mirror of
https://github.com/HaschekSolutions/pictshare.git
synced 2025-11-12 11:16:22 +00:00
slicker check for upload permissions, included http response code
This commit is contained in:
Chris
@@ -13,8 +13,7 @@ include_once(ROOT . DS . 'inc' . DS. 'core.php');
|
|||||||
loadAllContentControllers();
|
loadAllContentControllers();
|
||||||
|
|
||||||
// check if client has permission to upload
|
// check if client has permission to upload
|
||||||
if(defined('ALLOWED_SUBNET') && !isIPInRange( getUserIP(), ALLOWED_SUBNET ))
|
executeUploadPermission();
|
||||||
exit(json_encode(array('status'=>'err','reason'=> 'Access denied')));
|
|
||||||
|
|
||||||
// check write permissions first
|
// check write permissions first
|
||||||
if(!isFolderWritable(ROOT.DS.'data'))
|
if(!isFolderWritable(ROOT.DS.'data'))
|
||||||
|
|||||||
@@ -13,8 +13,7 @@ include_once(ROOT . DS . 'inc' . DS. 'core.php');
|
|||||||
loadAllContentControllers();
|
loadAllContentControllers();
|
||||||
|
|
||||||
// check if client has permission to upload
|
// check if client has permission to upload
|
||||||
if(defined('ALLOWED_SUBNET') && !isIPInRange( getUserIP(), ALLOWED_SUBNET ))
|
executeUploadPermission();
|
||||||
exit(json_encode(array('status'=>'err','reason'=> 'Access denied')));
|
|
||||||
|
|
||||||
// check write permissions first
|
// check write permissions first
|
||||||
if(!isFolderWritable(ROOT.DS.'data'))
|
if(!isFolderWritable(ROOT.DS.'data'))
|
||||||
|
|||||||
@@ -15,8 +15,7 @@ if(!in_array('TextController',$controllers))
|
|||||||
exit(json_encode(array('status'=>'err','reason'=>'Text controller not enabled')));
|
exit(json_encode(array('status'=>'err','reason'=>'Text controller not enabled')));
|
||||||
|
|
||||||
// check if client has permission to upload
|
// check if client has permission to upload
|
||||||
if(defined('ALLOWED_SUBNET') && !isIPInRange( getUserIP(), ALLOWED_SUBNET ))
|
executeUploadPermission();
|
||||||
exit(json_encode(array('status'=>'err','reason'=> 'Access denied')));
|
|
||||||
|
|
||||||
// check write permissions first
|
// check write permissions first
|
||||||
if(!isFolderWritable(ROOT.DS.'data'))
|
if(!isFolderWritable(ROOT.DS.'data'))
|
||||||
|
|||||||
@@ -19,8 +19,7 @@ else if(!isFolderWritable(ROOT.DS.'tmp'))
|
|||||||
exit(json_encode(array('status'=>'err','reason'=>'Temp directory not writable')));
|
exit(json_encode(array('status'=>'err','reason'=>'Temp directory not writable')));
|
||||||
|
|
||||||
// check if client has permission to upload
|
// check if client has permission to upload
|
||||||
if(defined('ALLOWED_SUBNET') && !isIPInRange( getUserIP(), ALLOWED_SUBNET ))
|
executeUploadPermission();
|
||||||
exit(json_encode(array('status'=>'err','reason'=> 'Access denied')));
|
|
||||||
|
|
||||||
$hash = sanatizeString(trim($_REQUEST['hash']))?sanatizeString(trim($_REQUEST['hash'])):false;
|
$hash = sanatizeString(trim($_REQUEST['hash']))?sanatizeString(trim($_REQUEST['hash'])):false;
|
||||||
|
|
||||||
|
|||||||
@@ -691,4 +691,13 @@ function isCloudflare() {
|
|||||||
$ipCheck = _cloudflare_CheckIP($_SERVER['REMOTE_ADDR']);
|
$ipCheck = _cloudflare_CheckIP($_SERVER['REMOTE_ADDR']);
|
||||||
$requestCheck = _cloudflare_Requests_Check();
|
$requestCheck = _cloudflare_Requests_Check();
|
||||||
return ($ipCheck && $requestCheck);
|
return ($ipCheck && $requestCheck);
|
||||||
|
}
|
||||||
|
|
||||||
|
function executeUploadPermission()
|
||||||
|
{
|
||||||
|
if(defined('ALLOWED_SUBNET') && !isIPInRange( getUserIP(), ALLOWED_SUBNET ))
|
||||||
|
{
|
||||||
|
http_response_code(403);
|
||||||
|
exit(json_encode(array('status'=>'err','reason'=> 'Access denied')));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
Reference in New Issue
Block a user