From 7a603596c5a43b4df30fafb29beaff661649361a Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Wed, 28 Dec 2016 20:13:15 +0100 Subject: [PATCH] validate ip address on installation --- install/lib/class.FroxlorInstall.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/install/lib/class.FroxlorInstall.php b/install/lib/class.FroxlorInstall.php index 792e8202..37acfc7c 100644 --- a/install/lib/class.FroxlorInstall.php +++ b/install/lib/class.FroxlorInstall.php @@ -177,10 +177,14 @@ class FroxlorInstall } // check system-hostname to be a FQDN - if ($this->_validate_ip($this->_data['servername'], true) !== false) { + if ($this->_validate_ip($this->_data['servername']) !== false) { $this->_data['servername'] = ''; } + if (empty($this->_data['serverip'] || $this->_validate_ip($this->_data['serverip']) == false)) { + return false; + } + if (isset($_POST['installstep']) && $_POST['installstep'] == '1' && $this->_data['admin_pass1'] == $this->_data['admin_pass2'] && $this->_data['admin_pass1'] != '' && $this->_data['admin_pass2'] != '' && $this->_data['mysql_unpriv_pass'] != '' && $this->_data['mysql_root_pass'] != '' && $this->_data['servername'] != '' && $this->_data['serverip'] != '' && $this->_data['httpuser'] != '' && $this->_data['httpgroup'] != '' && $this->_data['mysql_unpriv_user'] != $this->_data['mysql_root_user']) { return true; } @@ -781,7 +785,7 @@ class FroxlorInstall } $formdata .= $this->_getSectionItemString('servername', true, $style); // serverip - if (! empty($_POST['installstep']) && $this->_data['serverip'] == '') { + if (! empty($_POST['installstep']) && ($this->_data['serverip'] == '' || $this->_validate_ip($this->_data['serverip']) == false)) { $style = 'color:red;'; } else { $style = '';