From ec87f53522f423074b6af4bbe6aefad31acbd715 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kubie=C5=84?= <kecalcze@gmail.com>
Date: Tue, 21 Feb 2023 13:24:55 +0100
Subject: [PATCH] Add IP whitelist turn off option

---
 config.php.sample      |  2 ++
 cron/status.cron.php   | 14 ++++++++++----
 dev/vagrant-config.php |  1 +
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/config.php.sample b/config.php.sample
index a9537ed0..61b2c271 100644
--- a/config.php.sample
+++ b/config.php.sample
@@ -7,4 +7,6 @@ define('PSM_DB_HOST', 'localhost');
 define('PSM_DB_PORT', '3306'); //3306 is the default port for MySQL. If no specfic port is used, leave it empty.
 define('PSM_BASE_URL', '');
 define('PSM_WEBCRON_KEY', '');
+define('PSM_WEBCRON_ENABLE_IP_WHITELIST', 'true'); // Enable IP whitelisting for calling webcron
 define('PSM_PUBLIC', false);
+
diff --git a/cron/status.cron.php b/cron/status.cron.php
index 0151d202..1eb24d0f 100644
--- a/cron/status.cron.php
+++ b/cron/status.cron.php
@@ -44,10 +44,16 @@ namespace {
         $data = @unserialize(PSM_CRON_ALLOW);
         $allow = $data === false ? PSM_CRON_ALLOW : $data;
 
-        if (!in_array($_SERVER['REMOTE_ADDR'], $allow) && !in_array($_SERVER["HTTP_X_FORWARDED_FOR"], $allow)
-          && ! (array_key_exists ("webcron_key", $_GET) &&
-             $_GET["webcron_key"]==PSM_WEBCRON_KEY && (PSM_WEBCRON_KEY != ""))
-        ) {
+        $ipWhitelistCheckPassed = in_array($_SERVER['REMOTE_ADDR'], $allow)
+            && in_array($_SERVER["HTTP_X_FORWARDED_FOR"], $allow)
+            && PSM_WEBCRON_ENABLE_IP_WHITELIST;
+
+        $webCronKeyCheckPassed =
+            array_key_exists ("webcron_key", $_GET)
+            && $_GET["webcron_key"] == PSM_WEBCRON_KEY
+            && (PSM_WEBCRON_KEY != "");
+
+        if (!$ipWhitelistCheckPassed && !$webCronKeyCheckPassed) {
             header('HTTP/1.0 403 Forbidden');
             die('
         <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html>
diff --git a/dev/vagrant-config.php b/dev/vagrant-config.php
index d2c8582a..c1addd82 100644
--- a/dev/vagrant-config.php
+++ b/dev/vagrant-config.php
@@ -7,4 +7,5 @@ define('PSM_DB_HOST', 'localhost');
 define('PSM_DB_PORT', '3306'); //3306 is the default port for MySQL. If no specfic port is used, leave it empty.
 define('PSM_BASE_URL', '');
 define('PSM_WEBCRON_KEY', '');
+define('PSM_WEBCRON_ENABLE_IP_WHITELIST', 'true');
 define('PSM_PUBLIC', false);