From 131b9c7b6ac9b60732e95a8e1c6006df2223dc60 Mon Sep 17 00:00:00 2001
From: dakkar <dakkar@luxion>
Date: Sat, 14 Jan 2006 18:04:30 +0000
Subject: aggiunto un rudimento di access-control per le operazioni in
 scrittura, controlla sull'IP di origine

---
 lib/Bookmarks/C/Main.pm | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/lib/Bookmarks/C/Main.pm b/lib/Bookmarks/C/Main.pm
index 1039ade..26e5a4a 100644
--- a/lib/Bookmarks/C/Main.pm
+++ b/lib/Bookmarks/C/Main.pm
@@ -87,11 +87,7 @@ sub jump : Global {
 sub add : Global {
     my ( $self, $c ) = @_;
 
-    unless ($self->_authorized($c)) {
-        $c->res->status(403);
-        $c->res->body('non puoi');
-        return;
-    }
+    return unless $self->_authorized($c);
 
     my %pre_link=();
     for my $field (qw(pk url title descr)) {
@@ -173,11 +169,7 @@ sub add : Global {
 sub edit : Global {
     my ( $self, $c ) = @_;
 
-    unless ($self->_authorized($c)) {
-        $c->res->status(403);
-        $c->res->body('non puoi');
-        return;
-    }
+    return unless $self->_authorized($c);
 
     my $link=Bookmarks::M::DB::Links->retrieve($c->req->param('link'));
 
@@ -213,9 +205,14 @@ sub search : Global {
 sub _authorized {
     my ($self,$c)=@_;
 
-    if ($ENV{BOOKMARKS_CAN_EDIT}) {
+    if ($c->req->address() =~ m{^(192\.168\.|127\.|10\.)}) {
         return 1;
     }
+
+    $c->res->status(403);
+    $c->res->body("non puoi\n");
+    $c->res->content_type('text/plain');
+
     return;
 }
 
-- 
cgit v1.2.3