From b79cc545ec020f7dd4bd83dcd06af3cf2b1fcaff Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 28 Aug 2012 05:20:20 -0400
Subject: [PATCH] Improvements/fixes for Larry skin

---
 program/include/rcube_utils.php |   56 +++++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 files changed, 51 insertions(+), 5 deletions(-)

diff --git a/program/include/rcube_utils.php b/program/include/rcube_utils.php
index 9f18b79..23bf556 100644
--- a/program/include/rcube_utils.php
+++ b/program/include/rcube_utils.php
@@ -92,9 +92,9 @@
             return false;
         }
 
-        // Check domain part
-        if (preg_match('/^\[*(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}\]*$/', $domain_part)) {
-            return true; // IP address
+        // Validate domain part
+        if (preg_match('/^\[((IPv6:[0-9a-f:.]+)|([0-9.]+))\]$/i', $domain_part, $matches)) {
+            return self::check_ip(preg_replace('/^IPv6:/i', '', $matches[1])); // valid IPv4 or IPv6 address
         }
         else {
             // If not an IP address
@@ -146,6 +146,52 @@
         return false;
     }
 
+
+    /**
+     * Validates IPv4 or IPv6 address
+     *
+     * @param string $ip IP address in v4 or v6 format
+     *
+     * @return bool True if the address is valid
+     */
+    public static function check_ip($ip)
+    {
+        // IPv6, but there's no build-in IPv6 support
+        if (strpos($ip, ':') !== false && !defined('AF_INET6')) {
+            $parts = explode(':', $domain_part);
+            $count = count($parts);
+
+            if ($count > 8 || $count < 2) {
+                return false;
+            }
+
+            foreach ($parts as $idx => $part) {
+                $length = strlen($part);
+                if (!$length) {
+                    // there can be only one ::
+                    if ($found_empty) {
+                        return false;
+                    }
+                    $found_empty = true;
+                }
+                // last part can be an IPv4 address
+                else if ($idx == $count - 1) {
+                    if (!preg_match('/^[0-9a-f]{1,4}$/i', $part)) {
+                        return @inet_pton($part) !== false;
+                    }
+                }
+                else if (!preg_match('/^[0-9a-f]{1,4}$/i', $part)) {
+                    return false;
+                }
+            }
+
+            return true;
+        }
+
+        return @inet_pton($ip) !== false;
+    }
+
+
     /**
      * Check whether the HTTP referer matches the current request
      *
@@ -154,8 +200,8 @@
     public static function check_referer()
     {
         $uri = parse_url($_SERVER['REQUEST_URI']);
-        $referer = parse_url(rcube_request_header('Referer'));
-        return $referer['host'] == rcube_request_header('Host') && $referer['path'] == $uri['path'];
+        $referer = parse_url(self::request_header('Referer'));
+        return $referer['host'] == self::request_header('Host') && $referer['path'] == $uri['path'];
     }
 
 

--
Gitblit v1.9.1