Merge pull request #901 from PrivateBin/trafficlimit-short-subnets

Allow short subnet notation
This commit is contained in:
El RIDO 2022-02-28 19:21:45 +01:00 committed by GitHub
commit 389b07bd2d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 4 deletions

View File

@ -135,7 +135,7 @@ markdown = "Markdown"
; Set this to 0 to disable rate limiting. ; Set this to 0 to disable rate limiting.
limit = 10 limit = 10
; (optional) Set IPs adresses (v4 or v6) or subnets (CIDR) which are exempted ; (optional) Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted
; from the rate-limit. Invalid IPs will be ignored. If multiple values are to ; from the rate-limit. Invalid IPs will be ignored. If multiple values are to
; be exempted, the list needs to be comma separated. Leave unset to disable ; be exempted, the list needs to be comma separated. Leave unset to disable
; exemptions. ; exemptions.

View File

@ -146,7 +146,10 @@ class TrafficLimiter extends AbstractPersistence
$ipRange = trim($ipRange); $ipRange = trim($ipRange);
} }
$address = Factory::parseAddressString($_SERVER[self::$_ipKey]); $address = Factory::parseAddressString($_SERVER[self::$_ipKey]);
$range = Factory::parseRangeString($ipRange, ParseStringFlag::IPV4_MAYBE_NON_DECIMAL); $range = Factory::parseRangeString(
$ipRange,
ParseStringFlag::IPV4_MAYBE_NON_DECIMAL | ParseStringFlag::IPV4SUBNET_MAYBE_COMPACT | ParseStringFlag::IPV4ADDRESS_MAYBE_NON_QUAD_DOTTED
);
// address could not be parsed, we might not be in IP space and try a string comparison instead // address could not be parsed, we might not be in IP space and try a string comparison instead
if (is_null($address)) { if (is_null($address)) {

View File

@ -57,7 +57,7 @@ class TrafficLimiterTest extends PHPUnit_Framework_TestCase
public function testTrafficLimitExempted() public function testTrafficLimitExempted()
{ {
TrafficLimiter::setExempted('1.2.3.4,10.10.10.0/24,2001:1620:2057::/48'); TrafficLimiter::setExempted('1.2.3.4,10.10.10/24,2001:1620:2057::/48');
$_SERVER['REMOTE_ADDR'] = '127.0.0.1'; $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$this->assertTrue(TrafficLimiter::canPass(), 'first request may pass'); $this->assertTrue(TrafficLimiter::canPass(), 'first request may pass');
try { try {
@ -85,7 +85,7 @@ class TrafficLimiterTest extends PHPUnit_Framework_TestCase
public function testTrafficLimitCreators() public function testTrafficLimitCreators()
{ {
TrafficLimiter::setCreators('1.2.3.4,10.10.10.0/24,2001:1620:2057::/48'); TrafficLimiter::setCreators('1.2.3.4,10.10.10/24,2001:1620:2057::/48');
$_SERVER['REMOTE_ADDR'] = '127.0.0.1'; $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
try { try {
$this->assertFalse(TrafficLimiter::canPass(), 'expected an exception'); $this->assertFalse(TrafficLimiter::canPass(), 'expected an exception');