InformatiQ/InformatiQ-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: global IP/CIDR/UA whitelist bypassing all restrictions

Browse Source 
- class-itk-whitelist.php: static class with 5min transient cache,
  supports exact IP, CIDR notation, and ua: prefix for UA substrings
- config/whitelist.conf: editable config file (template with examples)
- whitelist check added to bot-blocker, WAF, protection (4 methods),
  and honeypot validator — matched requests skip all ITK enforcement
- admin: whitelist.conf added to Config Files editor tab

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Malin
2026-04-13 10:00:16 +02:00
parent 742047915f
commit 52af2d9931
8 changed files with 121 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
includes/class-itk-honeypot.php
View File

@@ -146,6 +146,9 @@ class ITK_Honeypot {
/* ── Validators ───────────────────────────────────────────── */
private function check_honeypot(string $form_type): bool {
// Whitelisted IPs/UAs always pass honeypot validation.
if (ITK_Whitelist::allowed()) return true;
// 1. Honeypot field must be empty
foreach ($_POST as $key => $val) {
if (strpos($key, self::FIELD_PREFIX) === 0 && !empty($val)) {