Merged from MOODLE_14_STABLE - clean_param() now handles PARAM_HOST (old pending merge)

2025-01-19 14:27:22 +01:00 · 2005-01-25 06:08:06 +00:00 · 2005-01-25 06:08:06 +00:00 · 371a2ed0e5
commit 371a2ed0e5
parent 3f1cdd2a31
1 changed files with 24 additions and 0 deletions
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@ -101,6 +101,7 @@ define('PARAM_FORMAT',  0x04);  // Alias for PARAM_ALPHA
 define('PARAM_NOTAGS',  0x08);
 define('PARAM_FILE',    0x10);
 define('PARAM_PATH',    0x20);
+define('PARAM_HOST',    0x40);  // FQDN or IPv4 dotted quad


 /// PARAMETER HANDLING ////////////////////////////////////////////////////
@ -214,6 +215,29 @@ function clean_param($param, $options) {
        $param = ereg_replace('//+', '/', $param);
    }

+    if ($options & PARAM_HOST) {         // allow FQDN or IPv4 dotted quad
+        preg_replace('/[^\.\d\w-]/','', $param ); // only allowed chars 
+	    // match ipv4 dotted quad
+        if (preg_match('/(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/',$param, $match)){
+            // confirm values are ok
+            if ( $match[0] > 255
+                 || $match[1] > 255
+                 || $match[3] > 255 
+                 || $match[4] > 255 ) {
+                // hmmm, what kind of dotted quad is this?
+                $param = '';
+            }
+        } elseif ( preg_match('/^[\w\d\.-]+$/', $param) // dots, hyphens, numbers
+                   && !preg_match('/^[\.-]/',  $param) // no leading dots/hyphens
+                   && !preg_match('/[\.-]$/',  $param) // no trailing dots/hyphens
+                   ) {
+            // all is ok - $param is respected
+        } else {
+            // all is not ok...
+            $param='';               
+        } 
+    }
+
    return $param;
 }