From 371a2ed0e54805f9384f6846b4a2f5e9983a95f0 Mon Sep 17 00:00:00 2001
From: martinlanghoff <martinlanghoff>
Date: Tue, 25 Jan 2005 06:08:06 +0000
Subject: [PATCH] Merged from MOODLE_14_STABLE - clean_param() now handles
 PARAM_HOST (old pending merge)

---
 lib/moodlelib.php | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 308d82919e..18274b30b3 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -101,6 +101,7 @@ define('PARAM_FORMAT',  0x04);  // Alias for PARAM_ALPHA
 define('PARAM_NOTAGS',  0x08);
 define('PARAM_FILE',    0x10);
 define('PARAM_PATH',    0x20);
+define('PARAM_HOST',    0x40);  // FQDN or IPv4 dotted quad
 
 
 /// PARAMETER HANDLING ////////////////////////////////////////////////////
@@ -214,6 +215,29 @@ function clean_param($param, $options) {
         $param = ereg_replace('//+', '/', $param);
     }
 
+    if ($options & PARAM_HOST) {         // allow FQDN or IPv4 dotted quad
+        preg_replace('/[^\.\d\w-]/','', $param ); // only allowed chars 
+	    // match ipv4 dotted quad
+        if (preg_match('/(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/',$param, $match)){
+            // confirm values are ok
+            if ( $match[0] > 255
+                 || $match[1] > 255
+                 || $match[3] > 255 
+                 || $match[4] > 255 ) {
+                // hmmm, what kind of dotted quad is this?
+                $param = '';
+            }
+        } elseif ( preg_match('/^[\w\d\.-]+$/', $param) // dots, hyphens, numbers
+                   && !preg_match('/^[\.-]/',  $param) // no leading dots/hyphens
+                   && !preg_match('/[\.-]$/',  $param) // no trailing dots/hyphens
+                   ) {
+            // all is ok - $param is respected
+        } else {
+            // all is not ok...
+            $param='';               
+        } 
+    }
+
     return $param;
 }
 
-- 
2.39.5