ZF-6677: Zend_Validate_Hostname validates ip address even if it's disallowed

Issue Type:
Sub-task
Created:
2009-05-15T10:33:19.000+0000
Last Updated:
2009-06-09T06:31:00.000+0000
Status:
Resolved
Fix version(s):
  • 1.9.0 (31/Jul/09)
Reporter:
Kirk Madera (aredamkrik)
Assignee:
Thomas Weidner (thomas)
Tags:
  • Zend_Validate
Related issues:
Attachments:

Description

The ip address is checked for validity before checking if it's allowed. This does not make much sense to me. If it's not allowed, it doesn't matter whether it's a valid ip address or not

current code:

    // Check input against IP address schema
    if ($this->_ipValidator->setTranslator($this->getTranslator())->isValid($valueString)) {
        if (!($this->_allow & self::ALLOW_IP)) {
            $this->_error(self::IP_ADDRESS_NOT_ALLOWED);
            return false;
        } else{
            return true;
        }
    }

proposed code:

    // Check input against IP address schema
   if (!($this->_allow & self::ALLOW_IP)) {
            $this->_error(self::IP_ADDRESS_NOT_ALLOWED);
            return false;
    }

    if ($this->_ipValidator->setTranslator($this->getTranslator())->isValid($valueString)) {
            return true;
    }

Comments

Posted by Kirk Madera (aredamkrik) on 2009-05-15T10:38:34.000+0000

ah.. This goes along with the parent issue I guess. The reason it's inside of the isValid() check is because that's how we're determining that it's an ip address. Maybe I'm just unaware of how involved testing that a string is an ip address is. I was assuming it could be done with a simple regular expression

Posted by Thomas Weidner (thomas) on 2009-06-09T06:30:32.000+0000

Marked as fixed as the parent issue is already fixed for the next minor release.