Also add the world-readable check.

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12056 a1ca3aef-8c08-0410-bb20-df032aa958be

diff --git a/scheduler/client.c b/scheduler/client.c
index f252eb26fb60181e6ad0434ff9e7658970325191..d00d9fb70e8c0fb8b6a06fece9997cac10d0d9b2 100644 (file)
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -3109,6 +3109,17 @@ get_file(cupsd_client_t *con,            /* I  - Client connection */
       cupsdLogClient(con, CUPSD_LOG_INFO, "Symlinks such as \"%s\" are not allowed.", filename);
       return (NULL);
     }
+
+   /*
+    * Similarly, if the file/directory does not have world read permissions, do
+    * not allow access...
+    */
+
+    if (!status && !(filestats->st_mode & S_IROTH))
+    {
+      cupsdLogClient(con, CUPSD_LOG_INFO, "Files/directories such as \"%s\" must be world-readable.", filename);
+      return (NULL);
+    }
   }
 
   cupsdLogClient(con, CUPSD_LOG_DEBUG2, "get_file filestats=%p, filename=%p, len=" CUPS_LLFMT ", returning \"%s\".", filestats, filename, CUPS_LLCAST len, status ? "(null)" : filename);