vadvs (vadvs) wrote in changelog,
vadvs
vadvs
changelog

[ljcom] r7212: Some SUP::RPC commands can by allowed fo...

Committer: vad
Some SUP::RPC commands can by allowed for netmask now.

U   trunk/htdocs/sup/rpc_interface.bml
Modified: trunk/htdocs/sup/rpc_interface.bml
===================================================================
--- trunk/htdocs/sup/rpc_interface.bml	2009-04-16 03:11:28 UTC (rev 7211)
+++ trunk/htdocs/sup/rpc_interface.bml	2009-04-16 04:31:22 UTC (rev 7212)
@@ -25,17 +25,23 @@
     # Accept requests only from SUP-data-center
    
     my $params = LJ::did_post() ? \%POST : \%GET;
-    my $ip_class = LJ::LJcom::ip_class();
-
+    my $ip_class  = LJ::LJcom::ip_class();
+    my $remote_ip = LJ::get_remote_ip;
+    
     my $trusted_commands = 
         $LJ::IS_DEV_SERVER 
         ? 1 # all commands are allowed for dev server
-        : (
-            $LJ::SUP_RPC_IP_COMMANDS_TRUSTED{ LJ::get_remote_ip } # commands enabled for IP
-            ||
-            $LJ::SUP_RPC_IPCLASS_COMMANDS_TRUSTED{ $ip_class }    # commands enabled for IP class
-          );
+        : $LJ::SUP_RPC_IPCLASS_COMMANDS_TRUSTED{ $ip_class };    # commands enabled for IP class
+    
+    # commands allowed by ip
+    if (ref $trusted_commands eq 'ARRAY' or not $trusted_commands) { # 1 means that all commands are allowed
+        foreach my $cond (@LJ::SUP_RPC_COMMANDS_TRUSTED_BY_IP){
+            next unless $cond->{ip_block}->match($remote_ip);
+            push @$trusted_commands => @{ $cond->{commands} };
+        }
+    }
 
+    # verify access
     if( !$trusted_commands ){
         return "unauthorized request"
     } elsif( ref($trusted_commands) eq 'ARRAY'){

Subscribe

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments