From 37e0ca8429aae4f2dd8539916e540eb383a7bc40 Mon Sep 17 00:00:00 2001
From: Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de>
Date: Wed, 21 Aug 2024 10:16:23 +0000
Subject: [PATCH] support IPv6 in checkIpInRange(), fixes #4500
Closes #4500
Merge request studip/studip!3296
---
lib/models/WebserviceAccessRule.php | 32 +++++++++++++++++++++--------
1 file changed, 24 insertions(+), 8 deletions(-)
diff --git a/lib/models/WebserviceAccessRule.php b/lib/models/WebserviceAccessRule.php
index 120ac471ed3..857830a3abb 100644
--- a/lib/models/WebserviceAccessRule.php
+++ b/lib/models/WebserviceAccessRule.php
@@ -99,18 +99,34 @@ class WebserviceAccessRule extends SimpleORMap
*/
function checkIpInRange($check_ip)
{
- if (!ip2long($check_ip)) {
- return false;
- }
+ $ip_addr = inet_pton($check_ip);
+
if (!count($this->ip_range)) {
return true;
}
- foreach($this->ip_range as $range) {
- list($ip, $mask) = explode('/', $range);
- if (!$mask) {
- $mask = 32;
+ foreach ($this->ip_range as $range) {
+ if (strpos($range, '/') !== false) {
+ list($range, $bits) = explode('/', $range);
+ $range = inet_pton($range) ?: '';
+ $mask = str_repeat(chr(0), strlen($range));
+
+ for ($i = 0; $i < strlen($mask); ++$i) {
+ if ($bits >= 8) {
+ $bits -= 8;
+ } else {
+ $mask[$i] = chr((1 << 8 - $bits) - 1);
+ $bits = 0;
+ }
+ }
+
+ $ip_start = $range & ~$mask;
+ $ip_end = $range | $mask;
+ } else {
+ $ip_start = inet_pton($range);
+ $ip_end = inet_pton($range);
}
- if ( (ip2long($check_ip) & ~((1 << (32 - $mask)) - 1)) == ip2long($ip)) {
+
+ if (strcmp($ip_start, $ip_addr) <= 0 && strcmp($ip_addr, $ip_end) <= 0) {
return true;
}
}
--
GitLab