- // max delay 4 seconds.?
- $delay = empty($_REQUEST['delay']) ? 1 : max(4,$_REQUEST['delay']);
+ // max delay 20 seconds.? bit generous..
+ $delay = empty($_REQUEST['delay']) ? 1 : max(20,$_REQUEST['delay']);
+
+ //?? allow injections?
+ // not yet..
+
+ $outpr = tempnam(ini_get('session.save_path'), 'webkitTMP');
+ unlink($outpr);
+ $out = $outpr .'.pdf';
+
+ // can take 2-5 minutes...
+
+ $cmd = "timeout 300s $xvfb --auto-servernum $webkitpdf " .
+ " --url " . escapeshellarg($_REQUEST['url']) . ' ' .
+ " --pdf " . $out . ' ';
+
+ $res = `$cmd`;
+
+ if (!file_exists($out)) {
+ $this->h404("Failed to create file $cmd ==> $res");
+ }