chalec
/
ctrlv-privatebin
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added check for null whitelist

This commit is contained in:
Steven Andrés 2020-05-08 11:36:19 -07:00 committed by GitHub
parent b8594c174a
commit 8fbdb69d8a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/Controller.php
View File

@ -196,18 +196,23 @@ class Controller
*/ */
private function _create() private function _create()
{ {
// Check whitelist if allowed to create // Check if whitelist feature is enabled
if (($option = $this->_conf->getKey('whitelist', 'traffic')) !== null) {
// Parse whitelist into array
$whitelist = explode(',', $this->_conf->getKey('whitelist_paste_creation', 'traffic')); $whitelist = explode(',', $this->_conf->getKey('whitelist_paste_creation', 'traffic'));
// Check for source IP in HTTP header
if (($option = $this->_conf->getKey('header', 'traffic')) !== null) { if (($option = $this->_conf->getKey('header', 'traffic')) !== null) {
$httpHeader = 'HTTP_' . $option; $httpHeader = 'HTTP_' . $option;
// Grab source IP from HTTP header (if it exists)
if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) { if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) {
// compare source IP from web server with whitelist // Check if source IP reported from HTTP header is in whitelist array
if(!in_array($_SERVER[$httpHeader], $whitelist)) { if (!in_array($_SERVER[$httpHeader], $whitelist)) {
$this->_return_message(1, I18n::_('Your IP is not authorized to create pastes.')); $this->_return_message(1, I18n::_('Your IP is not authorized to create pastes.'));
return; return;
} }
} }
} }
}
// Ensure last paste from visitors IP address was more than configured amount of seconds ago. // Ensure last paste from visitors IP address was more than configured amount of seconds ago.
TrafficLimiter::setConfiguration($this->_conf); TrafficLimiter::setConfiguration($this->_conf);