Also add the world-readable check. git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12056 a1ca3aef-8c08-0410-bb20-df032aa958be

commit: 2e667a52c67d0202a244eb77ed11703446f9de55 [log] [tgz]
author: msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> Tue Jul 22 14:02:56 2014 +0000
committer: msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> Tue Jul 22 14:02:56 2014 +0000
tree: dcbd2d58284198891cd660714b2860832e2e38d6
parent: 9e92ab1978641b7d0982b924c15311377a592c66 [diff]
diff --git a/scheduler/client.c b/scheduler/client.c
index f252eb2..d00d9fb 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c

@@ -3109,6 +3109,17 @@
       cupsdLogClient(con, CUPSD_LOG_INFO, "Symlinks such as \"%s\" are not allowed.", filename);
       return (NULL);
     }
+
+   /*
+    * Similarly, if the file/directory does not have world read permissions, do
+    * not allow access...
+    */
+
+    if (!status && !(filestats->st_mode & S_IROTH))
+    {
+      cupsdLogClient(con, CUPSD_LOG_INFO, "Files/directories such as \"%s\" must be world-readable.", filename);
+      return (NULL);
+    }
   }
 
   cupsdLogClient(con, CUPSD_LOG_DEBUG2, "get_file filestats=%p, filename=%p, len=" CUPS_LLFMT ", returning \"%s\".", filestats, filename, CUPS_LLCAST len, status ? "(null)" : filename);
commit	2e667a52c67d0202a244eb77ed11703446f9de55	[log] [tgz]
author	msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>	Tue Jul 22 14:02:56 2014 +0000
committer	msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>	Tue Jul 22 14:02:56 2014 +0000
tree	dcbd2d58284198891cd660714b2860832e2e38d6
parent	9e92ab1978641b7d0982b924c15311377a592c66 [diff]