Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /home/corals/mautic.corals.io/app/middlewares/Dev/ |
<?php
namespace Mautic\Middleware\Dev;
use Mautic\Middleware\ConfigAwareTrait;
use Mautic\Middleware\PrioritizedMiddlewareInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\HttpKernelInterface;
class IpRestrictMiddleware implements HttpKernelInterface, PrioritizedMiddlewareInterface
{
use ConfigAwareTrait;
public const PRIORITY = 20;
/**
* @var HttpKernelInterface
*/
protected $app;
/**
* @var array
*/
protected $allowedIps;
public function __construct(HttpKernelInterface $app)
{
$this->app = $app;
$this->allowedIps = ['127.0.0.1', 'fe80::1', '::1'];
$parameters = $this->getConfig();
if (array_key_exists('dev_hosts', $parameters) && is_array($parameters['dev_hosts'])) {
$this->allowedIps = array_merge($this->allowedIps, $parameters['dev_hosts']);
}
if (isset($_SERVER['MAUTIC_CUSTOM_DEV_HOSTS'])) {
$localIps = json_decode($_SERVER['MAUTIC_CUSTOM_DEV_HOSTS'], true);
$this->allowedIps = array_merge($this->allowedIps, $localIps);
}
}
/**
* This check prevents access to debug front controllers
* that are deployed by accident to production servers.
*
* {@inheritdoc}
*/
public function handle(Request $request, $type = self::MAIN_REQUEST, $catch = true)
{
if (in_array($request->getClientIp(), $this->allowedIps) || false !== getenv('DDEV_TLD')) {
return $this->app->handle($request, $type, $catch);
}
return new Response('You are not allowed to access this file.', 403);
}
public function getPriority()
{
return self::PRIORITY;
}
}