Commit b34f67d

rubenreyes2000 rubenreyes2000

committed

Add IP validation functionality

1 parent 7ec2533 commit b34f67dCopy full SHA for b34f67d

File tree

2 files changed

+47

-0

lines changed

deploy-config.orig.php
deploy.php

2 files changed

+47

-0

lines changed

`‎deploy-config.orig.php‎`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,18 @@`
`8`	`8`	`/* DISABLED: Set to true to prevent the execution of this script. cript only when needed */`
`9`	`9`	`define('DISABLED', false);`
`10`	`10`
	`11`	`+/* IP_ALLOW:`
	`12`	`+ * Array of IP addresses and ranges in CIDR notation that are allowed to execute`
	`13`	`+ * the script. Supports IPv4 and IPv6. Leave array empty to allow all IPs.`
	`14`	`+ * GitHub IP ranges are 192.30.252.0/22 and 2620:112:3000::/44`
	`15`	`+ * (https://help.github.com/articles/github-s-ip-addresses/)`
	`16`	`+ * BitBucket IP ranges are 104.192.143.192/28 and 2401:1d80:1010::/64`
	`17`	`+ * (https://confluence.atlassian.com/bitbucket/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall-343343385.html)`
	`18`	`+ *`
	`19`	`+ */`
	`20`	`+define('IP_ALLOW', serialize(array(`
	`21`	`+)));`
	`22`	`+`
`11`	`23`	`/*`
`12`	`24`	`* REMOTE_REPOSITORY:`
`13`	`25`	`* Address of the remote Git repo. For private repos use the SSH address`

`‎deploy.php‎`

Lines changed: 35 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -100,6 +100,41 @@ function endScript() {`
`100`	`100`	`$fh = fopen(__DIR__ . '/deploy.lock', 'w');`
`101`	`101`	`fclose($fh);`
`102`	`102`
	`103`	`+// Check if IP is allowed`
	`104`	`+if(defined('IP_ALLOW') && count(unserialize(IP_ALLOW))) {`
	`105`	`+ $allow = false;`
	`106`	`+ foreach(unserialize(IP_ALLOW) as $ip_allow) {`
	`107`	`+ if(strpos($ip_allow, '/') === false) {`
	`108`	`+ // Single IP`
	`109`	`+ if(inet_pton($_SERVER['REMOTE_ADDR']) == inet_pton($ip_allow)) {`
	`110`	`+ $allow = true;`
	`111`	`+ break;`
	`112`	`+ }`
	`113`	`+ }`
	`114`	`+ else {`
	`115`	`+ // IP range`
	`116`	`+ list($subnet, $bits) = explode('/', $ip_allow);`
	`117`	`+ // Convert subnet to binary string of $bits length`
	`118`	`+ $subnet = unpack('H*', inet_pton($subnet));`
	`119`	`+ foreach($subnet as $i => $h) $subnet[$i] = base_convert($h, 16, 2);`
	`120`	`+ $subnet = substr(implode('', $subnet), 0, $bits);`
	`121`	`+ // Convert remote IP to binary string of $bits length`
	`122`	`+ $ip = unpack('H*', inet_pton($_SERVER['REMOTE_ADDR']));`
	`123`	`+ foreach($ip as $i => $h) $ip[$i] = base_convert($h, 16, 2);`
	`124`	`+ $ip = substr(implode('', $ip), 0, $bits);`
	`125`	`+ if($subnet == $ip) {`
	`126`	`+ $allow = true;`
	`127`	`+ break;`
	`128`	`+ }`
	`129`	`+ }`
	`130`	`+ }`
	`131`	`+ if(!$allow) {`
	`132`	`+ errorPage('<h2>Access Denied</h2>');`
	`133`	`+ endScript();`
	`134`	`+ die();`
	`135`	`+ }`
	`136`	`+}`
	`137`	`+`
`103`	`138`	`// If there's authorization error`
`104`	`139`	`if (!isset($_GET['t']) \|\| $_GET['t'] !== ACCESS_TOKEN \|\| DISABLED === true) {`
`105`	`140`	`errorPage('<h2>Access Denied</h2>');`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit b34f67d

File tree

2 files changed

2 files changed

`‎deploy-config.orig.php‎`

`‎deploy.php‎`

0 commit comments