Custom client IP not validated

chillax · February 24, 2020, 4:10am

Please follow the below template, it will help us to help you!

Please ensure that you are running the latest version of the beta code.
Run pihole -up to update to the latest, then verify that the problem still exists before reporting it.

Problem with Beta 5.0:
No IP validation when adding custom client IP

Debug Token:
None

Am i tripping or was there no validation before in

Group management --> Clients?

I looked all over github looking if this is something that maybe was temporalily
removed, but i can't seem to find any mention of this.

I'm confused because i know i've seen some validIP functions in some .php file somewhere before, and sure enough there is

in /var/www/html/admin/scripts/pi-hole/php/savesettings.php
line 14 validIP function

I can see how someone (i did, shhh... ) insert localhost or any hostname to custom ip and not even realise that it's not working.

I swear it's used to be validated...??

DL6ER · February 24, 2020, 8:37am

No, I haven't gotten around adding validation here, this is on my Todo and, hopefully, I can get around it next week. I can assure you. it was never there.

It is not high priority as FTL is robust enough to just ignore anything that is not an IP address. Similarly to how you can throw any invalid domains or regex filters at it. Even containing UTF-8 characters or whatnot. It will just ignore incorrect user input.

chillax · February 24, 2020, 1:57pm

I must have thought about some other validation then and mix things up in my head, my bad.

I get it, keep up the great work!

DL6ER · March 14, 2020, 1:32pm

I managed to catch up on this today. For this task, I had to come up with some quite complex regular expressions, any testing would be highly appreciated!

Check it out using:

pihole checkout web tweak/client_address_validation

Verify my regex here:

IPv4 with optional CIDR: RegExr: Learn, Build, & Test RegEx
IPv6 with optional CIDR: RegExr: Learn, Build, & Test RegEx

chillax · March 14, 2020, 10:03pm

DL6ER:

I managed to catch up on this today. For this task, I had to come up with some quite complex regular expressions, any testing would be highly appreciated!

Check it out using:
pihole checkout web tweak/client_address_validation

Nice!
Did some testing, ipv4 works well, but ipv6 can see some improvements, right now it accepts

1234:1234:1234:1234::1234:1234:1234:1234:1234:1234
if there is a :: it does not check the counts of elements.

DL6ER · March 15, 2020, 6:41pm

Thanks for testing, I kind of have foreseen this, however, the complexity of the regex would rougly five-fold if I would include this. It should be safe to accept this (even if it will never happen). FTL will simply reject the address so no harm will be caused. The validator already got way beyond the point of what would have been needed

chillax · March 15, 2020, 9:06pm

True, in any case, if people open up issues related to this then it can be implemented using php.
For me, as long as it prevents me from entering localhost im happy.

DL6ER · March 15, 2020, 9:39pm

github.com/pi-hole/AdminLTE

Add IPv4/IPv6 address validation to clients management page

pi-hole:release/v5.0 ← pi-hole:tweak/client_address_validation

opened 01:36PM - 14 Mar 20 UTC

DL6ER

+63 -2

**By submitting this pull request, I confirm the following:** - [X] I have r…ead and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md), as well as this entire template. - [X] I have made only one major change in my proposed changes. - [X] I have commented my proposed changes within the code. - [X] I have tested my proposed changes, and have included unit tests where possible. - [X] I am willing to help maintain this change if there are issues with it later. - [X] I give this submission freely and claim no ownership. - [X] It is compatible with the [EUPL 1.2 license](https://opensource.org/licenses/EUPL-1.1) - [X] I have squashed any insignificant commits. ([`git rebase`](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)) --- **What does this PR aim to accomplish?:** Add address with optional CIDR validation to client management page **How does this PR accomplish the above?:** I came up with some regular expressions for this, check out: - IPv4 with optional CIDR: https://regexr.com/50csh - IPv6 with optional CIDR: https://regexr.com/50csn **What documentation changes (if any) are needed to support this PR?:** None

DL6ER · March 31, 2020, 4:41pm

This PR has been merged, please go back onto release/v5.0 if you have tried this branch.