2011-11-28 Sergio Martin <sergio.martin@artica.es>

* include/functions_api.php
	include/help/en/help_ip_api_list.php
	include/help/es/help_ip_api_list.php
	godmode/setup/setup.php: Improved the IP ACL Access 
	list to allow substrings for bug 3438385



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@5187 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

pandora_console/ChangeLog

@@ -1,3 +1,11 @@
+2011-11-28  Sergio Martin <sergio.martin@artica.es>
+
+	* include/functions_api.php
+	include/help/en/help_ip_api_list.php
+	include/help/es/help_ip_api_list.php
+	godmode/setup/setup.php: Improved the IP ACL Access 
+	list to allow substrings for bug 3438385
+
 2011-11-28 Juan Manuel Ramon <juanmanuel.ramon@artica.es>
 
 	* operation/events/events_list.php: Fixed bad cast from alphanumeric

pandora_console/godmode/setup/setup.php

@@ -100,8 +100,7 @@ $table->data[11][1] .= __('No').' '.html_print_radio_button ('https', 0, ''
 $table->data[14][0] = __('Attachment store') . ui_print_help_tip (__("Directory where temporary data is stored."), true);
 $table->data[14][1] = html_print_input_text ('attachment_store', $config["attachment_store"], '', 50, 255, true);
 
-$table->data[15][0] = __('IP list with API access') . 
-	ui_print_help_tip (__("The list of IPs separate with carriage return."), true);
+$table->data[15][0] = __('IP list with API access') . ui_print_help_icon ("ip_api_list", true);
 $list_ACL_IPs_for_API = get_parameter('list_ACL_IPs_for_API', implode("\n", $config['list_ACL_IPs_for_API']));
 $table->data[15][1] = html_print_textarea('list_ACL_IPs_for_API', 2, 25, $list_ACL_IPs_for_API, 'style="height: 50px; width: 300px"', true);
 

pandora_console/include/functions_api.php

@@ -145,14 +145,28 @@ function array_apply_io_safe_output($item) {
  */
 function isInACL($ip) {
 	global $config;
-	//If set * in the list ACL return true 
-	if(in_array('*', $config['list_ACL_IPs_for_API']))
-		return true;
 	
 	if (in_array($ip, $config['list_ACL_IPs_for_API']))
 		return true;
-	else
-		return false;
+	
+	// If the IP is not in the list, we check one by one, all the wildcard registers
+	foreach($config['list_ACL_IPs_for_API'] as $acl_ip) {
+		if(preg_match('/\*$/', $acl_ip)) {
+			// Remove the final wildcard
+			$acl_ip = substr($acl_ip,0,strlen($acl_ip)-1);
+			
+			// Scape for protection
+			$acl_ip = str_replace('*','\*',$acl_ip);
+			$acl_ip = str_replace('.','\.',$acl_ip);
+			
+			// If the string match with the beginning of the IP give it access
+			if(preg_match('/^'.$acl_ip.'/', $ip)) {
+				return true;
+			}
+		}
+	}
+	
+	return false;
 }
 
 //-------------------------DEFINED OPERATIONS FUNCTIONS-------------------------

pandora_console/include/help/en/help_ip_api_list.php

@@ -0,0 +1,15 @@
+<?php
+/**
+ * @package Include/help/en
+ */
+?>
+<h1>IP list with API access</h1>
+
+<p>
+Individual access: The list of IPs separate with carriage return.<br>
+Advanced access: Use "*" as wilcard.<br><br>
+
+Examples: <br>
+"192.168.20.*" will allows access to all the subnet 192.168.20.0/24<br>
+"*" will allows access to all the possible IP's
+</p>

pandora_console/include/help/es/help_ip_api_list.php

@@ -0,0 +1,15 @@
+<?php
+/**
+ * @package Include/help/es
+ */
+?>
+<h1>Lista de IPs con acceso al API</h1>
+
+<p>
+Acceso individual: La lista de IPs separadas por retorno de carro.<br>
+Acceso avanzado: Utilizar "*" como comodín.<br><br>
+
+Ejemplos: <br>
+"192.168.20.*" permitirá el acceso a toda la subred 192.168.20.0/24<br>
+"*" permitirá el acceso a todas las IP's
+</p>