Add validation for banned IPs

[n-thumann]

Resolves #4378

This resolved the issue above by performing a check on entered IP addresses or subnets.
If the entered IP address is invalid, a error will be shown (that's the reason I've renamed one existing language string).

[lairdshaw]

Generally, although I've picked a few minor issues, this looks like a nice addition - thanks for your contribution! Just a warning: it may not be merged prior to the (imminent) release of 1.8.27, in which case its merge will have to wait until the 1.9 rebase is completed.

[dvz]

We can also validate it client-side using pattern; a proper option can be added to methods like

mybb/admin/inc/class_form.php

Line 100 in aa76916

function generate_text_box($name, $value="", $options=array())

[n-thumann]

We can also validate it client-side using pattern;

Even though that would be even more user-friendly, I'll guess that that will result in a pretty clunky and difficult to maintain RegEx, especially with support for * and subnet mask 🤔

[lairdshaw]

Even though that would be even more user-friendly, I'll guess that that will result in a pretty clunky and difficult to maintain RegEx, especially with support for * and subnet mask thinking

Yep, that was my initial reaction, although, having said that, we do already have this[1] regex, which I think might fairly be described as "clunky and difficult to maintain", even given @dvz's admirable refactoring of it from its previous[2], even clunkier and harder to maintain state as two separately clunky regexes. So...

But yes, the regex under consideration might be a lot worse.

[1]

mybb/inc/class_parser.php

Lines 1648 to 1662 in aa76916

	"~
	<a\\s[^>]*>.*?</a>| # match and return existing links
	(?<=^|[\s\(\)\[\>]) # character preceding the link
	(?P<prefix>
	(?:http|https|ftp|news|irc|ircs|irc6)://| # scheme, or
	(?:www|ftp)\. # common subdomain
	)
	(?P<link>
	(?:[^\/\"\s\<\[\.]+\.)*[\w]+ # host
	(?::[0-9]+)? # port
	(?:/(?:[^\"\s<\[&]|\[\]|&(?:amp|lt|gt);)*)? # path, query, fragment; exclude unencoded characters
	[\w\/\)]
	)
	(?![^<>]*?>) # not followed by unopened > (within HTML tags)
	~iusx",

[2]

mybb/inc/class_parser.php

Lines 1524 to 1525 in ee2c6a3

	$message = preg_replace_callback("#<a\\s[^>]*>.*?</a>|([\s\(\)\[\>])(http|https|ftp|news|irc|ircs|irc6){1}://([^\/\"\s\<\[\.]+\.([^\/\"\s\<\[\.]+\.)*[\w]+(:[0-9]+)?(/([^\"\s<\[]|\[\])*)?([\w\/\)]))#iu", array($this, 'mycode_auto_url_callback'), $message);
	$message = preg_replace_callback("#<a\\s[^>]*>.*?</a>|([\s\(\)\[\>])(www|ftp)\.(([^\/\"\s\<\[\.]+\.)*[\w]+(:[0-9]+)?(/([^\"\s<\[]|\[\])*)?([\w\/\)]))#iu", array($this, 'mycode_auto_url_callback'), $message);

[lairdshaw]

By the way, @n-thumann, although I'm not an expert on Git etiquette, my understanding is that it's in general not a good idea to force-push changes to public repositories (including when they are the source of pull requests); better is to add the changes in a new commit. I hope that this comment doesn't come across as overly rude.

[n-thumann]

By the way, @n-thumann, although I'm not an expert on Git etiquette, my understanding is that it's in general not a good idea to force-push changes to public repositories (including when they are the source of pull requests); better is to add the changes in a new commit. I hope that this comment doesn't come across as overly rude.

Don't worry, it didn't :) I am used to fixup additional commits for a PR to keep the history clean, so that's always ready to merge without additional squashing needed by the maintainers, but I'll keep that in mind for future commits here.