mirror_php/Jirafeau
1
0
Fork 0
mirror of https://gitlab.com/mojo42/Jirafeau.git synced 2025-04-22 12:36:17 +02:00
Code Issues Projects Releases Wiki Activity

Avoid code duplication when authorizing upload

Browse Source
This commit is contained in:
Erik Lundin 2019-11-12 02:13:38 +01:00
parent a00401257a
commit ebcb7402a9
1 changed files with 3 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
lib/functions.php
View File

@ -1141,50 +1141,9 @@ function jirafeau_challenge_upload_ip_without_password($cfg, $challengedIp)
*/
function jirafeau_challenge_upload ($cfg, $ip, $password)
{
// Allow if no ip restrictaion and no password restriction
if ((count ($cfg['upload_ip']) == 0) and (count ($cfg['upload_password']) == 0)) {
return true;
}
// Allow if ip is in array (no password)
foreach ($cfg['upload_ip_nopassword'] as $i) {
if ($i == $ip) {
return true;
}
// CIDR test for IPv4 only.
if (strpos ($i, '/') !== false)
{
list ($subnet, $mask) = explode('/', $i);
if ((ip2long ($ip) & ~((1 << (32 - $mask)) - 1) ) == ip2long ($subnet)) {
return true;
}
}
}
// Allow if ip is in array
foreach ($cfg['upload_ip'] as $i) {
if ($i == $ip) {
return true;
}
// CIDR test for IPv4 only.
if (strpos ($i, '/') !== false)
{
list ($subnet, $mask) = explode('/', $i);
if ((ip2long ($ip) & ~((1 << (32 - $mask)) - 1) ) == ip2long ($subnet)) {
return true;
}
}
}
if (!jirafeau_has_upload_password($cfg)) {
return false;
}
foreach ($cfg['upload_password'] as $p) {
if ($password == $p) {
return true;
}
}
return false;
return jirafeau_challenge_upload_ip_without_password($cfg, $ip) ||
(!jirafeau_has_upload_password($cfg) && !jirafeau_upload_has_ip_restriction($cfg)) ||
(jirafeau_challenge_upload_password($cfg, $password) && jirafeau_challenge_upload_ip($cfg, $ip));
}
/** Tell if we have some HTTP headers generated by a proxy */