lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix RESTRICT_ON_API

Browse Source
This commit is contained in:
Laurent Destailleur 2019-08-20 20:32:17 +02:00
parent d82e60adb7
commit bfe6f4a163
5 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/admin/dav.php
View File

@ -86,7 +86,9 @@ if ($action == 'edit')
print '<tr class="oddeven"><td>';
$tooltiphelp = (($langs->trans($key.'Tooltip') != $key.'Tooltip') ? $langs->trans($key.'Tooltip') : '');
print $form->textwithpicto($langs->trans($key), $tooltiphelp);
$label = $langs->trans($key);
if ($key == 'DAV_RESTICT_ON_IP') $label = $langs->trans("RESTRICT_ON_IP");
print $form->textwithpicto($label, $tooltiphelp);
print '</td><td>';
if ($key == 'DAV_ALLOW_PRIVATE_DIR')
{

6
htdocs/api/admin/index.php
View File

@ -80,7 +80,7 @@ if ($action == 'setproductionmode')
if ($action == 'save')
{
dolibarr_set_const($db, 'API_RESTICT_ON_IP', GETPOST('API_RESTICT_ON_IP', 'alpha'));
dolibarr_set_const($db, 'API_RESTRICT_ON_IP', GETPOST('API_RESTRICT_ON_IP', 'alpha'));
}
@ -130,8 +130,8 @@ print '<td>&nbsp;</td>';
print '</tr>';
print '<tr class="oddeven">';
print '<td>'.$langs->trans("RESTICT_API_ON_IP").'</td>';
print '<td><input type="text" name="API_RESTICT_ON_IP" value="'.dol_escape_htmltag($conf->global->API_RESTICT_ON_IP).'"></td>';
print '<td>'.$langs->trans("RESTRICT_API_ON_IP").'</td>';
print '<td><input type="text" name="API_RESTRICT_ON_IP" value="'.dol_escape_htmltag($conf->global->API_RESTRICT_ON_IP).'"></td>';
print '<td>';
print '<input type="submit" class="button" name="save" value="'.dol_escape_htmltag($langs->trans("Save")).'"></td>';
print '</td>';

8
htdocs/api/index.php
View File

@ -207,16 +207,16 @@ if (! empty($reg[1]) && $reg[1] == 'explorer' && ($reg[2] == '/swagger.json' ||
if (! empty($reg[1]) && ($reg[1] != 'explorer' || ($reg[2] != '/swagger.json' && $reg[2] != '/resources.json' && preg_match('/^\/(swagger|resources)\.json\/(.+)$/', $reg[2], $regbis) && $regbis[2] != 'root')))
{
// Restrict API to some IPs
if (! empty($conf->global->API_RESTICT_ON_IP))
if (! empty($conf->global->API_RESTRICT_ON_IP))
{
$allowedip=explode(' ', $conf->global->API_RESTICT_ON_IP);
$allowedip=explode(' ', $conf->global->API_RESTRICT_ON_IP);
$ipremote = getUserRemoteIP();
if (! in_array($ipremote, $allowedip))
{
dol_syslog('Remote ip is '.$ipremote.', not into list '.$conf->global->API_RESTICT_ON_IP);
dol_syslog('Remote ip is '.$ipremote.', not into list '.$conf->global->API_RESTRICT_ON_IP);
print 'API not allowed from the IP '.$ipremote;
header('HTTP/1.1 503 API not allowed from your IP '.$ipremote);
//print $conf->global->API_RESTICT_ON_IP;
//print $conf->global->API_RESTRICT_ON_IP;
exit(0);
}
}

8
htdocs/dav/fileserver.php
View File

@ -56,16 +56,16 @@ if (empty($conf->dav->enabled))
// Restrict API to some IPs
if (! empty($conf->global->DAV_RESTICT_ON_IP))
if (! empty($conf->global->DAV_RESTRICT_ON_IP))
{
$allowedip=explode(' ', $conf->global->DAV_RESTICT_ON_IP);
$allowedip=explode(' ', $conf->global->DAV_RESTRICT_ON_IP);
$ipremote = getUserRemoteIP();
if (! in_array($ipremote, $allowedip))
{
dol_syslog('Remote ip is '.$ipremote.', not into list '.$conf->global->DAV_RESTICT_ON_IP);
dol_syslog('Remote ip is '.$ipremote.', not into list '.$conf->global->DAV_RESTRICT_ON_IP);
print 'DAV not allowed from the IP '.$ipremote;
header('HTTP/1.1 503 DAV not allowed from your IP '.$ipremote);
//print $conf->global->DAV_RESTICT_ON_IP;
//print $conf->global->DAV_RESTRICT_ON_IP;
exit(0);
}
}

4
htdocs/langs/en_US/admin.lang
View File

@ -1932,6 +1932,6 @@ DeleteEmailCollector=Delete email collector
ConfirmDeleteEmailCollector=Are you sure you want to delete this email collector?
RecipientEmailsWillBeReplacedWithThisValue=Recipient emails will be always replaced with this value
AtLeastOneDefaultBankAccountMandatory=At least 1 default bank account must be defined
RESTICT_API_ON_IP=Allow available APIs to some host IP only (wildcard not allowed, use space between values). Empty means every hosts can use the available APIs.
RESTICT_ON_IP=Allow access to some host IP only (wildcard not allowed, use space between values). Empty means every hosts can access.
RESTRICT_API_ON_IP=Allow available APIs to some host IP only (wildcard not allowed, use space between values). Empty means every hosts can use the available APIs.
RESTRICT_ON_IP=Allow access to some host IP only (wildcard not allowed, use space between values). Empty means every hosts can access.
BaseOnSabeDavVersion=Based on the library SabreDAV version