diff options
| -rwxr-xr-x | boot.php | 3 | ||||
| -rw-r--r-- | mod/_well_known.php | 16 |
2 files changed, 18 insertions, 1 deletions
@@ -863,7 +863,7 @@ class App { && array_key_exists('baseurl',$this->config['system']) && strlen($this->config['system']['baseurl'])) { $url = $this->config['system']['baseurl']; - + $url = trim($url,'\\/'); return $url; } @@ -881,6 +881,7 @@ class App { && array_key_exists('baseurl',$this->config['system']) && strlen($this->config['system']['baseurl'])) { $url = $this->config['system']['baseurl']; + $url = trim($url,'\\/'); } $parsed = @parse_url($url); diff --git a/mod/_well_known.php b/mod/_well_known.php index 58ed13ece..47cfe1512 100644 --- a/mod/_well_known.php +++ b/mod/_well_known.php @@ -7,6 +7,22 @@ function _well_known_init(&$a){ $arr = array('server' => $_SERVER, 'request' => $_REQUEST);
call_hooks('well_known', $arr);
+
+ if(! check_siteallowed($_SERVER['REMOTE_ADDR'])) {
+ logger('well_known: site not allowed. ' . $_SERVER['REMOTE_ADDR']);
+ killme();
+ }
+
+ // from php.net re: REMOTE_HOST:
+ // Note: Your web server must be configured to create this variable. For example in Apache
+ // you'll need HostnameLookups On inside httpd.conf for it to exist. See also gethostbyaddr().
+
+ if(get_config('system','siteallowed_remote_host') && (! check_siteallowed($_SERVER['REMOTE_HOST']))) {
+ logger('well_known: site not allowed. ' . $_SERVER['REMOTE_HOST']);
+ killme();
+ }
+
+
switch(argv(1)) {
case 'zot-info':
$a->argc -= 1;
|