#4104 - Possible to crash site by banning an invalid IP address

By Chris Graham
Added 7th Feb 2020, 11:04 AM
1 view

Identifier	#4104
Issue type	Major issue (breaks an entire feature)
Title	Possible to crash site by banning an invalid IP address
Status	Completed
Handling member	Chris Graham
Version	10.0.30
Addon	General / Uncategorised
Description	The IP banning module does try to detect IP addresses are valid before banning them. Banning an invalid IP address is catastrophic on Apache because the ban is written into the .htaccess, and Apache will show a 500 error for any invalid IP address in there. Unfortunately simply putting 2 IP addresses together in sequence passes the Composr 'validity' test. Do full IP address validation. Also trim the ban reasons to keep things tidy.
Steps to reproduce
Funded?	No
Commits	Fixed MANTIS-4104 (Possible to crash site by banning an invalid IP address) (12eddedc) · Commits · Composr ecosystem / Composr · GitLab

The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".

Rating

Unrated

Comments

There have been no comments yet

Statistics

Users online: Details	PDStig , 285 guests Usergroups: Core Developer
Forum statistics:	6K topics, 20K posts, 1K members Our newest member is Dorin Costin Maximuss Birthdays: rwill76 Jonsina99 omarfaruk007acri WhiteWoodsDecor viviaanzoe ludopeindia Urprinters emproncs