New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: Better sanity check of hostname when adding device. #7582

Merged
merged 6 commits into from Nov 1, 2017

Conversation

Projects
None yet
4 participants
@Zmegolaz
Member

Zmegolaz commented Oct 30, 2017

Fixes a bug where you can add devices without hostname.

DO NOT DELETE THIS TEXT

Please note

Please read this information carefully. You can run ./scripts/pre-commit.php to check your code before submitting.

Testers

If you would like to test this pull request then please run: ./scripts/github-apply <pr_id>, i.e ./scripts/github-apply 5926

Zmegolaz added some commits Oct 30, 2017

@murrant

This comment has been minimized.

Show comment
Hide comment
@murrant

murrant Oct 30, 2017

Member

You forgot to check for IPs.

IP::isValid($hostname) might be handy ;)

Member

murrant commented Oct 30, 2017

You forgot to check for IPs.

IP::isValid($hostname) might be handy ;)

@Zmegolaz

This comment has been minimized.

Show comment
Hide comment
@Zmegolaz

Zmegolaz Oct 30, 2017

Member

is_valid_hostname() works for IPs too, since it allows dots and [a-z\d] mixed. Or is there a risk it will be modified to do a more strict check later on?

Member

Zmegolaz commented Oct 30, 2017

is_valid_hostname() works for IPs too, since it allows dots and [a-z\d] mixed. Or is there a risk it will be modified to do a more strict check later on?

@laf

This comment has been minimized.

Show comment
Hide comment
@laf

laf Oct 30, 2017

Member

Should we not be assigning $hostname = clean($_POST['hostname']); before all the checks then checking $hostname otherwise we may have a case where is_valid_hostname() is true before clean() is applied?

Member

laf commented Oct 30, 2017

Should we not be assigning $hostname = clean($_POST['hostname']); before all the checks then checking $hostname otherwise we may have a case where is_valid_hostname() is true before clean() is applied?

@murrant

This comment has been minimized.

Show comment
Hide comment
@murrant

murrant Oct 30, 2017

Member

@Zmegolaz Does it work for IPv6 addresses?

Member

murrant commented Oct 30, 2017

@Zmegolaz Does it work for IPv6 addresses?

@Zmegolaz

This comment has been minimized.

Show comment
Hide comment
@Zmegolaz

Zmegolaz Oct 30, 2017

Member

Very good points, both of you. I've updated it.

Member

Zmegolaz commented Oct 30, 2017

Very good points, both of you. I've updated it.

@laf

laf approved these changes Oct 30, 2017

lgtm.

Tested IPv6 address. Allows adding ok.

Show outdated Hide outdated html/pages/addhost.inc.php Outdated
Show outdated Hide outdated html/pages/addhost.inc.php Outdated

Zmegolaz and others added some commits Oct 31, 2017

@scrutinizer-notifier

This comment has been minimized.

Show comment
Hide comment
@scrutinizer-notifier

scrutinizer-notifier Nov 1, 2017

The inspection completed: No new issues

scrutinizer-notifier commented Nov 1, 2017

The inspection completed: No new issues

@murrant murrant merged commit a7f4236 into librenms:master Nov 1, 2017

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
license/cla Contributor License Agreement is signed.
Details

@Zmegolaz Zmegolaz deleted the Zmegolaz:add-empty-device branch Nov 1, 2017

murrant added a commit that referenced this pull request Nov 1, 2017

Fix: Better sanity check of hostname when adding device. (#7582)
* Better sanity check of hostname when adding device.

* Style fix.

* clean() before hostname validity check. IP::isValid to support IPv6 addresses.

* Even more checks to catch invalid input.

* Long if-else, better error message.

* Code re-arranging
@lock

This comment has been minimized.

Show comment
Hide comment
@lock

lock bot May 17, 2018

This thread has been automatically locked since there has not been any recent activity after it was closed.

lock bot commented May 17, 2018

This thread has been automatically locked since there has not been any recent activity after it was closed.

@lock lock bot locked as resolved and limited conversation to collaborators May 17, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.