external-repos/pictshare
1
0
Fork 0
mirror of https://github.com/HaschekSolutions/pictshare.git synced 2025-11-12 19:26:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

slicker check for upload permissions, included http response code

Browse Source
This commit is contained in:
Chris
2020-06-23 09:17:49 +02:00
parent e13f4816fb
commit 0250b6a577
5 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
api/base64.php
View File

@@ -13,8 +13,7 @@ include_once(ROOT . DS . 'inc' . DS. 'core.php');
loadAllContentControllers(); loadAllContentControllers();
// check if client has permission to upload // check if client has permission to upload
if(defined('ALLOWED_SUBNET') && !isIPInRange( getUserIP(), ALLOWED_SUBNET )) executeUploadPermission();
exit(json_encode(array('status'=>'err','reason'=> 'Access denied')));
// check write permissions first // check write permissions first
if(!isFolderWritable(ROOT.DS.'data')) if(!isFolderWritable(ROOT.DS.'data'))

3
api/geturl.php
View File

@@ -13,8 +13,7 @@ include_once(ROOT . DS . 'inc' . DS. 'core.php');
loadAllContentControllers(); loadAllContentControllers();
// check if client has permission to upload // check if client has permission to upload
if(defined('ALLOWED_SUBNET') && !isIPInRange( getUserIP(), ALLOWED_SUBNET )) executeUploadPermission();
exit(json_encode(array('status'=>'err','reason'=> 'Access denied')));
// check write permissions first // check write permissions first
if(!isFolderWritable(ROOT.DS.'data')) if(!isFolderWritable(ROOT.DS.'data'))

3
api/pastebin.php
View File

@@ -15,8 +15,7 @@ if(!in_array('TextController',$controllers))
exit(json_encode(array('status'=>'err','reason'=>'Text controller not enabled'))); exit(json_encode(array('status'=>'err','reason'=>'Text controller not enabled')));
// check if client has permission to upload // check if client has permission to upload
if(defined('ALLOWED_SUBNET') && !isIPInRange( getUserIP(), ALLOWED_SUBNET )) executeUploadPermission();
exit(json_encode(array('status'=>'err','reason'=> 'Access denied')));
// check write permissions first // check write permissions first
if(!isFolderWritable(ROOT.DS.'data')) if(!isFolderWritable(ROOT.DS.'data'))

3
api/upload.php
View File

@@ -19,8 +19,7 @@ else if(!isFolderWritable(ROOT.DS.'tmp'))
exit(json_encode(array('status'=>'err','reason'=>'Temp directory not writable'))); exit(json_encode(array('status'=>'err','reason'=>'Temp directory not writable')));
// check if client has permission to upload // check if client has permission to upload
if(defined('ALLOWED_SUBNET') && !isIPInRange( getUserIP(), ALLOWED_SUBNET )) executeUploadPermission();
exit(json_encode(array('status'=>'err','reason'=> 'Access denied')));
$hash = sanatizeString(trim($_REQUEST['hash']))?sanatizeString(trim($_REQUEST['hash'])):false; $hash = sanatizeString(trim($_REQUEST['hash']))?sanatizeString(trim($_REQUEST['hash'])):false;

9
inc/core.php
View File

@@ -692,3 +692,12 @@ function isCloudflare() {
$requestCheck = _cloudflare_Requests_Check(); $requestCheck = _cloudflare_Requests_Check();
return ($ipCheck && $requestCheck); return ($ipCheck && $requestCheck);
} }
function executeUploadPermission()
{
if(defined('ALLOWED_SUBNET') && !isIPInRange( getUserIP(), ALLOWED_SUBNET ))
{
http_response_code(403);
exit(json_encode(array('status'=>'err','reason'=> 'Access denied')));
}
}