Last modified: 2011-03-13 18:04:38 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 6198 - improved validation of IP address in function "User::isIP"
improved validation of IP address in function "User::isIP"
Product: MediaWiki
Classification: Unclassified
General/Unknown (Other open bugs)
All All
: Lowest normal (vote)
: ---
Assigned To: Nobody - You can work on this!
: patch, patch-need-review
Depends on:
  Show dependency treegraph
Reported: 2006-06-04 22:12 UTC by Jimmy Collins
Modified: 2011-03-13 18:04 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

User.php.patch (trunk) (724 bytes, patch)
2006-06-04 22:14 UTC, Jimmy Collins

Description Jimmy Collins 2006-06-04 22:12:55 UTC
In User.php the function isIP verifies f.e. 300.300.300.300 as IP address.
Attached you will find a patch that will only verify valid IP (v4) addresses.

The patched function still verifies usemod usernames (see bug 3631).

Regards, Jiimmy
Comment 1 Jimmy Collins 2006-06-04 22:14:33 UTC
Created attachment 1899 [details]
User.php.patch (trunk)
Comment 2 Tim Starling 2006-06-04 22:33:31 UTC
As the source says:

	 * Note: We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
	 * address because the usemod software would "cloak" anonymous IP
	 * addresses like this, if we allowed accounts like this to be created
	 * new users could get the old edits of these anonymous users.

As far as I'm concerned, User::isIP() has two purposes: to prevent users registering 
usernames which conflict with IP addresses, and to prevent registration of names which are 
confusingly similar to IP addresses. If you need to perform only the first task for some 
reason, you can use wfIP2Unsigned($ip) !== false.
Comment 3 Jimmy Collins 2006-06-04 22:47:57 UTC
(In reply to comment #2)
> ... and to prevent prevent registration of names which are confusingly similar
to IP addresses.

Tim, if this is wanted, a little comment in the source would be helpfull.

As far as I'm concerned this function sould verfiy a valid IP address (except
Comment 4 Tim Starling 2006-06-04 23:49:49 UTC
Updated the comment in the source, not a bug, closing as wontfix.

Note You need to log in before you can comment on or make changes to this bug.