diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/auth.inc | 26 | ||||
-rw-r--r-- | etc/inc/authgui.inc | 2 | ||||
-rw-r--r-- | etc/inc/util.inc | 15 |
3 files changed, 42 insertions, 1 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 13ca678..e7484c1 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -86,6 +86,32 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][ } } +// If the HTTP_REFERER is something other than ourselves then disallow. +if(!$config['system']['nohttpreferercheck']) { + if($_SERVER['HTTP_REFERER']) { + $found_host = false; + $hostname_me = $config['system']['hostname'] . "." . $config['system']['domain']; + if(stristr($_SERVER['HTTP_REFERER'], $hostname_me)) + $found_host = true; + if(!empty($config['system']['webgui']['althostnames'])) { + $althosts = explode(" ", $config['system']['webgui']['althostnames']); + foreach ($althosts as $ah) + if(stristr($ah, $hostname_me)) + $found_host = true; + } + $interface_list_ips = get_configured_ip_addresses(); + foreach($interface_list_ips as $ilips) { + $hostname_me_ip = $config['webgui']['protocol'] . "://" . $ilips; + if(stristr($hostname_me_ip, $ilips)) + $found_host = true; + } + if($found_host == false) { + display_error_form("501", "An HTTP_REFERER was detected other than what is defined in System -> Advanced (" . $_SERVER['HTTP_REFERER'] . "). You can disable this check if needed in System -> Advanced -> Admin."); + exit; + } + } +} + $groupindex = index_groups(); $userindex = index_users(); diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc index e0bea3d..ee98f1c 100644 --- a/etc/inc/authgui.inc +++ b/etc/inc/authgui.inc @@ -261,4 +261,4 @@ if($config['virtualip']) <?php } // end function -?> +?>
\ No newline at end of file diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 0551d40..4b74a7f 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -624,6 +624,21 @@ function get_configured_interface_with_descr($only_opt = false, $withdisabled = return $iflist; } +/* + * get_configured_ip_addresses() - Return a list of all configured + * interfaces IP Addresses + * + */ +function get_configured_ip_addresses() { + require_once("interfaces.inc"); + $ip_array = array(); + $interfaces = get_configured_interface_list(); + foreach($interfaces as $int) { + $ipaddr = get_interface_ip($int); + $ip_array[$int] = $ipaddr; + } + return $ip_array; +} /* * get_interface_list() - Return a list of all physical interfaces |