From: Ævar Arnfjörð Bjarmason <avar@users.mediawiki.org>
Date: Sat, 8 Oct 2005 20:15:36 +0000 (+0000)
Subject: * (bug 3631) Fixed a critical security issue
X-Git-Tag: 1.6.0~1501
X-Git-Url: http://git.cyclocoop.org/%22.%24h.%22?a=commitdiff_plain;h=d6ffc09d5976ff78c45770b11547950e548c09cb;p=lhc%2Fweb%2Fwiklou.git

* (bug 3631) Fixed a critical security issue
---

diff --git a/includes/User.php b/includes/User.php
index 43bc530346..7d30637d64 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -159,12 +159,19 @@ class User {
 	/**
 	 * does the string match an anonymous IPv4 address?
 	 *
+	 * Note: We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
+	 * address because the usemod software would "cloak" anonymous IP
+	 * addresses like this, if we allowed accounts like this to be created
+	 * new users could get the old edits of these anonymous users.
+	 *
+	 * @bug 3631
+	 *
 	 * @static
 	 * @param string $name Nickname of a user
 	 * @return bool
 	 */
 	function isIP( $name ) {
-		return preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/",$name);
+		return preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/",$name);
 		/*return preg_match("/^
 			(?:[01]?\d{1,2}|2(:?[0-4]\d|5[0-5]))\.
 			(?:[01]?\d{1,2}|2(:?[0-4]\d|5[0-5]))\.