1
0
Fork 0
forked from blallo/rss-bridge

[Core] Allow IP whitelisting for debug mode

...Because we are never cautious enough
while debugging a live rss-bridge instance.
This commit is contained in:
ORelio 2016-06-12 22:12:49 +02:00
parent 96de64af63
commit a63773178a

View file

@ -15,11 +15,30 @@ TODO :
date_default_timezone_set('UTC'); date_default_timezone_set('UTC');
error_reporting(0); error_reporting(0);
if(file_exists("DEBUG")) { /*
Create a file named 'DEBUG' for enabling debug mode.
ini_set('display_errors','1'); error_reporting(E_ALL); //Report all errors For further security, you may put whitelisted IP addresses
define("DEBUG", "true"); in the 'DEBUG' file, one IP per line. Empty file allows anyone (!).
Debugging allows displaying PHP error messages and bypasses the cache: this can allow a malicious
client to retrieve data about your server and hammer a provider throught your rss-bridge instance.
*/
if (file_exists('DEBUG')) {
$debug_enabled = true;
$debug_whitelist = trim(file_get_contents('DEBUG'));
if (strlen($debug_whitelist) > 0) {
$debug_enabled = false;
foreach (explode("\n", $debug_whitelist) as $allowed_ip) {
if (trim($allowed_ip) === $_SERVER['REMOTE_ADDR']) {
$debug_enabled = true;
break;
}
}
}
if ($debug_enabled) {
ini_set('display_errors', '1');
error_reporting(E_ALL);
define('DEBUG', 'true');
}
} }
require_once __DIR__ . '/lib/RssBridge.php'; require_once __DIR__ . '/lib/RssBridge.php';