Loading adminzone/pages/modules/admin_ip_ban.php +6 −5 Original line number Diff line number Diff line Loading @@ -261,6 +261,7 @@ class Module_admin_ip_ban public function actual() { require_code('failure'); require_code('type_sanitisation'); $rows = $GLOBALS['SITE_DB']->query('SELECT ip,i_descrip FROM ' . get_table_prefix() . 'banned_ip WHERE i_ban_until IS NULL'/*.' OR i_ban_until>'.strval(time())*/, null, null, false, true); $old_bans = collapse_1d_complexity('ip', $rows); Loading @@ -278,7 +279,7 @@ class Module_admin_ip_ban } preg_match('#^([^\s]+)(.*)$#', $ban, $matches); $ip = $matches[1]; if (preg_match('#^[a-f0-9\.\*:]+$#U', $ip) == 0) { if (!is_ip_address($ip)) { attach_message(do_lang_tempcode('IP_ADDRESS_NOT_VALID', escape_html($ip)), 'warn'); } else { if (!in_array($ip, $old_bans)) { Loading @@ -292,7 +293,7 @@ class Module_admin_ip_ban } } else { $GLOBALS['SITE_DB']->query_update('banned_ip', array( 'i_descrip' => isset($matches[2]) ? $matches[2] : '', 'i_descrip' => isset($matches[2]) ? trim($matches[2]) : '', ), array('ip' => $ip), '', 1); } } Loading @@ -314,19 +315,19 @@ class Module_admin_ip_ban } preg_match('#^([^\s]+)(.*)$#', $str, $matches); $ip = $matches[1]; if (preg_match('#^[a-f0-9\.]+$#U', $ip) == 0) { if (!is_ip_address($ip)) { attach_message(do_lang_tempcode('IP_ADDRESS_NOT_VALID_MAKE_UNBANNABLE', escape_html($str)), 'warn'); } else { if (!in_array($ip, $unbannable_already)) { $GLOBALS['SITE_DB']->query_insert('unbannable_ip', array( 'ip' => $ip, 'note' => isset($matches[2]) ? $matches[2] : '', 'note' => isset($matches[2]) ? trim($matches[2]) : '', )); log_it('MADE_IP_UNBANNABLE', $matches[1]); $unbannable_already[] = $ip; } else { $GLOBALS['SITE_DB']->query_update('unbannable_ip', array( 'note' => isset($matches[2]) ? $matches[2] : '', 'note' => isset($matches[2]) ? trim($matches[2]) : '', ), array('ip' => $ip), '', 1); } } Loading sources/failure.php +2 −1 Original line number Diff line number Diff line Loading @@ -754,7 +754,8 @@ function add_ip_ban($ip, $descrip = '', $ban_until = null, $ban_positive = true) if (!addon_installed('securitylogging')) { return false; } if ($ip == '') { require_code('type_sanitisation'); if (!is_ip_address($ip)) { return false; } Loading sources/type_sanitisation.php +23 −0 Original line number Diff line number Diff line Loading @@ -68,3 +68,26 @@ function is_email_address($string) return (preg_match('#^[\w\.\-\+]+@[\w\.\-]+$#', $string) != 0); // Put "\.[a-zA-Z0-9_\-]+" before $ to ensure a two+ part domain } /** * Find whether the specified address is a well-formed IP address or not. * * @param string $string The string to test (Note: This is typed string, not IP, because it has to function on failure) * @return boolean Whether the string is an IP address or not */ function is_ip_address($string) { $ipv4_regexp = '/^((2[0-4]|1\d|[1-9])?\d|25[0-5])(\.(?1)){3}\z/'; $ipv6_regexp = '/^(((?=(?>.*?(::))(?!.+\3)))\3?|([\dA-F]{1,4}(\3|:(?!$)|$)|\2))(?4){5}((?4){2}|((2[0-4]|1\d|[1-9])?\d|25[0-5])(\.(?7)){3})\z/i'; // Credit: http://home.deds.nl/~aeron/regex/ if (preg_match($ipv4_regexp, $string) != 0) { return true; } if (preg_match($ipv6_regexp, $string) != 0) { return true; } return false; } sources_custom/hooks/systems/addon_registry/testing_platform.php +1 −0 Original line number Diff line number Diff line Loading @@ -573,6 +573,7 @@ class Hook_addon_registry_testing_platform '_tests/tests/unit_tests/addon_setupwizard.php', '_tests/tests/unit_tests/override_notes_consistency.php', '_tests/tests/unit_tests/copyright.php', '_tests/tests/unit_tests/type_sanitisation.php', '_tests/tests/unit_tests/image_compression.php', '_tests/tests/unit_tests/xss.php', '_tests/tests/unit_tests/core_fields.php', Loading Loading
adminzone/pages/modules/admin_ip_ban.php +6 −5 Original line number Diff line number Diff line Loading @@ -261,6 +261,7 @@ class Module_admin_ip_ban public function actual() { require_code('failure'); require_code('type_sanitisation'); $rows = $GLOBALS['SITE_DB']->query('SELECT ip,i_descrip FROM ' . get_table_prefix() . 'banned_ip WHERE i_ban_until IS NULL'/*.' OR i_ban_until>'.strval(time())*/, null, null, false, true); $old_bans = collapse_1d_complexity('ip', $rows); Loading @@ -278,7 +279,7 @@ class Module_admin_ip_ban } preg_match('#^([^\s]+)(.*)$#', $ban, $matches); $ip = $matches[1]; if (preg_match('#^[a-f0-9\.\*:]+$#U', $ip) == 0) { if (!is_ip_address($ip)) { attach_message(do_lang_tempcode('IP_ADDRESS_NOT_VALID', escape_html($ip)), 'warn'); } else { if (!in_array($ip, $old_bans)) { Loading @@ -292,7 +293,7 @@ class Module_admin_ip_ban } } else { $GLOBALS['SITE_DB']->query_update('banned_ip', array( 'i_descrip' => isset($matches[2]) ? $matches[2] : '', 'i_descrip' => isset($matches[2]) ? trim($matches[2]) : '', ), array('ip' => $ip), '', 1); } } Loading @@ -314,19 +315,19 @@ class Module_admin_ip_ban } preg_match('#^([^\s]+)(.*)$#', $str, $matches); $ip = $matches[1]; if (preg_match('#^[a-f0-9\.]+$#U', $ip) == 0) { if (!is_ip_address($ip)) { attach_message(do_lang_tempcode('IP_ADDRESS_NOT_VALID_MAKE_UNBANNABLE', escape_html($str)), 'warn'); } else { if (!in_array($ip, $unbannable_already)) { $GLOBALS['SITE_DB']->query_insert('unbannable_ip', array( 'ip' => $ip, 'note' => isset($matches[2]) ? $matches[2] : '', 'note' => isset($matches[2]) ? trim($matches[2]) : '', )); log_it('MADE_IP_UNBANNABLE', $matches[1]); $unbannable_already[] = $ip; } else { $GLOBALS['SITE_DB']->query_update('unbannable_ip', array( 'note' => isset($matches[2]) ? $matches[2] : '', 'note' => isset($matches[2]) ? trim($matches[2]) : '', ), array('ip' => $ip), '', 1); } } Loading
sources/failure.php +2 −1 Original line number Diff line number Diff line Loading @@ -754,7 +754,8 @@ function add_ip_ban($ip, $descrip = '', $ban_until = null, $ban_positive = true) if (!addon_installed('securitylogging')) { return false; } if ($ip == '') { require_code('type_sanitisation'); if (!is_ip_address($ip)) { return false; } Loading
sources/type_sanitisation.php +23 −0 Original line number Diff line number Diff line Loading @@ -68,3 +68,26 @@ function is_email_address($string) return (preg_match('#^[\w\.\-\+]+@[\w\.\-]+$#', $string) != 0); // Put "\.[a-zA-Z0-9_\-]+" before $ to ensure a two+ part domain } /** * Find whether the specified address is a well-formed IP address or not. * * @param string $string The string to test (Note: This is typed string, not IP, because it has to function on failure) * @return boolean Whether the string is an IP address or not */ function is_ip_address($string) { $ipv4_regexp = '/^((2[0-4]|1\d|[1-9])?\d|25[0-5])(\.(?1)){3}\z/'; $ipv6_regexp = '/^(((?=(?>.*?(::))(?!.+\3)))\3?|([\dA-F]{1,4}(\3|:(?!$)|$)|\2))(?4){5}((?4){2}|((2[0-4]|1\d|[1-9])?\d|25[0-5])(\.(?7)){3})\z/i'; // Credit: http://home.deds.nl/~aeron/regex/ if (preg_match($ipv4_regexp, $string) != 0) { return true; } if (preg_match($ipv6_regexp, $string) != 0) { return true; } return false; }
sources_custom/hooks/systems/addon_registry/testing_platform.php +1 −0 Original line number Diff line number Diff line Loading @@ -573,6 +573,7 @@ class Hook_addon_registry_testing_platform '_tests/tests/unit_tests/addon_setupwizard.php', '_tests/tests/unit_tests/override_notes_consistency.php', '_tests/tests/unit_tests/copyright.php', '_tests/tests/unit_tests/type_sanitisation.php', '_tests/tests/unit_tests/image_compression.php', '_tests/tests/unit_tests/xss.php', '_tests/tests/unit_tests/core_fields.php', Loading
