Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing input validation when banning IPs #4378

Open
n-thumann opened this issue May 29, 2021 · 0 comments · May be fixed by #4379
Open

Missing input validation when banning IPs #4378

n-thumann opened this issue May 29, 2021 · 0 comments · May be fixed by #4379
Labels
b:1.9 Branch: 1.9.x p:low Priority: Low. Issue to resolve with low preference s:review-needed Status: Review Needed. Possible solution submitted t:enhancement Type: Enhancement. Contains minor improvements
Milestone
1.9.0

Comments

@n-thumann
Copy link
Contributor

When banning IP addresses or subnets in the ACP (Configuration -> Banning -> Banned IPs) there is no validation at all, if the entered address/subnet is valid at all.
One could enter 1.1.1.256, 1.1.1.1/33, ::1/129, 1.1.1.1/-1 or any other data and MyBB will happily accept it.
I've noticed that there are some users that mistakenly entered invalid subnet masks and assumed that the IP addresses have been banned, because there was no check.
@n-thumann n-thumann linked a pull request May 29, 2021 that will close this issue
Open
@Sama34 Sama34 added b:1.9 Branch: 1.9.x p:low Priority: Low. Issue to resolve with low preference s:review-needed Status: Review Needed. Possible solution submitted t:enhancement Type: Enhancement. Contains minor improvements labels Sep 21, 2021
@Sama34 Sama34 added this to the 1.9.0 milestone Sep 21, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
b:1.9 Branch: 1.9.x p:low Priority: Low. Issue to resolve with low preference s:review-needed Status: Review Needed. Possible solution submitted t:enhancement Type: Enhancement. Contains minor improvements
Projects
None yet
Milestone
1.9.0
Development

Successfully merging a pull request may close this issue.

Add validation for banned IPs n-thumann/mybb
2 participants
@Sama34 @n-thumann