Issues

ZF-6677: Zend_Validate_Hostname validates ip address even if it's disallowed

Issue Type: Sub-task Created: 2009-05-15T10:33:19.000+0000 Last Updated: 2009-06-09T06:31:00.000+0000 Status: Resolved Fix version(s): - 1.9.0 (31/Jul/09)

Reporter: Kirk Madera (aredamkrik) Assignee: Thomas Weidner (thomas) Tags: - Zend_Validate

Related issues: Attachments:

Description

The ip address is checked for validity before checking if it's allowed. This does not make much sense to me. If it's not allowed, it doesn't matter whether it's a valid ip address or not

current code:

    // Check input against IP address schema
    if ($this->_ipValidator->setTranslator($this->getTranslator())->isValid($valueString)) {
        if (!($this->_allow & self::ALLOW_IP)) {
            $this->_error(self::IP_ADDRESS_NOT_ALLOWED);
            return false;
        } else{
            return true;
        }
    }

proposed code:

    // Check input against IP address schema
   if (!($this->_allow & self::ALLOW_IP)) {
            $this->_error(self::IP_ADDRESS_NOT_ALLOWED);
            return false;
    }

    if ($this->_ipValidator->setTranslator($this->getTranslator())->isValid($valueString)) {
            return true;
    }

Comments

Posted by Kirk Madera (aredamkrik) on 2009-05-15T10:38:34.000+0000

ah.. This goes along with the parent issue I guess. The reason it's inside of the isValid() check is because that's how we're determining that it's an ip address. Maybe I'm just unaware of how involved testing that a string is an ip address is. I was assuming it could be done with a simple regular expression

Posted by Thomas Weidner (thomas) on 2009-06-09T06:30:32.000+0000

Marked as fixed as the parent issue is already fixed for the next minor release.

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts