diff --git a/livesupport/modules/storageServer/var/xmlrpc/simpleGet.php b/livesupport/modules/storageServer/var/xmlrpc/simpleGet.php index 0ce6be2ed..d6204b514 100644 --- a/livesupport/modules/storageServer/var/xmlrpc/simpleGet.php +++ b/livesupport/modules/storageServer/var/xmlrpc/simpleGet.php @@ -23,11 +23,33 @@ Author : $Author: tomas $ - Version : $Revision: 1.1 $ + Version : $Revision: 1.2 $ Location : $Source: /home/paul/cvs2svn-livesupport/newcvsrepo/livesupport/modules/storageServer/var/xmlrpc/simpleGet.php,v $ ------------------------------------------------------------------------------*/ +/** + * simpleGet.php is remote callable script through HTTP GET method. + * + * This script accepts following HTTP GET parameters: + * + * + * On success, returns HTTP return code 200 and requested file. + * + * On errors, returns HTTP return code >200 + * The possible error codes are: + * + * + */ + require_once 'DB.php'; require_once '../conf.php'; require_once '../LocStor.php'; @@ -45,11 +67,23 @@ function http_error($code, $err){ exit; } -$sessid = $_REQUEST['sessid']; -$gunid = $_REQUEST['id']; +if(preg_match("|^[0-9a-f]{32}$|", $_REQUEST['sessid'])){ + $sessid = $_REQUEST['sessid']; +}else{ + http_error(400, "Error on sessid parameter. ({$_REQUEST['sessid']})"); +} +if(preg_match("|^[0-9a-f]{32}$|", $_REQUEST['id'])){ + $gunid = $_REQUEST['id']; +}else{ + http_error(400, "Error on id parameter. ({$_REQUEST['id']})"); +} -$res = $locStor->existsAudioClip($sessid, $gunid); -if(PEAR::isError($res)){ http_error(500, $res->getMessage()); } +$ex = $locStor->existsAudioClip($sessid, $gunid); +if(PEAR::isError($ex)){ + if($ex->getCode() == GBERR_DENY){ http_error(403, $ex->getMessage()); } + else{ http_error(500, $ex->getMessage()); } +} +if(!$ex){ http_error(404, "File not found"); } $ac =& StoredFile::recallByGunid(&$locStor, $gunid); if(PEAR::isError($ac)){ http_error(500, $ac->getMessage()); } $realFname = $ac->_getRealRADFname();