lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

NEW Can restrict access using DAV module to some host IPs only

Browse Source
This commit is contained in:
Laurent Destailleur 2019-08-20 14:15:04 +02:00
parent c60fc6c3d4
commit fd3f890f7b
4 changed files with 26 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
htdocs/admin/dav.php
View File

@ -35,7 +35,10 @@ if (!$user->admin)
$action = GETPOST('action', 'alpha');
$backtopage = GETPOST('backtopage', 'alpha');
$arrayofparameters=array(
'DAV_RESTICT_ON_IP'=>array('css'=>'minwidth200', 'enabled'=>1),
'DAV_ALLOW_PRIVATE_DIR'=>array('css'=>'minwidth200', 'enabled'=>2),
'DAV_ALLOW_PUBLIC_DIR'=>array('css'=>'minwidth200', 'enabled'=>1),
'DAV_ALLOW_ECM_DIR'=>array('css'=>'minwidth200', 'enabled'=>$conf->ecm->enabled)
@ -82,7 +85,8 @@ if ($action == 'edit')
if (isset($val['enabled']) && empty($val['enabled'])) continue;
print '<tr class="oddeven"><td>';
print $form->textwithpicto($langs->trans($key), $langs->trans($key.'Tooltip'));
$tooltiphelp = (($langs->trans($key.'Tooltip') != $key.'Tooltip') ? $langs->trans($key.'Tooltip') : '');
print $form->textwithpicto($langs->trans($key), $tooltiphelp);
print '</td><td>';
if ($key == 'DAV_ALLOW_PRIVATE_DIR')
{
@ -116,7 +120,8 @@ else
foreach($arrayofparameters as $key => $val)
{
print '<tr class="oddeven"><td>';
print $form->textwithpicto($langs->trans($key), $langs->trans($key.'Tooltip'));
$tooltiphelp = (($langs->trans($key.'Tooltip') != $key.'Tooltip') ? $langs->trans($key.'Tooltip') : '');
print $form->textwithpicto($langs->trans($key), $tooltiphelp);
print '</td><td>';
if ($key == 'DAV_ALLOW_PRIVATE_DIR')
{

2
htdocs/api/admin/index.php
View File

@ -130,7 +130,7 @@ print '<td>&nbsp;</td>';
print '</tr>';
print '<tr class="oddeven">';
print '<td>'.$langs->trans("RestrictApiToIps").'</td>';
print '<td>'.$langs->trans("RESTICT_API_ON_IP").'</td>';
print '<td><input type="text" name="API_RESTICT_ON_IP" value="'.dol_escape_htmltag($conf->global->API_RESTICT_ON_IP).'"></td>';
print '<td>';
print '<input type="submit" class="button" name="save" value="'.dol_escape_htmltag($langs->trans("Save")).'"></td>';

16
htdocs/dav/fileserver.php
View File

@ -55,6 +55,22 @@ if (empty($conf->dav->enabled))
accessforbidden();
// Restrict API to some IPs
if (! empty($conf->global->DAV_RESTICT_ON_IP))
{
$allowedip=explode(' ', $conf->global->DAV_RESTICT_ON_IP);
$ipremote = getUserRemoteIP();
if (! in_array($ipremote, $allowedip))
{
dol_syslog('Remote ip is '.$ipremote.', not into list '.$conf->global->DAV_RESTICT_ON_IP);
print 'DAV not allowed from the IP '.$ipremote;
header('HTTP/1.1 503 DAV not allowed from your IP '.$ipremote);
//print $conf->global->DAV_RESTICT_ON_IP;
exit(0);
}
}
$entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : (!empty($conf->entity) ? $conf->entity : 1));
// settings

3
htdocs/langs/en_US/admin.lang
View File

@ -1932,5 +1932,6 @@ DeleteEmailCollector=Delete email collector
ConfirmDeleteEmailCollector=Are you sure you want to delete this email collector?
RecipientEmailsWillBeReplacedWithThisValue=Recipient emails will be always replaced with this value
AtLeastOneDefaultBankAccountMandatory=At least 1 default bank account must be defined
RestrictApiToIps=Allow available APIs to some host IP only (wildcard not allowed, use space between values). Empty means every hosts can use the available APIs.
RESTICT_API_ON_IP=Allow available APIs to some host IP only (wildcard not allowed, use space between values). Empty means every hosts can use the available APIs.
RESTICT_ON_IP=Allow access to some host IP only (wildcard not allowed, use space between values). Empty means every hosts can access.
BaseOnSabeDavVersion=Based on the library SabreDAV version