diff options
author | dakkar <dakkar@luxion> | 2006-01-14 18:04:30 +0000 |
---|---|---|
committer | dakkar <dakkar@luxion> | 2006-01-14 18:04:30 +0000 |
commit | 131b9c7b6ac9b60732e95a8e1c6006df2223dc60 (patch) | |
tree | 14379c538147d32769c6537cc277882b4b72f9f9 /lib/Bookmarks/C/Main.pm | |
parent | aggiornamento a nuovo Catalyst, e "permessi di scrittura" (orendo) (diff) | |
download | Bookmarks-131b9c7b6ac9b60732e95a8e1c6006df2223dc60.tar.gz Bookmarks-131b9c7b6ac9b60732e95a8e1c6006df2223dc60.tar.bz2 Bookmarks-131b9c7b6ac9b60732e95a8e1c6006df2223dc60.zip |
aggiunto un rudimento di access-control per le operazioni in scrittura, controlla sull'IP di origine
Diffstat (limited to 'lib/Bookmarks/C/Main.pm')
-rw-r--r-- | lib/Bookmarks/C/Main.pm | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/lib/Bookmarks/C/Main.pm b/lib/Bookmarks/C/Main.pm index 1039ade..26e5a4a 100644 --- a/lib/Bookmarks/C/Main.pm +++ b/lib/Bookmarks/C/Main.pm @@ -87,11 +87,7 @@ sub jump : Global { sub add : Global { my ( $self, $c ) = @_; - unless ($self->_authorized($c)) { - $c->res->status(403); - $c->res->body('non puoi'); - return; - } + return unless $self->_authorized($c); my %pre_link=(); for my $field (qw(pk url title descr)) { @@ -173,11 +169,7 @@ sub add : Global { sub edit : Global { my ( $self, $c ) = @_; - unless ($self->_authorized($c)) { - $c->res->status(403); - $c->res->body('non puoi'); - return; - } + return unless $self->_authorized($c); my $link=Bookmarks::M::DB::Links->retrieve($c->req->param('link')); @@ -213,9 +205,14 @@ sub search : Global { sub _authorized { my ($self,$c)=@_; - if ($ENV{BOOKMARKS_CAN_EDIT}) { + if ($c->req->address() =~ m{^(192\.168\.|127\.|10\.)}) { return 1; } + + $c->res->status(403); + $c->res->body("non puoi\n"); + $c->res->content_type('text/plain'); + return; } |