Merge branch 'master' of https://github.com/stevenandres/PrivateBin into stevenandres-master

2022-02-20 08:44:09 +01:00 · 2022-02-20 08:44:09 +01:00 · d764c03759
parent c8c6a67530 3f75c81a2f
commit d764c03759
3 changed files with 24 additions and 0 deletions
--- a/cfg/conf.sample.php
+++ b/cfg/conf.sample.php
@ -139,6 +139,11 @@ limit = 10
 ; Unset for enabling and invalid values will be ignored
 ; eg: exemptedIp = '1.2.3.4,10.10.10/24'

+; (optional) if you only want some source IP addresses to create pastes
+; enter their IPv4 address(es) here, separated by commas. This does not
+; currently support CIDR notation, only individual IPv4 addresses.
+; whitelist_paste_creation = "12.34.56.78,99.88.77.66"
+
 ; (optional) if your website runs behind a reverse proxy or load balancer,
 ; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
 ; header = "X_FORWARDED_FOR"
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@ -81,6 +81,7 @@ class Configuration
            'limit'      => 10,
            'header'     => null,
            'exemptedIp' => null,
+            'whitelist'  => null,
        ),
        'purge' => array(
            'limit'     => 300,
--- a/lib/Controller.php
+++ b/lib/Controller.php
@ -195,6 +195,24 @@ class Controller
     */
    private function _create()
    {
+        // Check if whitelist feature is enabled
+        if (($option = $this->_conf->getKey('whitelist_paste_creation', 'traffic')) !== null) {
+            // Parse whitelist into array
+            $whitelist = explode(',', $option);
+            // Check for source IP in HTTP header
+            if (($option = $this->_conf->getKey('header', 'traffic')) !== null) {
+                $httpHeader = 'HTTP_' . $option;
+                // Grab source IP from HTTP header (if it exists)
+                if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) {
+                    // Check if source IP reported from HTTP header is in whitelist array
+                    if (!in_array($_SERVER[$httpHeader], $whitelist)) {
+                        $this->_return_message(1, I18n::_('Your IP is not authorized to create pastes.'));
+                        return;
+                    }
+                }
+            }
+        }
+
        // Ensure last paste from visitors IP address was more than configured amount of seconds ago.
        ServerSalt::setStore($this->_model->getStore());
        TrafficLimiter::setConfiguration($this->_conf);