fm
/
zrd-bibtexbrowser
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

only escape html output to (theoretical) support special characters in 

file names
pull/15/head
ahaber 11 years ago
parent
0c7bbef30c
commit
c932e59129
1 changed files with 4 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      bibtexbrowser.php

9
bibtexbrowser.php
View File

@ -238,15 +238,14 @@ function _zetDB($bibtex_filenames) {
// ---------------------------- HANDLING unexistent files // ---------------------------- HANDLING unexistent files
foreach(explode(MULTIPLE_BIB_SEPARATOR, $bibtex_filenames) as $bib) { foreach(explode(MULTIPLE_BIB_SEPARATOR, $bibtex_filenames) as $bib) {
// escape $bib to prevent XSS
$escapedBib = htmlEntities($bib, ENT_QUOTES);
// get file extension to only allow .bib files // get file extension to only allow .bib files
$ext = pathinfo($escapedBib, PATHINFO_EXTENSION);
$ext = pathinfo($bib, PATHINFO_EXTENSION);
// this is a security protection // this is a security protection
if (BIBTEXBROWSER_LOCAL_BIB_ONLY && (!file_exists($escapedBib) || strcasecmp($ext, 'bib') != 0)) {
if (BIBTEXBROWSER_LOCAL_BIB_ONLY && (!file_exists($bib) || strcasecmp($ext, 'bib') != 0)) {
// to automate dectection of faulty links with tools such as webcheck // to automate dectection of faulty links with tools such as webcheck
header('HTTP/1.1 404 Not found'); header('HTTP/1.1 404 Not found');
// escape $bib to prevent XSS
$escapedBib = htmlEntities($bib, ENT_QUOTES);
die('<b>the bib file '.$escapedBib.' does not exist !</b>'); die('<b>the bib file '.$escapedBib.' does not exist !</b>');
} }
} // end for each } // end for each

Write Preview
Loading…
Cancel
Save