From 8fbdb69d8a2daf48c96ce39bc91bafbc2febb451 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Steven=20Andr=C3=A9s?= Date: Fri, 8 May 2020 11:36:19 -0700 Subject: [PATCH] added check for null whitelist --- lib/Controller.php | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/lib/Controller.php b/lib/Controller.php index 00bd981..6b1dbcb 100644 --- a/lib/Controller.php +++ b/lib/Controller.php @@ -196,16 +196,21 @@ class Controller */ private function _create() { - // Check whitelist if allowed to create - $whitelist = explode(',', $this->_conf->getKey('whitelist_paste_creation', 'traffic')); - if (($option = $this->_conf->getKey('header', 'traffic')) !== null) { - $httpHeader = 'HTTP_' . $option; - if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) { - // compare source IP from web server with whitelist - if(!in_array($_SERVER[$httpHeader], $whitelist)) { - $this->_return_message(1, I18n::_('Your IP is not authorized to create pastes.')); - return; - } + // Check if whitelist feature is enabled + if (($option = $this->_conf->getKey('whitelist', 'traffic')) !== null) { + // Parse whitelist into array + $whitelist = explode(',', $this->_conf->getKey('whitelist_paste_creation', 'traffic')); + // Check for source IP in HTTP header + if (($option = $this->_conf->getKey('header', 'traffic')) !== null) { + $httpHeader = 'HTTP_' . $option; + // Grab source IP from HTTP header (if it exists) + if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) { + // Check if source IP reported from HTTP header is in whitelist array + if (!in_array($_SERVER[$httpHeader], $whitelist)) { + $this->_return_message(1, I18n::_('Your IP is not authorized to create pastes.')); + return; + } + } } }