X-Git-Url: https://git.p6c8.net/jirafeau_project.git/blobdiff_plain/8b600187edd40b6bc402f1807648426c30de367c..f4543bfda26411f6faabf6f3d6dfb0aafce94f1a:/lib/functions.php
diff --git a/lib/functions.php b/lib/functions.php
index 2546497..2c799f2 100644
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -98,6 +98,9 @@ function is_ssl() {
return true;
} elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
return true;
+ } elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
+ if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
+ return true;
}
return false;
}
@@ -611,7 +614,7 @@ jirafeau_admin_list ($name, $file_hash, $link_hash)
continue;
/* Filter. */
- if (!empty ($name) && !preg_match ("/$name/i", $l['file_name']))
+ if (!empty ($name) && !preg_match ("/$name/i", htmlspecialchars($l['file_name'])))
continue;
if (!empty ($file_hash) && $file_hash != $l['md5'])
continue;
@@ -623,7 +626,7 @@ jirafeau_admin_list ($name, $file_hash, $link_hash)
'';
echo '';
echo '| ' . $l['mime_type'] . ' | ';
@@ -1081,3 +1084,97 @@ function jirafeau_challenge_upload_password ($cfg, $password)
return false;
}
+/**
+ * Test if visitor's IP is authorized to upload.
+ * @param $ip IP to be challenged
+ * @return true if IP is authorized, false otherwise.
+ */
+function jirafeau_challenge_upload_ip ($cfg, $ip)
+{
+ if (count ($cfg['upload_ip']) == 0)
+ return true;
+ forEach ($cfg['upload_ip'] as $i)
+ {
+ if ($i == $ip)
+ return true;
+ // CIDR test for IPv4 only.
+ if (strpos ($i, '/') !== false)
+ {
+ list ($subnet, $mask) = explode('/', $i);
+ if ((ip2long ($ip) & ~((1 << (32 - $mask)) - 1) ) == ip2long ($subnet))
+ return true;
+ }
+ }
+ return false;
+}
+
+/** Tell if we have some HTTP headers generated by a proxy */
+function has_http_forwarded()
+{
+ if (!empty ($_SERVER['HTTP_X_FORWARDED_FOR']))
+ return true;
+ if (!empty ($_SERVER['http_X_forwarded_for']))
+ return true;
+ return false;
+}
+
+/**
+ * Generate IP list from HTTP headers generated by a proxy
+ * return array of IP strings
+ */
+function get_ip_list_http_forwarded()
+{
+ $ip_list = array();
+ if (!empty ($_SERVER['HTTP_X_FORWARDED_FOR']))
+ {
+ $l = explode (',', $_SERVER['HTTP_X_FORWARDED_FOR']);
+ foreach ($l as $ip)
+ array_push ($ip_list, preg_replace ('/\s+/', '', $ip));
+ }
+ if (!empty ($_SERVER['http_X_forwarded_for']))
+ {
+ $l = explode (',', $_SERVER['http_X_forwarded_for']);
+ foreach ($l as $ip)
+ {
+ // Separate IP from port
+ $ip = explode (':', $ip)[0];
+ array_push ($ip_list, preg_replace ('/\s+/', '', $ip));
+ }
+ }
+ return $ip_list;
+}
+
+/**
+ * Get the ip address of the client from REMOTE_ADDR
+ * or from HTTP_X_FORWARDED_FOR if behind a proxy
+ * @returns an the client ip address
+ */
+function get_ip_address($cfg) {
+ $remote = $_SERVER['REMOTE_ADDR'];
+ if (count ($cfg['proxy_ip']) == 0 || !has_http_forwarded ())
+ return $remote;
+
+ $ip_list = get_ip_list_http_forwarded ();
+ if (count ($ip_list) == 0)
+ return $remote;
+
+ foreach ($cfg['proxy_ip'] as $proxy_ip)
+ {
+ if ($remote != $proxy_ip)
+ continue;
+ // Take the last IP (the one which has been set by the defined proxy).
+ return end ($ip_list);
+ }
+ return $remote;
+}
+
+/**
+ * Convert hexadecimal string to base64
+ */
+function hex_to_base64($hex)
+{
+ $b = '';
+ foreach (str_split ($hex, 2) as $pair)
+ $b .= chr (hexdec ($pair));
+ return base64_encode ($b);
+}