Huji has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/368327 )
Change subject: Use methods from the IP class to validate IPs and CIDR ranges ...................................................................... Use methods from the IP class to validate IPs and CIDR ranges Bug: T171699 Change-Id: I7609862e8a4310991b4ae6e71616ad3043ad14e7 --- M specials/SpecialCheckUser.php 1 file changed, 20 insertions(+), 27 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CheckUser refs/changes/27/368327/1 diff --git a/specials/SpecialCheckUser.php b/specials/SpecialCheckUser.php index 952f23e..4ba2dd9 100644 --- a/specials/SpecialCheckUser.php +++ b/specials/SpecialCheckUser.php @@ -1518,43 +1518,36 @@ /** * @param IDatabase $db - * @param string $ip + * @param string $target an IP address or CIDR range * @param string|bool $xfor * @return array|false array for valid conditions, false if invalid */ - public static function getIpConds( $db, $ip, $xfor = false ) { + public static function getIpConds( $db, $target, $xfor = false ) { global $wgCheckUserCIDRLimit; $type = $xfor ? 'xff' : 'ip'; - $matches = []; - if ( preg_match( '#^(\d+\.\d+\.\d+\.\d+)/(\d+)$#', $ip, $matches ) ) { - // IPv4 CIDR, 16-32 bits - if ( $matches[2] < $wgCheckUserCIDRLimit['IPv4'] || $matches[2] > 32 ) { - return false; // invalid + if( strpos( $target, '/' ) !== false ) { + list( $ip, $range ) = explode( '/', $target, 2 ); + if ( IP::isIPv4( $ip ) ) { + // IPv4 CIDR, 16-32 bits + if ( $range < $wgCheckUserCIDRLimit['IPv4'] || $range > 32 ) { + return false; // invalid range, or too wide + } + } elseif ( IP::isIPv6( $ip ) ) { + // IPv6 CIDR, 32-128 bits + if ( $range < $wgCheckUserCIDRLimit['IPv6'] || $range > 128 ) { + return false; // invalid range, or too wide + } } - list( $start, $end ) = IP::parseRange( $ip ); + list( $start, $end ) = IP::parseRange( $target ); return [ 'cuc_' . $type . '_hex BETWEEN ' . $db->addQuotes( $start ) . ' AND ' . $db->addQuotes( $end ) ]; - } elseif ( preg_match( - '#^\w{1,4}:\w{1,4}:\w{1,4}:\w{1,4}:\w{1,4}:\w{1,4}:\w{1,4}:\w{1,4}/(\d+)$#', - $ip, $matches ) - ) { - // IPv6 CIDR, 32-128 bits - if ( $matches[1] < $wgCheckUserCIDRLimit['IPv6'] || $matches[1] > 128 ) { - return false; // invalid + } else { + if ( IP::isIPv4( $target ) || IP::isIPv6( $target ) ) { + return [ "cuc_{$type}_hex" => IP::toHex( $target ) ]; + } else { + return false; //invalid IP } - list( $start, $end ) = IP::parseRange( $ip ); - return [ 'cuc_' . $type . '_hex BETWEEN ' . $db->addQuotes( $start ) . - ' AND ' . $db->addQuotes( $end ) ]; - } elseif ( - // 32 bit IPv4 - preg_match( '#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#', $ip ) || - // 128 bit IPv6 - preg_match( '#^\w{1,4}:\w{1,4}:\w{1,4}:\w{1,4}:\w{1,4}:\w{1,4}:\w{1,4}:\w{1,4}$#', $ip ) - ) { - return [ "cuc_{$type}_hex" => IP::toHex( $ip ) ]; } - // Throw away this query, incomplete IP, these don't get through the entry point anyway - return false; } protected function getTimeConds( $period ) { -- To view, visit https://gerrit.wikimedia.org/r/368327 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7609862e8a4310991b4ae6e71616ad3043ad14e7 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/CheckUser Gerrit-Branch: master Gerrit-Owner: Huji <huji.h...@gmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits