Add CIDR option to HTTP POST

app/xml_cdr/app_config.php

@@ -343,6 +343,14 @@
 		$apps[$x]['default_settings'][$y]['default_setting_value'] = "fusionpbx";
 		$apps[$x]['default_settings'][$y]['default_setting_enabled'] = "false";
 		$apps[$x]['default_settings'][$y]['default_setting_description'] = "Archive Database Name";
+		$y++;
+		$apps[$x]['default_settings'][$y]['default_setting_uuid'] = "d47ba248-0257-45c6-b418-22c8032414ce";
+		$apps[$x]['default_settings'][$y]['default_setting_category'] = "cdr";
+		$apps[$x]['default_settings'][$y]['default_setting_subcategory'] = "cidr";
+		$apps[$x]['default_settings'][$y]['default_setting_name'] = "array";
+		$apps[$x]['default_settings'][$y]['default_setting_value'] = "127.0.0.1/32";
+		$apps[$x]['default_settings'][$y]['default_setting_enabled'] = "true";
+		$apps[$x]['default_settings'][$y]['default_setting_description'] = "Limit allowed range of addresses for CDR over HTTP POST.";
 
 	//schema details
 		$y=0;

app/xml_cdr/xml_cdr_import.php

@@ -17,7 +17,7 @@
 
 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
-	Portions created by the Initial Developer are Copyright (C) 2016
+	Portions created by the Initial Developer are Copyright (C) 2016-2021
 	the Initial Developer. All Rights Reserved.
 
 	Contributor(s):
@@ -34,11 +34,27 @@
 		require_once "resources/require.php";
 	}
 	else {
+		//required includes
 		include "root.php";
 		require_once "resources/require.php";
 		require_once "resources/pdo.php";
 	}
 
+//check the domain cidr range 
+	if (isset($_SESSION['cdr']["cidr"]) && !defined('STDIN')) {
+		$found = false;
+		foreach($_SESSION['cdr']["cidr"] as $cidr) {
+			if (check_cidr($cidr, $_SERVER['REMOTE_ADDR'])) {
+				$found = true;
+				break;
+			}
+		}
+		if (!$found) {
+			echo "access denied";
+			exit;
+		}
+	}
+
 //increase limits
 	set_time_limit(3600);
 	ini_set('memory_limit', '256M');