fix: Bug: Ip-dst attribute should not be able to include a "/", fixes #2138

2017-04-19 11:11:10 +02:00 · 2017-04-19 11:11:10 +02:00 · 66eb200f32
parent a6f13540bb
commit 66eb200f32
1 changed files with 12 additions and 16 deletions
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@ -779,24 +779,20 @@ class Attribute extends AppModel {
 				break;
 			case 'ip-src':
 			case 'ip-dst':
-				$parts = explode("/", $value);
-				// [0] = the IP
-				// [1] = the network address
-				if (count($parts) <= 2 ) {
-					// IPv4 and IPv6 matching
-					if (filter_var($parts[0], FILTER_VALIDATE_IP)) {
-						// IP is validated, now check if we have a valid network mask
-						if (empty($parts[1])) {
-							$returnValue = true;
-						} else {
-							if (is_numeric($parts[1]) && $parts[1] < 129) {
-								$returnValue = true;
-							}
-						}
+				$returnValue = true;
+				if (strpos($value, '/') !== false) {
+					$parts = explode("/", $value);
+					// [0] = the IP
+					// [1] = the network address
+					if (count($parts) != 2 || (!is_numeric($parts[1]) || !($parts[1] < 129 && $parts[1] > 0))) {
+							$returnValue = 'Invalid CIDR notation value found.';
 					}
+					$ip = $parts[0];
+				} else {
+					$ip = $value;
 				}
-				if (!$returnValue) {
-					$returnValue = 'IP address has an invalid format. Please double check the value or select type "other".';
+				if (!filter_var($ip, FILTER_VALIDATE_IP)) {
+					$returnValue = 'IP address has an invalid format.';
 				}
 				break;
 			case 'port':