Chapril/paste.chapril.org-privatebin
Chapril/paste.chapril.org-privatebin
25
1
Fork 0
Code Issues Releases Wiki Activity

removed $remoteip that the audit didn't like

Browse Source
This commit is contained in:
Steven Andrés 2020-05-07 16:45:24 -07:00 committed by GitHub
parent 819d25a74c
commit c152f85b50
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/Controller.php
View File

@ -201,13 +201,13 @@ class Controller
if (($option = $this->_conf->getKey('header', 'traffic')) !== null) { if (($option = $this->_conf->getKey('header', 'traffic')) !== null) {
$httpHeader = 'HTTP_' . $option; $httpHeader = 'HTTP_' . $option;
if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) { if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) {
$remoteip = $_SERVER[$httpHeader]; // compare source IP from web server with whitelist
if(!in_array($_SERVER[$httpHeader], $whitelist)) {
$this->_return_message(1, I18n::_('Your IP is not authorized to create pastes.'));
return;
}
} }
} }
if(!in_array($remoteip, $whitelist)) {
$this->_return_message(1, I18n::_('Your IP is not authorized to create pastes.'));
return;
}
// Ensure last paste from visitors IP address was more than configured amount of seconds ago. // Ensure last paste from visitors IP address was more than configured amount of seconds ago.
TrafficLimiter::setConfiguration($this->_conf); TrafficLimiter::setConfiguration($this->_conf);