Missing input validation when banning IPs #4378
Labels
b:1.9
Branch: 1.9.x
p:low
Priority: Low. Issue to resolve with low preference
s:review-needed
Status: Review Needed. Possible solution submitted
t:enhancement
Type: Enhancement. Contains minor improvements
Milestone
When banning IP addresses or subnets in the ACP (Configuration -> Banning -> Banned IPs) there is no validation at all, if the entered address/subnet is valid at all.
One could enter
1.1.1.256
,1.1.1.1/33
,::1/129
,1.1.1.1/-1
or any other data and MyBB will happily accept it.I've noticed that there are some users that mistakenly entered invalid subnet masks and assumed that the IP addresses have been banned, because there was no check.
The text was updated successfully, but these errors were encountered: