From ebcb7402a9776c5881fbba4d1d60ad50e41a097d Mon Sep 17 00:00:00 2001 From: Erik Lundin Date: Tue, 12 Nov 2019 02:13:38 +0100 Subject: [PATCH 1/1] Avoid code duplication when authorizing upload --- lib/functions.php | 47 +++-------------------------------------------- 1 file changed, 3 insertions(+), 44 deletions(-) diff --git a/lib/functions.php b/lib/functions.php index bff319f..b590e2b 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -1141,50 +1141,9 @@ function jirafeau_challenge_upload_ip_without_password($cfg, $challengedIp) */ function jirafeau_challenge_upload ($cfg, $ip, $password) { - // Allow if no ip restrictaion and no password restriction - if ((count ($cfg['upload_ip']) == 0) and (count ($cfg['upload_password']) == 0)) { - return true; - } - - // Allow if ip is in array (no password) - foreach ($cfg['upload_ip_nopassword'] as $i) { - if ($i == $ip) { - return true; - } - // CIDR test for IPv4 only. - if (strpos ($i, '/') !== false) - { - list ($subnet, $mask) = explode('/', $i); - if ((ip2long ($ip) & ~((1 << (32 - $mask)) - 1) ) == ip2long ($subnet)) { - return true; - } - } - } - - // Allow if ip is in array - foreach ($cfg['upload_ip'] as $i) { - if ($i == $ip) { - return true; - } - // CIDR test for IPv4 only. - if (strpos ($i, '/') !== false) - { - list ($subnet, $mask) = explode('/', $i); - if ((ip2long ($ip) & ~((1 << (32 - $mask)) - 1) ) == ip2long ($subnet)) { - return true; - } - } - } - if (!jirafeau_has_upload_password($cfg)) { - return false; - } - - foreach ($cfg['upload_password'] as $p) { - if ($password == $p) { - return true; - } - } - return false; + return jirafeau_challenge_upload_ip_without_password($cfg, $ip) || + (!jirafeau_has_upload_password($cfg) && !jirafeau_upload_has_ip_restriction($cfg)) || + (jirafeau_challenge_upload_password($cfg, $password) && jirafeau_challenge_upload_ip($cfg, $ip)); } /** Tell if we have some HTTP headers generated by a proxy */ -- 2.34.1