mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-03-22 13:10:41 +08:00
added check for null whitelist
This commit is contained in:
parent
b8594c174a
commit
8fbdb69d8a
|
@ -196,15 +196,20 @@ class Controller
|
|||
*/
|
||||
private function _create()
|
||||
{
|
||||
// Check whitelist if allowed to create
|
||||
$whitelist = explode(',', $this->_conf->getKey('whitelist_paste_creation', 'traffic'));
|
||||
if (($option = $this->_conf->getKey('header', 'traffic')) !== null) {
|
||||
$httpHeader = 'HTTP_' . $option;
|
||||
if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) {
|
||||
// compare source IP from web server with whitelist
|
||||
if(!in_array($_SERVER[$httpHeader], $whitelist)) {
|
||||
$this->_return_message(1, I18n::_('Your IP is not authorized to create pastes.'));
|
||||
return;
|
||||
// Check if whitelist feature is enabled
|
||||
if (($option = $this->_conf->getKey('whitelist', 'traffic')) !== null) {
|
||||
// Parse whitelist into array
|
||||
$whitelist = explode(',', $this->_conf->getKey('whitelist_paste_creation', 'traffic'));
|
||||
// Check for source IP in HTTP header
|
||||
if (($option = $this->_conf->getKey('header', 'traffic')) !== null) {
|
||||
$httpHeader = 'HTTP_' . $option;
|
||||
// Grab source IP from HTTP header (if it exists)
|
||||
if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) {
|
||||
// Check if source IP reported from HTTP header is in whitelist array
|
||||
if (!in_array($_SERVER[$httpHeader], $whitelist)) {
|
||||
$this->_return_message(1, I18n::_('Your IP is not authorized to create pastes.'));
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user