Merge branch 'MDL-78311' of https://github.com/paulholden/moodle

safatshahin · Jan 29, 2024 · 5bbcc38 · 5bbcc38
2 parents 82e73cb + a767e0a
commit 5bbcc38
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 21 deletions.
diff --git a/lib/classes/param.php b/lib/classes/param.php
@@ -18,6 +18,7 @@
 
 use coding_exception;
 use core_text;
+use core\ip_utils;
 use invalid_parameter_exception;
 use moodle_exception;
 
@@ -992,27 +993,7 @@ protected function clean_param_value_path(mixed $param): string {
      */
     protected function clean_param_value_host(mixed $param): string {
         // Allow FQDN or IPv4 dotted quad.
-        $param = preg_replace('/[^\.\d\w-]/', '', (string)$param);
-        // Match ipv4 dotted quad.
-        if (preg_match('/(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/', $param, $match)) {
-            // Confirm values are ok.
-            if (
-                $match[0] > 255
-                || $match[1] > 255
-                || $match[3] > 255
-                || $match[4] > 255
-            ) {
-                // Hmmm, what kind of dotted quad is this?
-                $param = '';
-            }
-        } else if (
-            preg_match('/^[\w\d\.-]+$/', $param) // Dots, hyphens, numbers.
-            && !preg_match('/^[\.-]/', $param) // No leading dots/hyphens.
-            && !preg_match('/[\.-]$/', $param) // No trailing dots/hyphens.
-        ) {
-            // All is ok - $param is respected.
-        } else {
-            // All is not ok...
+        if (!ip_utils::is_domain_name($param) && !ip_utils::is_ipv4_address($param)) {
             $param = '';
         }
         return $param;

diff --git a/lib/tests/moodlelib_test.php b/lib/tests/moodlelib_test.php
@@ -581,6 +581,39 @@ public function test_clean_param_text() {
         $this->assertSame('', clean_param(null, PARAM_TEXT));
     }
 
+    /**
+     * Data provider for {@see test_clean_param_host}
+     *
+     * @return array
+     */
+    public static function clean_param_host_provider(): array {
+        return [
+            'Valid (low octets)' => ['0.0.0.0', '0.0.0.0'],
+            'Valid (high octets)' => ['255.255.255.255', '255.255.255.255'],
+            'Invalid first octet' => ['256.1.1.1', ''],
+            'Invalid second octet' => ['1.256.1.1', ''],
+            'Invalid third octet' => ['1.1.256.1', ''],
+            'Invalid fourth octet' => ['1.1.1.256', ''],
+            'Valid host' => ['moodle.org', 'moodle.org'],
+            'Invalid host' => ['.example.com', ''],
+        ];
+    }
+
+    /**
+     * Testing cleaning parameters with PARAM_HOST
+     *
+     * @param string $param
+     * @param string $expected
+     *
+     * @dataProvider clean_param_host_provider
+     *
+     * @covers \core\param
+     * @covers \clean_param
+     */
+    public function test_clean_param_host(string $param, string $expected): void {
+        $this->assertEquals($expected, clean_param($param, PARAM_HOST));
+    }
+
     /**
      * @covers \core\param
      * @covers \clean_param