From: dongsheng Date: Fri, 25 Jul 2008 08:27:50 +0000 (+0000) Subject: "MDL-15244, fix bugs of ip blocker" X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=d255c6e9ad407b155e43891c7c460a5c0fd2a224;p=moodle.git "MDL-15244, fix bugs of ip blocker" --- diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 503a66f129..24630a52be 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -7309,6 +7309,25 @@ function unzip_show_status ($list,$removepath) { } } +/** + * Is current ip in give list? + * @param string $list + * @return bool + */ +function remoteip_in_list($list){ + $inlist = false; + $client_ip = getremoteaddr(); + $list = explode("\n", $list); + foreach($list as $subnet) { + $subnet = trim($subnet); + if (address_in_subnet($client_ip, $subnet)) { + $inlist = true; + break; + } + } + return $inlist; +} + /** * Returns most reliable client address * diff --git a/lib/setup.php b/lib/setup.php index b5747e3743..30282a6348 100644 --- a/lib/setup.php +++ b/lib/setup.php @@ -526,58 +526,54 @@ global $HTTPSPAGEREQUIRED; } } - // allowed list processed before blocked list? - $allowbeforeblock = get_config(null, 'allowbeforeblock'); - $allowediplist = get_config(null, 'allowedip'); - $blockediplist = get_config(null, 'blockedip'); - $banned = false; - - function check_ip($list){ - $inlist = false; - $client_ip = getremoteaddr(); - $list = explode("\n", $list); - foreach($list as $subnet) { - $subnet = trim($subnet); - if (address_in_subnet($client_ip, $subnet)) { - $inlist = true; - break; - } - } - return $inlist; - } // in the first case, ip in allowed list will be performed first // for example, client IP is 192.168.1.1 // 192.168 subnet is an entry in allowed list - // 192.168.1.1 is banned in blocked list + // 192.168.1.1 is banned in blocked list // This ip will be banned finally - if (!empty($allowbeforeblock)) { - if (!empty($allowediplist)) { - $banned = !check_ip($allowediplist); + if (!empty($CFG->allowbeforeblock)) { // allowed list processed before blocked list? + if (!empty($CFG->allowedip)) { + if (!remoteip_in_list($CFG->allowedip)) { + die(get_string('ipblocked', 'admin')); + } } - // need further check, client ip may a part of - // allowed subnet, but a IP address are listed + // need further check, client ip may a part of + // allowed subnet, but a IP address are listed // in blocked list. - if (!empty($blockediplist)) { - $banned = check_ip($allowediplist); + if (!empty($CFG->blockedip)) { + if (remoteip_in_list($CFG->blockedip)) { + die(get_string('ipblocked', 'admin')); + } } + } else { // in this case, IPs in blocked list will be performed first // for example, client IP is 192.168.1.1 // 192.168 subnet is an entry in blocked list - // 192.168.1.1 is allowed in allowed list + // 192.168.1.1 is allowed in allowed list // This ip will be allowed finally - if (!empty($blockediplist)) { - $banned = check_ip($blockediplist); + if (!empty($CFG->blockedip)) { + if (remoteip_in_list($CFG->blockedip)) { + // if the allowed ip list is not empty + // IPs are not included in the allowed list will be + // blocked too + if (!empty($CFG->allowedip)) { + if (!remoteip_in_list($CFG->allowedip)) { + die(get_string('ipblocked', 'admin')); + } + } else { + die(get_string('ipblocked', 'admin')); + } + } } - // if the allowed ip list is not empty - // IPs are not included in the allowed list will be - // blocked too - if (!empty($allowediplist)) { - $banned = !check_ip($allowediplist); + // if blocked list is null + // allowed list should be tested + if(!empty($CFG->allowedip)) { + if (!remoteip_in_list($CFG->allowedip)) { + die(get_string('ipblocked', 'admin')); + } } - } - if($banned) { - die(get_string('ipblocked', 'admin')); + } /// note: we can not block non utf-8 installatrions here, because empty mysql database