Last modified: 2011-03-13 18:04:38 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T8198, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 6198 - improved validation of IP address in function "User::isIP"
improved validation of IP address in function "User::isIP"
Status: RESOLVED WONTFIX
Product: MediaWiki
Classification: Unclassified
General/Unknown (Other open bugs)
1.7.x
All All
: Lowest normal (vote)
: ---
Assigned To: Nobody - You can work on this!
: patch, patch-need-review
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-04 22:12 UTC by Jimmy Collins
Modified: 2011-03-13 18:04 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
User.php.patch (trunk) (724 bytes, patch)
2006-06-04 22:14 UTC, Jimmy Collins 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Jimmy Collins 2006-06-04 22:12:55 UTC 
In User.php the function isIP verifies f.e. 300.300.300.300 as IP address.
Attached you will find a patch that will only verify valid IP (v4) addresses.

The patched function still verifies usemod usernames (see bug 3631).

Regards, Jiimmy
Comment 1 Jimmy Collins 2006-06-04 22:14:33 UTC 
Created attachment 1899 [details]
User.php.patch (trunk)
Comment 2 Tim Starling 2006-06-04 22:33:31 UTC 
As the source says:

	 * Note: We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
	 * address because the usemod software would "cloak" anonymous IP
	 * addresses like this, if we allowed accounts like this to be created
	 * new users could get the old edits of these anonymous users.

As far as I'm concerned, User::isIP() has two purposes: to prevent users registering 
usernames which conflict with IP addresses, and to prevent registration of names which are 
confusingly similar to IP addresses. If you need to perform only the first task for some 
reason, you can use wfIP2Unsigned($ip) !== false.
Comment 3 Jimmy Collins 2006-06-04 22:47:57 UTC 
(In reply to comment #2)
> ... and to prevent prevent registration of names which are confusingly similar
to IP addresses.

Tim, if this is wanted, a little comment in the source would be helpfull.

As far as I'm concerned this function sould verfiy a valid IP address (except
$.$.$.xxx).
Comment 4 Tim Starling 2006-06-04 23:49:49 UTC 
Updated the comment in the source, not a bug, closing as wontfix.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links