cups/cups-str4461.patch

25 lines
931 B
Diff

diff -up cups-1.7.4/scheduler/client.c.str4461 cups-1.7.4/scheduler/client.c
--- cups-1.7.4/scheduler/client.c.str4461 2014-08-11 16:30:04.695889827 +0100
+++ cups-1.7.4/scheduler/client.c 2014-08-11 16:30:04.697889838 +0100
@@ -3360,8 +3360,18 @@ get_file(cupsd_client_t *con, /* I - C
if (!status && !(filestats->st_mode & S_IROTH))
{
- cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
- return (NULL);
+ /*
+ * The exception is for cupsd.conf and log files for
+ * authenticated access.
+ */
+
+ if ((strcmp(con->uri, "/admin/conf/cupsd.conf") &&
+ strncmp(con->uri, "/admin/log/", 11)) ||
+ cupsdIsAuthorized(con, NULL) != HTTP_OK)
+ {
+ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
+ return (NULL);
+ }
}
/*