From a63773178af16916a5da67dc9a57c3c10f7a2223 Mon Sep 17 00:00:00 2001
From: ORelio <oreliogitantispam.l0gin@spamgourmet.com>
Date: Sun, 12 Jun 2016 22:12:49 +0200
Subject: [PATCH] [Core] Allow IP whitelisting for debug mode

...Because we are never cautious enough
while debugging a live rss-bridge instance.
---
 index.php | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/index.php b/index.php
index a8f96fc4..d81b8c59 100644
--- a/index.php
+++ b/index.php
@@ -15,11 +15,30 @@ TODO :
 date_default_timezone_set('UTC');
 error_reporting(0);
 
-if(file_exists("DEBUG")) {
-    
-    ini_set('display_errors','1'); error_reporting(E_ALL); //Report all errors
-    define("DEBUG", "true");
-    
+/*
+  Create a file named 'DEBUG' for enabling debug mode.
+  For further security, you may put whitelisted IP addresses
+  in the 'DEBUG' file, one IP per line. Empty file allows anyone (!).
+  Debugging allows displaying PHP error messages and bypasses the cache: this can allow a malicious
+  client to retrieve data about your server and hammer a provider throught your rss-bridge instance.
+*/
+if (file_exists('DEBUG')) {
+    $debug_enabled = true;
+    $debug_whitelist = trim(file_get_contents('DEBUG'));
+    if (strlen($debug_whitelist) > 0) {
+        $debug_enabled = false;
+        foreach (explode("\n", $debug_whitelist) as $allowed_ip) {
+            if (trim($allowed_ip) === $_SERVER['REMOTE_ADDR']) {
+                $debug_enabled = true;
+                break;
+            }
+        }
+    }
+    if ($debug_enabled) {
+        ini_set('display_errors', '1');
+        error_reporting(E_ALL);
+        define('DEBUG', 'true');
+    }
 }
 
 require_once __DIR__ . '/lib/RssBridge.php';