allow CIDR values in AXFR setting, fixes #1672

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
2016-11-15 08:03:34 +01:00
parent 7e4164da26
commit 432645431c
4 changed files with 28 additions and 12 deletions
--- a/lib/functions/formfields/string/function.validateFormFieldString.php
+++ b/lib/functions/formfields/string/function.validateFormFieldString.php
@@ -122,7 +122,7 @@ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue)
                        $newfieldvalue = '';
                        $returnvalue = 'stringmustntbeempty';
                    } else {
-                        $newfieldvalue = validate_ip2($newfieldvalue, true, true, true);
+                        $newfieldvalue = validate_ip2($newfieldvalue, true, 'invalidip', true, true, true);
                        $returnvalue = ($newfieldvalue !== false ? true : 'invalidip');
                    }
                }
--- a/lib/functions/validate/function.validate_ip.php
+++ b/lib/functions/validate/function.validate_ip.php
@@ -49,23 +49,43 @@ function validate_ip($ip, $return_bool = false, $lng = 'invalidip') {
 * @param string $lng index for error-message (if $return_bool is false)
 * @param bool $allow_localhost whether to allow 127.0.0.1
 * @param bool $allow_priv whether to allow private network addresses
+ * @param bool $allow_cidr whether to allow CIDR values e.g. 10.10.10.10/16
 *
 * @return string|bool ip address on success, false on failure
 */
-function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false) {
+function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false, $allow_cidr = false) {

-    $filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
+	$cidr = "";
+	if ($allow_cidr) {
+		$org_ip = $ip;
+		$ip_cidr = explode("/", $ip);
+		if (count($ip_cidr) == 2) {
+			$ip = $ip_cidr[0];
+			$cidr = "/".$ip_cidr[1];
+		} else {
+			$ip = $org_ip;
+		}
+	} elseif (strpos($ip, "/") !== false) {
+		if ($return_bool) {
+			return false;
+		} else {
+			standard_error($lng, $ip);
+			exit();
+		}
+	}
+
+	$filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);

 	if ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)
 			|| filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
 			&& filter_var($ip, FILTER_VALIDATE_IP, $filter_lan)
 	) {
-		return $ip;
+		return $ip.$cidr;
 	}

 	// special case where localhost ip is allowed (mysql-access-hosts for example)
 	if ($allow_localhost && $ip == '127.0.0.1') {
-		return $ip;
+		return $ip.$cidr;
 	}

 	if ($return_bool) {
--- a/scripts/jobs/cron_tasks.inc.dns.10.bind.php
+++ b/scripts/jobs/cron_tasks.inc.dns.10.bind.php
@@ -129,9 +129,7 @@ class bind extends DnsBase
 			// AXFR server #100
 			if (count($this->_axfr) > 0) {
 				foreach ($this->_axfr as $axfrserver) {
-					if (validate_ip($axfrserver, true) !== false) {
-						$bindconf_file .= '		' . $axfrserver . ';' . "\n";
-					}
+					$bindconf_file .= '		' . $axfrserver . ';' . "\n";
 				}
 			}
 			// close allow-transfer
--- a/scripts/jobs/cron_tasks.inc.dns.20.pdns.php
+++ b/scripts/jobs/cron_tasks.inc.dns.20.pdns.php
@@ -194,10 +194,8 @@ class pdns extends DnsBase
 			// AXFR server #100
 			if (count($this->_axfr) > 0) {
 				foreach ($this->_axfr as $axfrserver) {
-					if (validate_ip($axfrserver, true) !== false) {
-						$ins_data['value'] = $axfrserver;
-						$ins_stmt->execute($ins_data);
-					}
+					$ins_data['value'] = $axfrserver;
+					$ins_stmt->execute($ins_data);
 				}
 			}
 		}