From c152f85b50cf38c83562bd9e7dfde543cce0d49e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Steven=20Andr=C3=A9s?= Date: Thu, 7 May 2020 16:45:24 -0700 Subject: [PATCH] removed $remoteip that the audit didn't like --- lib/Controller.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/Controller.php b/lib/Controller.php index 45b6dacd..00bd981b 100644 --- a/lib/Controller.php +++ b/lib/Controller.php @@ -201,13 +201,13 @@ class Controller if (($option = $this->_conf->getKey('header', 'traffic')) !== null) { $httpHeader = 'HTTP_' . $option; if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) { - $remoteip = $_SERVER[$httpHeader]; + // compare source IP from web server with whitelist + if(!in_array($_SERVER[$httpHeader], $whitelist)) { + $this->_return_message(1, I18n::_('Your IP is not authorized to create pastes.')); + return; + } } } - if(!in_array($remoteip, $whitelist)) { - $this->_return_message(1, I18n::_('Your IP is not authorized to create pastes.')); - return; - } // Ensure last paste from visitors IP address was more than configured amount of seconds ago. TrafficLimiter::setConfiguration($this->_conf);