldecode(($_REQUEST['comic']))));
if ( $comicfull === false ) exit(); $comicfull = COMICSDIR . $comic;
if ( substr($comicfull, 0, strlen(COMICSDIR)) != COMICSDIR ) exit();
$comic = substr($comicfull, strlen(COMICSDIR));
$comicoutputurl = "comics" . str_replace("#", "", $comic) . "/"; $comicoutputurl = "comics" . str_replace("#", "", $comic) . "/";
$comicoutputfull = "../" . EXTRACTSDIR . str_replace("#", "", $comic) . "/"; $comicoutputfull = "../" . EXTRACTSDIR . str_replace("#", "", $comic) . "/";
} else { } else {
exit(); exit();
} }
$ext = strtolower(substr($comicfull, -3)); $ext = strtolower(substr($comic, -3));
$_SESSION['comfile'] = basename($comicfull); $_SESSION['comfile'] = basename($comic);
$data = array(); $data = array();

5
downloadcomic.php
View File

@ -5,9 +5,8 @@ require 'header.php';
require_login(); require_login();
if ( isset($_REQUEST['comic']) ) { if ( isset($_REQUEST['comic']) ) {
$comicfull = realpath(COMICSDIR . base64_decode(urldecode($_REQUEST['comic']))); $comic = makePathSafe(base64_decode(urldecode(($_REQUEST['comic']))));
if ( $comicfull === false ) exit(); $comicfull = COMICSDIR . $comic;
if ( substr($comicfull, 0, strlen(COMICSDIR)) != COMICSDIR ) exit();
} else { } else {
exit(); exit();
} }

24
functions.php
View File

@ -5,6 +5,30 @@ function microtime_float() {
return ((float)$usec + (float)$sec); return ((float)$usec + (float)$sec);
} }
function makePathSafe($path = "") {
if ( $path == "" ) return "";
// Stick forward slashes on the ends to make matching more consistent
$path = "/" . $path . "/";
// Remove all instances of dots between forward slashes
while ( preg_match("/\/\.{0,}\//", $path) ) {
$path = preg_replace("/\/\.{0,}\//", "/", $path);
}
// Replace all instances of two consecutive forward slashes
while ( strpos($path, "//") !== false ) {
$path = str_replace("//", "/", $path);
}
// Remove all leading forward slashes
while ( substr($path, 0, 1) == '/' ) {
$path = substr($path, 1);
}
// Remove all trailing forward slashes
while ( substr($path, -1) == '/' ) {
$path = substr($path, 0, strlen($path)-1);
}
$path = "/" . $path;
return $path;
}
function makeThumb($item = "") { function makeThumb($item = "") {
if ( $item == "" ) { return false; } if ( $item == "" ) { return false; }
if ( is_dir($item) ) { if ( is_dir($item) ) {