diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2023-05-03 00:37:04 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2023-05-03 00:37:04 +0200 |
| commit | 0a38aa7456ccb2875aac5dc20a6f15d3956bb93a (patch) | |
| tree | 0b116f889399fc69e371adff85576142f7e1d596 /lib/lib_rss.php | |
| parent | bd9fa803f1f0c23face77fa1bc550d1198ce5ad6 (diff) | |
Automatic trusted_sources during install (#5358)
* Automatic trusted_sources during install
Fix https://github.com/FreshRSS/FreshRSS/issues/5357
* Fix install for http_auth
* Update lib/lib_rss.php
Co-authored-by: Luc SANCHEZ <4697568+ColonelMoutarde@users.noreply.github.com>
* Fill null exception e-mail
* Revert some syntax
* Minor parentheses
Diffstat (limited to 'lib/lib_rss.php')
| -rw-r--r-- | lib/lib_rss.php | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/lib/lib_rss.php b/lib/lib_rss.php index fcdd8d787..a7e03d4ea 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -634,13 +634,22 @@ function ipToBits(string $ip): string { */ function checkCIDR(string $ip, string $range): bool { $binary_ip = ipToBits($ip); - list($subnet, $mask_bits) = explode('/', $range); - $mask_bits = intval($mask_bits); + $split = explode('/', $range); + + $subnet = $split[0] ?? ''; + if ($subnet == '') { + return false; + } $binary_subnet = ipToBits($subnet); + $mask_bits = $split[1] ?? ''; + $mask_bits = (int)$mask_bits; + if ($mask_bits === 0) { + $mask_bits = null; + } + $ip_net_bits = substr($binary_ip, 0, $mask_bits); $subnet_bits = substr($binary_subnet, 0, $mask_bits); - return $ip_net_bits === $subnet_bits; } @@ -653,7 +662,7 @@ function checkCIDR(string $ip, string $range): bool { */ function checkTrustedIP(): bool { if (FreshRSS_Context::$system_conf === null) { - throw new FreshRSS_Context_Exception('System configuration not initialised!'); + return false; } if (!empty($_SERVER['REMOTE_ADDR'])) { foreach (FreshRSS_Context::$system_conf->trusted_sources as $cidr) { @@ -665,15 +674,20 @@ function checkTrustedIP(): bool { return false; } -function httpAuthUser(): string { +function httpAuthUser(bool $onlyTrusted = true): string { if (!empty($_SERVER['REMOTE_USER'])) { return $_SERVER['REMOTE_USER']; - } elseif (!empty($_SERVER['HTTP_REMOTE_USER']) && checkTrustedIP()) { - return $_SERVER['HTTP_REMOTE_USER']; - } elseif (!empty($_SERVER['REDIRECT_REMOTE_USER'])) { + } + if (!empty($_SERVER['REDIRECT_REMOTE_USER'])) { return $_SERVER['REDIRECT_REMOTE_USER']; - } elseif (!empty($_SERVER['HTTP_X_WEBAUTH_USER']) && checkTrustedIP()) { - return $_SERVER['HTTP_X_WEBAUTH_USER']; + } + if (!$onlyTrusted || checkTrustedIP()) { + if (!empty($_SERVER['HTTP_REMOTE_USER'])) { + return $_SERVER['HTTP_REMOTE_USER']; + } + if (!empty($_SERVER['HTTP_X_WEBAUTH_USER'])) { + return $_SERVER['HTTP_X_WEBAUTH_USER']; + } } return ''; } |