Merge pull request #1 from LTC-fperrin/master

Check IP with Symfony HttpFoundation IpUtils to allow the use of a netmask in the allowed IPs
kmadejski · Jan 12, 2020 · 3d3efa1 · 3d3efa1
2 parents 8841e32 + 8392ca9
commit 3d3efa1
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -41,7 +41,7 @@ ezpublish:
         default:
             maintenance_mode:
                 enabled: true
-                allowed_ips: ['::1', '10.0.0.1']
+                allowed_ips: ['::1', '10.0.0.1', '192.168.0.0/16']
                 response_code: 404
                 template: '@Acme/custom_maintenance.html.twig'
 ```
diff --git a/src/bundle/Event/Subscriber/MaintenanceModeSubscriber.php b/src/bundle/Event/Subscriber/MaintenanceModeSubscriber.php
@@ -9,6 +9,7 @@
 use eZ\Publish\Core\MVC\ConfigResolverInterface;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpFoundation\IpUtils;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 use Symfony\Component\HttpKernel\KernelEvents;
 use Twig\Environment;
@@ -61,7 +62,7 @@ public function onKernelRequest(GetResponseEvent $event): void
 
         $allowedIps = $this->configResolver->getParameter('maintenance_mode.allowed_ips');
 
-        if (\in_array($request->getClientIp(), $allowedIps, true)) {
+        if (IpUtils::checkIp($request->getClientIp(), $allowedIps)) {
             return;
         }