From 9327c9b58bc70709ce27ca30d29f63e4d801bd9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Steven=20Andr=C3=A9s?=
 <stevenandres@users.noreply.github.com>
Date: Tue, 5 May 2020 14:18:52 -0700
Subject: [PATCH] added whitelist check

---
 lib/Controller.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/lib/Controller.php b/lib/Controller.php
index 21a27b2..5db14c2 100644
--- a/lib/Controller.php
+++ b/lib/Controller.php
@@ -196,6 +196,19 @@ class Controller
      */
     private function _create()
     {
+        // Check whitelist if allowed to create
+        $whitelist = explode(',', $this->_conf->getKey('whitelist', 'traffic'));
+        if (($option = $this->_conf->getKey('header', 'traffic')) !== null) {
+            $httpHeader = 'HTTP_' . $option;
+            if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) {
+                $remoteip = $_SERVER[$httpHeader];
+            }
+        }
+        if( !in_array($remoteip, $whitelist) ) {
+            $this->_return_message(1, I18n::_('Your IP is not authorized'));
+            return;
+        }
+        
         // Ensure last paste from visitors IP address was more than configured amount of seconds ago.
         TrafficLimiter::setConfiguration($this->_conf);
         if (!TrafficLimiter::canPass()) {