From af120fdda3622c1e03570507cfb597b119a4ad4a Mon Sep 17 00:00:00 2001
From: ahaber <haber@se-rwth.de>
Date: Wed, 22 Jan 2014 15:27:05 +0100
Subject: [PATCH] fix for issue #8

adds checks for file extension of referenced bibtexfiles
---
 .gitignore        | 1 +
 bibtexbrowser.php | 4 ++++
 2 files changed, 5 insertions(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..d8fe4fa
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/.project
diff --git a/bibtexbrowser.php b/bibtexbrowser.php
index af8c346..ddb281c 100755
--- a/bibtexbrowser.php
+++ b/bibtexbrowser.php
@@ -213,6 +213,10 @@ function _zetDB($bibtex_filenames) {
       set_magic_quotes_runtime(false);
   }
   
+  // get file extension to only allow .bib files
+  $ext = pathinfo($bib, PATHINFO_EXTENSION);
+  // this is a security protection
+  if (BIBTEXBROWSER_LOCAL_BIB_ONLY && (!file_exists($bib) || strcasecmp($ext, 'bib') != 0)) {
   // default bib file, if no file is specified in the query string.
   if (!isset($bibtex_filenames) || $bibtex_filenames == "") {
     default_message();