[geeklog-cvs] geeklog: Added missing check for allowed IP addresses in downloa...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Fri Oct 3 08:42:10 EDT 2008
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/2499b63f85dd
changeset: 6410:2499b63f85dd
user: Dirk Haun <dirk at haun-online.de>
date: Fri Oct 03 14:41:57 2008 +0200
description:
Added missing check for allowed IP addresses in downloader class (bug #0000709)
diffstat:
2 files changed, 13 insertions(+), 1 deletion(-)
public_html/docs/history | 2 ++
system/classes/downloader.class.php | 12 +++++++++++-
diffs (41 lines):
diff -r aeced27e1da9 -r 2499b63f85dd public_html/docs/history
--- a/public_html/docs/history Fri Oct 03 11:34:33 2008 +0200
+++ b/public_html/docs/history Fri Oct 03 14:41:57 2008 +0200
@@ -3,6 +3,8 @@
??? ??, 2008 (1.5.2)
------------
+- Added missing check for allowed IP addresses in downloader class
+ (bug #0000709) [Dirk]
- Force a refresh after uninstalling a plugin so that the plugin's entry
disappears from the Admins block [Dirk]
- Fixed an issue with story expiry dates on PHP 4/Windows (reported by zeb)
diff -r aeced27e1da9 -r 2499b63f85dd system/classes/downloader.class.php
--- a/system/classes/downloader.class.php Fri Oct 03 11:34:33 2008 +0200
+++ b/system/classes/downloader.class.php Fri Oct 03 14:41:57 2008 +0200
@@ -171,7 +171,7 @@
function _logItem($logtype, $text)
{
$timestamp = strftime("%c");
- if (!$file = fopen($this->_logFile,a)) {
+ if (!$file = fopen($this->_logFile, 'a')) {
// couldn't open log file for writing so let's disable logging and add an error
$this->setLogging(false);
$this->_addError('Error writing to log file: ' . $this->_logFile . '. Logging has been disabled');
@@ -481,6 +481,16 @@
*/
function downloadFile($fileName)
{
+ // Before we do anything, let's see if we are limiting file downloads by
+ // IP address and, if so, verify the user is originating from one of
+ // those places
+ if ($this->_limitByIP) {
+ if (!in_array($_SERVER['REMOTE_ADDR'], $this->_allowedIPS)) {
+ $this->_addError('The IP, ' . $_SERVER['REMOTE_ADDR'] . ' is not in the list of accepted IP addresses. Refusing to allow file download(s)');
+ return false;
+ }
+ }
+
if (strstr( PHP_OS, "WIN")) { // Added as test1 below was failing on Windows platforms
$strPathSeparator = '\\';
$this->_sourceDirectory = str_replace('/','\\',$this->_sourceDirectory);
More information about the geeklog-cvs
mailing list