Commit 916868f8 authored by Ad Schellevis's avatar Ad Schellevis

(legacy) it feels kind of duplicate, but to avoid too much changes on how it...

(legacy) it feels kind of duplicate, but to avoid too much changes on how it works now let's keep the behavior approx. the same. (part 2)
parent 4755e0cd
......@@ -148,20 +148,7 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui']['
}
if(!$found_host) {
$interface_list_ips = get_configured_ip_addresses();
foreach($interface_list_ips as $ilips) {
if(strcasecmp($referrer_host, $ilips) == 0) {
$found_host = true;
break;
}
}
$interface_list_ipv6s = get_configured_ipv6_addresses();
foreach($interface_list_ipv6s as $ilipv6s) {
if(strcasecmp($referrer_host, $ilipv6s) == 0) {
$found_host = true;
break;
}
}
$found_host = isAuthLocalIP($referrer_host);
if($referrer_host == "127.0.0.1" || $referrer_host == "localhost") {
// allow SSH port forwarded connections and links from localhost
$found_host = true;
......@@ -188,6 +175,42 @@ unset($security_passed);
$groupindex = index_groups();
$userindex = index_users();
/**
* check if $http_host is a local configured ip address
*/
function isAuthLocalIP($http_host)
{
global $config;
$local_ip = false;
$interface_list_ips = get_configured_ip_addresses();
foreach ($interface_list_ips as $ilips) {
if (strcasecmp($http_host, $ilips) == 0) {
$local_ip = true;
break;
}
}
if (!$local_ip) {
$interface_list_ipv6s = get_configured_ipv6_addresses();
foreach ($interface_list_ipv6s as $ilipv6s) {
if (strcasecmp($http_host, $ilipv6s) == 0) {
$local_ip = true;
break;
}
}
if (!$local_ip) {
if (isset($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $vip) {
if ($vip['subnet'] == $http_host) {
$local_ip = true;
}
}
}
}
}
return $local_ip;
}
function index_groups()
{
global $config, $groupindex;
......
......@@ -31,7 +31,6 @@
*/
require_once("auth.inc");
require_once("filter.inc");
// provided via legacy_bindings.inc
global $priv_list;
......@@ -385,31 +384,10 @@ function display_login_form()
}
/* Check against locally configured IP addresses, which will catch when someone
port forwards WebGUI access from WAN to an internal IP on the router. */
$FilterIflist = filter_generate_optcfg_array() ;
$local_ip = false;
if (strstr($_SERVER['HTTP_HOST'], ":")) {
$http_host_port = explode(":", $_SERVER['HTTP_HOST']);
$http_host = $http_host_port[0];
} else {
$http_host = $_SERVER['HTTP_HOST'];
}
foreach ($FilterIflist as $iflist) {
if ($iflist['ip'] == $http_host) {
$local_ip = true;
}
if ($iflist['ipv6'] == $http_host) {
$local_ip = true;
}
}
if (isset($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $vip) {
if ($vip['subnet'] == $http_host) {
$local_ip = true;
}
}
}
port forwards WebGUI access from WAN to an internal IP on the router. */
// fix, local ip check was previously done using "filter_generate_optcfg_array" which basically includes alomst everything here.
// this should do the trick as well.
$local_ip = isAuthLocalIP($http_host);
if (isset($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as $ovpns) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment