Commit ebcb7402 authored by Erik Lundin's avatar Erik Lundin

Avoid code duplication when authorizing upload

parent a0040125
Pipeline #96046524 passed with stage
in 1 minute
......@@ -1141,50 +1141,9 @@ function jirafeau_challenge_upload_ip_without_password($cfg, $challengedIp)
*/
function jirafeau_challenge_upload ($cfg, $ip, $password)
{
// Allow if no ip restrictaion and no password restriction
if ((count ($cfg['upload_ip']) == 0) and (count ($cfg['upload_password']) == 0)) {
return true;
}
// Allow if ip is in array (no password)
foreach ($cfg['upload_ip_nopassword'] as $i) {
if ($i == $ip) {
return true;
}
// CIDR test for IPv4 only.
if (strpos ($i, '/') !== false)
{
list ($subnet, $mask) = explode('/', $i);
if ((ip2long ($ip) & ~((1 << (32 - $mask)) - 1) ) == ip2long ($subnet)) {
return true;
}
}
}
// Allow if ip is in array
foreach ($cfg['upload_ip'] as $i) {
if ($i == $ip) {
return true;
}
// CIDR test for IPv4 only.
if (strpos ($i, '/') !== false)
{
list ($subnet, $mask) = explode('/', $i);
if ((ip2long ($ip) & ~((1 << (32 - $mask)) - 1) ) == ip2long ($subnet)) {
return true;
}
}
}
if (!jirafeau_has_upload_password($cfg)) {
return false;
}
foreach ($cfg['upload_password'] as $p) {
if ($password == $p) {
return true;
}
}
return false;
return jirafeau_challenge_upload_ip_without_password($cfg, $ip) ||
(!jirafeau_has_upload_password($cfg) && !jirafeau_upload_has_ip_restriction($cfg)) ||
(jirafeau_challenge_upload_password($cfg, $password) && jirafeau_challenge_upload_ip($cfg, $ip));
}
/** Tell if we have some HTTP headers generated by a proxy */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment