Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-07-23 15:00:40 -04:00
Code Issues Projects Releases Packages Wiki Activity

added whitelist check

Browse source
This commit is contained in:
Steven Andrés 2020-05-05 14:18:52 -07:00 committed by GitHub
parent 5644001c53
commit 9327c9b58b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
lib/Controller.php
View file

@ -196,6 +196,19 @@ class Controller
*/ */
private function _create() private function _create()
{ {
// Check whitelist if allowed to create
$whitelist = explode(',', $this->_conf->getKey('whitelist', 'traffic'));
if (($option = $this->_conf->getKey('header', 'traffic')) !== null) {
$httpHeader = 'HTTP_' . $option;
if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) {
$remoteip = $_SERVER[$httpHeader];
}
}
if( !in_array($remoteip, $whitelist) ) {
$this->_return_message(1, I18n::_('Your IP is not authorized'));
return;
}
// Ensure last paste from visitors IP address was more than configured amount of seconds ago. // Ensure last paste from visitors IP address was more than configured amount of seconds ago.
TrafficLimiter::setConfiguration($this->_conf); TrafficLimiter::setConfiguration($this->_conf);
if (!TrafficLimiter::canPass()) { if (!TrafficLimiter::canPass()) {