From 9327c9b58bc70709ce27ca30d29f63e4d801bd9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Steven=20Andr=C3=A9s?= Date: Tue, 5 May 2020 14:18:52 -0700 Subject: [PATCH] added whitelist check --- lib/Controller.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/lib/Controller.php b/lib/Controller.php index 21a27b27..5db14c22 100644 --- a/lib/Controller.php +++ b/lib/Controller.php @@ -196,6 +196,19 @@ class Controller */ private function _create() { + // Check whitelist if allowed to create + $whitelist = explode(',', $this->_conf->getKey('whitelist', 'traffic')); + if (($option = $this->_conf->getKey('header', 'traffic')) !== null) { + $httpHeader = 'HTTP_' . $option; + if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) { + $remoteip = $_SERVER[$httpHeader]; + } + } + if( !in_array($remoteip, $whitelist) ) { + $this->_return_message(1, I18n::_('Your IP is not authorized')); + return; + } + // Ensure last paste from visitors IP address was more than configured amount of seconds ago. TrafficLimiter::setConfiguration($this->_conf); if (!TrafficLimiter::canPass()) {