MDL-75889 core: compare domain names in a case-insensitive manner.

As per https://www.rfc-editor.org/rfc/rfc1035#section-3.1
2025-05-12 19:25:35 +02:00 · 2022-10-04 21:28:33 +01:00 · 2022-10-04 21:28:33 +01:00 · c4c823c20e
commit c4c823c20e
parent fee1b8ce5f
3 changed files with 15 additions and 6 deletions
--- a/lib/classes/ip_utils.php
+++ b/lib/classes/ip_utils.php
@ -187,8 +187,8 @@ final class ip_utils {
    }

    /**
-     * Checks the domain name against a list of allowed domains. The list of allowed domains is may use
-     * wildcards that match {@link is_domain_matching_pattern()}.
+     * Checks the domain name against a list of allowed domains. The list of allowed domains may use wildcards
+     * that match {@see is_domain_matching_pattern()}. Domains are compared in a case-insensitive manner
     *
     * @param  string $domain Domain address
     * @param  array $alloweddomains An array of allowed domains.
@ -208,7 +208,7 @@ final class ip_utils {
                // Use of wildcard for possible subdomains.
                $escapeperiods = str_replace('.', '\.', $alloweddomain);
                $replacewildcard = str_replace('*', '.*', $escapeperiods);
-                $ultimatepattern = '/' . $replacewildcard . '$/';
+                $ultimatepattern = '/' . $replacewildcard . '$/i';
                if (preg_match($ultimatepattern, $domain)) {
                    return true;
                }
@ -217,7 +217,7 @@ final class ip_utils {
                    continue;
                }
                // Strict domain setting.
-                if ($domain === $alloweddomain) {
+                if (strcasecmp($domain, $alloweddomain) === 0) {
                    return true;
                }
            }
--- a/lib/tests/ip_utils_test.php
+++ b/lib/tests/ip_utils_test.php
@ -14,13 +14,13 @@
 // You should have received a copy of the GNU General Public License
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

-
 namespace core;

 /**
 * This tests the static helper functions contained in the class '\core\ip_utils'.
 *
 * @package    core
+ * @covers     \core\ip_utils
 * @copyright  2016 Jake Dallimore <jrhdallimore@gmail.com>
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */
@ -355,6 +355,7 @@ class ip_utils_test extends \basic_testcase {
    public function data_domain_addresses() {
        return [
            [true, 'example.com'],
+            [true, 'ExAmPle.com'],
            [false, 'sub.example.com'],
            [false, 'example.com.au'],
            [false, ' example.com'], // A space at the front of the domain is invalid.
@ -362,6 +363,8 @@ class ip_utils_test extends \basic_testcase {
            [false, 'test.example.com'],
            [false, 'moodle.com'],
            [true, 'test.moodle.com'],
+            [true, 'TeSt.moodle.com'],
+            [true, 'test.MoOdLe.com'],
            [false, 'test.moodle.com.au'],
            [true, 'nice.address.per.this.penny-arcade.com'],
            [false, 'normal.per.this.penny-arcade.com.au'],
--- a/lib/tests/moodlelib_test.php
+++ b/lib/tests/moodlelib_test.php
@ -4354,7 +4354,13 @@ EOF;
                'config' => "\r\n example.com \r\n test.com \r\n",
                'result' => true
            ],
-
+            [
+                'email' => 'fromuser@EXAMPLE.com',
+                'display' => \core_user::MAILDISPLAY_EVERYONE,
+                'samecourse' => false,
+                'config' => "example.com\r\ntest.com",
+                'result' => true,
+            ],
            // Test from email is not in allowed domain.
            // Test that from display is set to show no one.
            [   'email' => 'fromuser@moodle.com',