From b9a2603025483deefbf7636de3f6c0786e95d293 Mon Sep 17 00:00:00 2001
From: Karl 'vollmerk' Vollmer <vollmer@ampache.org>
Date: Sun, 1 Feb 2009 01:06:46 +0000
Subject: Finish IPv6 support

---
 lib/class/access.class.php | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

(limited to 'lib/class/access.class.php')

diff --git a/lib/class/access.class.php b/lib/class/access.class.php
index 28a98073..73c50b5e 100644
--- a/lib/class/access.class.php
+++ b/lib/class/access.class.php
@@ -94,6 +94,25 @@ class Access {
 	 */
 	public function update($data) { 
 
+                /* We need to verify the incomming data a littlebit */
+                $start = @inet_pton($data['start']);
+                $end = @inet_pton($data['end']);
+
+                if (!$start AND $data['start'] != '0.0.0.0' AND $data['start'] != '::') {
+                        Error::add('start',_('Invalid IPv4 / IPv6 Address Entered'));
+                        return false;
+                }
+                if (!$end) {
+                        Error::add('end',_('Invalid IPv4 / IPv6 Address Entered'));
+                        return false;
+                }
+
+                if (strlen(bin2hex($start)) != strlen(bin2hex($end))) {
+                        Error::add('start',_('IP Address Version Mismatch'));
+                        Error::add('end',_('IP Address Version Mismatch'));
+                        return false;
+                }
+
 		$name	= Dba::escape($data['name']); 
 		$type	= self::validate_type($data['type']); 
 		$start 	= Dba::escape(inet_pton($data['start']));
@@ -132,13 +151,18 @@ class Access {
 			return false; 
 		} 
 
+		if (strlen(bin2hex($start)) != strlen(bin2hex($end))) { 
+			Error::add('start',_('IP Address Version Mismatch')); 
+			Error::add('end',_('IP Address Version Mismatch')); 
+			return false; 
+		} 
+
 		// Check existing ACL's to make sure we're not duplicating values here
 		if (self::exists($data)) { 
 			debug_event('ACL Create','Error did not create duplicate ACL entrie for ' . $data['start'] . ' - ' . $data['end'],'1'); 
 			return false; 
 		} 
 
-
 		$start 	= Dba::escape($start); 
 		$end 	= Dba::escape($end);
 		$name	= Dba::escape($data['name']);
@@ -237,7 +261,7 @@ class Access {
 		} // end if access control is turned off
 
 		// Clean incomming variables
-		$ip 	= $ip ? inet_pton($ip) : inet_pton($_SERVER['REMOTE_ADDR']); 
+		$ip 	= $ip ? Dba::escape(inet_pton($ip)) : Dba::escape(inet_pton($_SERVER['REMOTE_ADDR'])); 
 		$user 	= Dba::escape($user);
 		$key 	= Dba::escape($key);
 		$level	= Dba::escape($level);
-- 
cgit