|
|
ba58bf8 |
diff -up cups-1.7.4/scheduler/client.c.str4461 cups-1.7.4/scheduler/client.c
|
|
|
ba58bf8 |
--- cups-1.7.4/scheduler/client.c.str4461 2014-08-11 16:30:04.695889827 +0100
|
|
|
ba58bf8 |
+++ cups-1.7.4/scheduler/client.c 2014-08-11 16:30:04.697889838 +0100
|
|
|
ba58bf8 |
@@ -3360,8 +3360,18 @@ get_file(cupsd_client_t *con, /* I - C
|
|
|
ba58bf8 |
|
|
|
ba58bf8 |
if (!status && !(filestats->st_mode & S_IROTH))
|
|
|
ba58bf8 |
{
|
|
|
ba58bf8 |
- cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
|
|
|
ba58bf8 |
- return (NULL);
|
|
|
ba58bf8 |
+ /*
|
|
|
ba58bf8 |
+ * The exception is for cupsd.conf and log files for
|
|
|
ba58bf8 |
+ * authenticated access.
|
|
|
ba58bf8 |
+ */
|
|
|
ba58bf8 |
+
|
|
|
ba58bf8 |
+ if ((strcmp(con->uri, "/admin/conf/cupsd.conf") &&
|
|
|
ba58bf8 |
+ strncmp(con->uri, "/admin/log/", 11)) ||
|
|
|
ba58bf8 |
+ cupsdIsAuthorized(con, NULL) != HTTP_OK)
|
|
|
ba58bf8 |
+ {
|
|
|
ba58bf8 |
+ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
|
|
|
ba58bf8 |
+ return (NULL);
|
|
|
ba58bf8 |
+ }
|
|
|
ba58bf8 |
}
|
|
|
ba58bf8 |
|
|
|
ba58bf8 |
/*
|