This repository has been archived by the owner on Feb 9, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathModule.php
97 lines (85 loc) · 2.84 KB
/
Module.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
<?php
namespace humhub\modules\webshell;
use Yii;
use yii\base\Action;
use yii\web\ForbiddenHttpException;
use humhub\components\Response;
class Module extends \humhub\components\Module
{
/**
* @inheritdoc
*/
public $controllerNamespace = 'humhub\modules\webshell\controllers';
/**
* @var string console greetings
*/
public $greetings = 'Yii 2.0 Webshell';
/**
* @var array URL to use for `quit` command. If not set, `quit` command will do nothing.
*/
public $quitUrl = ['/dashboard'];
/**
* @var string path to `yii` script
*/
public $yiiScript = '@protected\yii';
/**
* @var string path to the yii console app configuration file
* used to run the yii command in the same process as the web application's
* if so chosen.
*/
public $consoleConfig = '@protected/humhub/config/console.php';
/**
* @var array the list of IPs that are allowed to access this module.
* Each array element represents a single IP filter which can be either an IP address
* or an address with wildcard (e.g. 192.168.0.*) to represent a network segment.
* The default value is `['127.0.0.1', '::1']`, which means the module can only be accessed
* by localhost.
*/
public $allowedIPs = ['127.0.0.1', '::1'];
public $checkAccessCallback;
/**
* @inheritdoc
*/
public function init()
{
parent::init();
set_time_limit(0);
Yii::$app->getResponse()->format = Response::FORMAT_HTML;
}
/**
* @inheritdoc
*/
public function beforeAction($action)
{
if (!parent::beforeAction($action)) {
return false;
}
if (Yii::$app instanceof \yii\web\Application && !$this->checkAccess($action)) {
throw new ForbiddenHttpException('You are not allowed to access this page.');
}
return true;
}
/**
* @return boolean whether the module can be accessed by the current user
*/
protected function checkAccess(Action $action)
{
$allowed = false;
$ip = Yii::$app->getRequest()->getUserIP();
foreach ($this->allowedIPs as $filter) {
if ($filter === '*' || $filter === $ip || (($pos = strpos($filter, '*')) !== false && !strncmp($ip, $filter, $pos))) {
$allowed = true;
break;
}
}
if ($allowed === false) {
Yii::warning('Access to web shell is denied due to IP address restriction. The requested IP is ' . $ip, __METHOD__);
return false;
}
if ($this->checkAccessCallback !== null && call_user_func_array($this->checkAccessCallback, [$action]) !== true) {
Yii::warning('Access to web shell is denied due to checkAccessCallback.', __METHOD__);
return false;
}
return true;
}
}