Error202
/
yii2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Fixes #16335: Fixed in `yii\filters\AccessRule::matchIP()` user IP validation with netmask in rule

tags/2.0.17
Artem Pakhomov 6 years ago committed by Alexander Makarov
parent
55418776d4
commit
a3b6d227ba
3 changed files with 47 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      framework/CHANGELOG.md
  2. 5
      framework/filters/AccessRule.php
  3. 41
      tests/framework/filters/AccessRuleTest.php

1
framework/CHANGELOG.md
Unescape View File

@ -4,6 +4,7 @@ Yii Framework 2 Change Log
2.0.17 under development 2.0.17 under development
------------------------ ------------------------
- Bug #16335: Fixed in `yii\filters\AccessRule::matchIP()` user IP validation with netmask in rule (omentes)
- Bug #9438, #13740, #15037: Handle DB session callback custom fields before session closed (lubosdz) - Bug #9438, #13740, #15037: Handle DB session callback custom fields before session closed (lubosdz)
- Bug #16681: `ActiveField::inputOptions` were not used during some widgets rendering (GHopperMSK) - Bug #16681: `ActiveField::inputOptions` were not used during some widgets rendering (GHopperMSK)
- Bug #17133: Fixed aliases rendering during help generation for a console command (GHopperMSK) - Bug #17133: Fixed aliases rendering during help generation for a console command (GHopperMSK)

5
framework/filters/AccessRule.php
Unescape View File

@ -12,6 +12,7 @@ use yii\base\Action;
use yii\base\Component; use yii\base\Component;
use yii\base\Controller; use yii\base\Controller;
use yii\base\InvalidConfigException; use yii\base\InvalidConfigException;
use yii\helpers\IpHelper;
use yii\helpers\StringHelper; use yii\helpers\StringHelper;
use yii\web\Request; use yii\web\Request;
use yii\web\User; use yii\web\User;
@ -266,6 +267,10 @@ class AccessRule extends Component
$ip !== null && $ip !== null &&
($pos = strpos($rule, '*')) !== false && ($pos = strpos($rule, '*')) !== false &&
strncmp($ip, $rule, $pos) === 0 strncmp($ip, $rule, $pos) === 0
) ||
(
($pos = strpos($rule, '/')) !== false &&
IpHelper::inRange($ip, $rule) === true
) )
) { ) {
return true; return true;

41
tests/framework/filters/AccessRuleTest.php
Unescape View File

@ -524,4 +524,45 @@ class AccessRuleTest extends \yiiunit\TestCase
$rule->allow = false; $rule->allow = false;
$this->assertNull($rule->allows($action, $user, $request)); $this->assertNull($rule->allows($action, $user, $request));
} }
public function testMatchIPMask()
{
$action = $this->mockAction();
$user = false;
$request = $this->mockRequest();
$rule = new AccessRule();
// no match
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$rule->ips = ['127.0.0.32/27'];
$rule->allow = true;
$this->assertNull($rule->allows($action, $user, $request));
$rule->allow = false;
$this->assertNull($rule->allows($action, $user, $request));
// match
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$rule->ips = ['127.0.0.1/27'];
$rule->allow = true;
$this->assertTrue($rule->allows($action, $user, $request));
$rule->allow = false;
$this->assertFalse($rule->allows($action, $user, $request));
// match, IPv6
$_SERVER['REMOTE_ADDR'] = '2a01:4f8:120:7202::2';
$rule->ips = ['2a01:4f8:120:7202::2/127'];
$rule->allow = true;
$this->assertTrue($rule->allows($action, $user, $request));
$rule->allow = false;
$this->assertFalse($rule->allows($action, $user, $request));
// no match, IPv6
$_SERVER['REMOTE_ADDR'] = '2a01:4f8:120:7202::ffff';
$rule->ips = ['2a01:4f8:120:7202::2/123'];
$rule->allow = true;
$this->assertNull($rule->allows($action, $user, $request));
$rule->allow = false;
$this->assertNull($rule->allows($action, $user, $request));
}
} }

Write Preview
Loading…
Cancel
Save