From d6ffc09d5976ff78c45770b11547950e548c09cb Mon Sep 17 00:00:00 2001
From: =?utf8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?=
 <avar@users.mediawiki.org>
Date: Sat, 8 Oct 2005 20:15:36 +0000
Subject: [PATCH] * (bug 3631) Fixed a critical security issue

---
 includes/User.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/includes/User.php b/includes/User.php
index 43bc530346..7d30637d64 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -159,12 +159,19 @@ class User {
 	/**
 	 * does the string match an anonymous IPv4 address?
 	 *
+	 * Note: We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
+	 * address because the usemod software would "cloak" anonymous IP
+	 * addresses like this, if we allowed accounts like this to be created
+	 * new users could get the old edits of these anonymous users.
+	 *
+	 * @bug 3631
+	 *
 	 * @static
 	 * @param string $name Nickname of a user
 	 * @return bool
 	 */
 	function isIP( $name ) {
-		return preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/",$name);
+		return preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/",$name);
 		/*return preg_match("/^
 			(?:[01]?\d{1,2}|2(:?[0-4]\d|5[0-5]))\.
 			(?:[01]?\d{1,2}|2(:?[0-4]\d|5[0-5]))\.
-- 
2.20.1