aggiunto un rudimento di access-control per le operazioni in scrittura, controlla sull'IP di origine

1 files changed, 8 insertions, 11 deletions

diff --git a/lib/Bookmarks/C/Main.pm b/lib/Bookmarks/C/Main.pm
index 1039ade..26e5a4a 100644
--- a/lib/Bookmarks/C/Main.pm
+++ b/lib/Bookmarks/C/Main.pm
@@ -87,11 +87,7 @@ sub jump : Global {
 sub add : Global {
     my ( $self, $c ) = @_;
 
-    unless ($self->_authorized($c)) {
-        $c->res->status(403);
-        $c->res->body('non puoi');
-        return;
-    }
+    return unless $self->_authorized($c);
 
     my %pre_link=();
     for my $field (qw(pk url title descr)) {
@@ -173,11 +169,7 @@ sub add : Global {
 sub edit : Global {
     my ( $self, $c ) = @_;
 
-    unless ($self->_authorized($c)) {
-        $c->res->status(403);
-        $c->res->body('non puoi');
-        return;
-    }
+    return unless $self->_authorized($c);
 
     my $link=Bookmarks::M::DB::Links->retrieve($c->req->param('link'));
 
@@ -213,9 +205,14 @@ sub search : Global {
 sub _authorized {
     my ($self,$c)=@_;
 
-    if ($ENV{BOOKMARKS_CAN_EDIT}) {
+    if ($c->req->address() =~ m{^(192\.168\.|127\.|10\.)}) {
         return 1;
     }
+
+    $c->res->status(403);
+    $c->res->body("non puoi\n");
+    $c->res->content_type('text/plain');
+
     return;
 }