mirrors
/
PretendYoureXyzzy
mirror of https://github.com/ajanata/PretendYoureXyzzy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Check X-Forwarded-For on the admin pages. Fixes #22.

This commit is contained in:
Andy Janata 2012-10-01 20:12:14 -07:00
parent bd9741e5bd
commit ec1e85ec5d
3 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
WebContent/addcard.jsp
View File

@ -30,10 +30,12 @@ Administration tools.
<%@ page import="net.socialgamer.cah.HibernateUtil" %>
<%@ page import="net.socialgamer.cah.db.BlackCard" %>
<%@ page import="net.socialgamer.cah.db.WhiteCard" %>
<%@ page import="net.socialgamer.cah.RequestWrapper" %>
<%@ page import="org.hibernate.Session" %>
<%@ page import="org.hibernate.Transaction" %>
<%
String remoteAddr = request.getRemoteAddr();
RequestWrapper wrapper = new RequestWrapper(request);
String remoteAddr = wrapper.getRemoteAddr();
// TODO better access control than hard-coding IP addresses.
if (!(remoteAddr.equals("0:0:0:0:0:0:0:1") || remoteAddr.equals("127.0.0.1") ||
remoteAddr.equals("98.248.33.90") || remoteAddr.equals("207.161.125.132"))) {

4
WebContent/admin.jsp
View File

@ -30,6 +30,7 @@ Administration tools.
<%@ page import="com.google.inject.Injector" %>
<%@ page import="com.google.inject.Key" %>
<%@ page import="com.google.inject.TypeLiteral" %>
<%@ page import="net.socialgamer.cah.RequestWrapper" %>
<%@ page import="net.socialgamer.cah.CahModule.BanList" %>
<%@ page import="net.socialgamer.cah.Constants.DisconnectReason" %>
<%@ page import="net.socialgamer.cah.Constants.LongPollEvent" %>
@ -47,7 +48,8 @@ Administration tools.
<%@ page import="java.util.Set" %>
<%
String remoteAddr = request.getRemoteAddr();
RequestWrapper wrapper = new RequestWrapper(request);
String remoteAddr = wrapper.getRemoteAddr();
// TODO better access control than hard-coding IP addresses.
if (!(remoteAddr.equals("0:0:0:0:0:0:0:1") || remoteAddr.equals("127.0.0.1") ||
remoteAddr.equals("98.248.33.90") || remoteAddr.equals("207.161.125.132"))) {

4
WebContent/cardsets.jsp
View File

@ -33,11 +33,13 @@ Administration tools.
<%@ page import="net.socialgamer.cah.db.BlackCard" %>
<%@ page import="net.socialgamer.cah.db.CardSet" %>
<%@ page import="net.socialgamer.cah.db.WhiteCard" %>
<%@ page import="net.socialgamer.cah.RequestWrapper" %>
<%@ page import="org.apache.commons.lang3.StringEscapeUtils" %>
<%@ page import="org.hibernate.Session" %>
<%@ page import="org.hibernate.Transaction" %>
<%
String remoteAddr = request.getRemoteAddr();
RequestWrapper wrapper = new RequestWrapper(request);
String remoteAddr = wrapper.getRemoteAddr();
//TODO better access control than hard-coding IP addresses.
if (!(remoteAddr.equals("0:0:0:0:0:0:0:1") || remoteAddr.equals("127.0.0.1") ||
remoteAddr.equals("98.248.33.90") || remoteAddr.equals("207.161.125.132"))) {