Merge branch 'feature/ipfilter' into develop

2026-01-09 03:32:00 +09:00 · 2013-12-05 10:40:11 +09:00 · 2013-12-05 10:40:11 +09:00 · 8a7e5a8794
commit 8a7e5a8794
parent 3b3f4599bf 53e81300f3
11 changed files with 165 additions and 53 deletions
--- a/classes/context/Context.class.php
+++ b/classes/context/Context.class.php
@ -215,10 +215,9 @@ class Context
 		$this->loadDBInfo();
 		if($this->db_info->use_sitelock == 'Y')
 		{
-			$whitelist = array('127.0.0.1', '::1', 'fe80::1');
-			if(is_array($this->db_info->sitelock_whitelist)) $whitelist = array_merge($whitelist, $this->db_info->sitelock_whitelist);
-
-			if(!in_array($_SERVER['REMOTE_ADDR'], $whitelist))
+			if(is_array($this->db_info->sitelock_whitelist)) $whitelist = $this->db_info->sitelock_whitelist;
+			
+			if(!IpFilter::filter($whitelist))
 			{
 				$title = ($this->db_info->sitelock_title) ? $this->db_info->sitelock_title : 'Maintenance in progress...';
 				$message = $this->db_info->sitelock_message;
@ -479,7 +478,7 @@ class Context
 			$self->set('_https_port', $db_info->https_port);

 		if(!$db_info->sitelock_whitelist) {
-			$db_info->sitelock_whitelist = '127.0.0.1,::1,fe80::1';
+			$db_info->sitelock_whitelist = '127.0.0.1';
 		}

 		if(is_string($db_info->sitelock_whitelist)) {
--- a/classes/security/IpFilter.class.php
+++ b/classes/security/IpFilter.class.php
@ -0,0 +1,92 @@
+<?php
+/* Copyright (C) NAVER <http://www.navercorp.com> */
+
+class IpFilter
+{
+	public function filter($ip_list, $ip = NULL)
+	{
+		if(!$ip) $ip = $_SERVER['REMOTE_ADDR'];
+		$long_ip = ip2long($ip);
+		foreach($ip_list as $filter_ip)
+		{	
+			$range = explode('-', $filter_ip);
+			if(!$range[1]) // single address type
+			{
+				$star_pos = strpos($filter_ip, '*');
+				if($star_pos !== FALSE ) // wild card exist 
+				{
+					if(strncmp($filter_ip, $ip, $star_pos)===0) return true;
+				}
+				else if(strcmp($filter_ip, $ip)===0)
+				{
+					return true;
+				}
+			}
+			else if(ip2long($range[0]) <= $long_ip && ip2long($range[1]) >= $long_ip)
+			{
+				return true;
+			}
+		}
+		return false;
+	}
+
+	/* public function filter2($ip_list, $ip)
+	{
+		$long_ip = ip2long($ip);
+		foreach($ip_list as $filter_ip)
+		{
+			$range = explode('-', $filter_ip);
+			if(!$range[1]) // single address type
+			{
+				$range[1] = str_replace('*', '255', $range[0]);
+				$range[0] = str_replace('*', '0', $range[0]);
+			}
+			
+			if(ip2long($range[0]) <= $long_ip && ip2long($range[1]) >= $long_ip)
+			{
+				return true;
+			}
+		}
+		
+		return false;
+	} */
+	
+	
+	public function validate($ip_list = array())
+	{
+		/* 사용가능한 표현
+			192.168.2.10 - 4자리의 정확한 ip주소
+			192.168.*.* - 와일드카드(*)가 사용된 4자리의 ip주소, a클래스에는 와일드카드 사용불가, 
+					와일드카드 이후의 아이피주소 허용(단, filter()를 쓸 경우 와일드카드 이후 주소는 무시됨 
+			192.168.1.1-192.168.1.10 - '-'로 구분된 정확한 4자리의 ip주소 2개
+		 */
+		$regex = "/^
+				(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)
+				(?:
+					(?:
+						(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}
+						(?:-(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){1}
+						(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}
+					)
+					|
+					(?:
+						(?:\.(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|\*)){3}
+					)
+				)
+			$/";
+		$regex = str_replace(array("\r\n", "\n", "\r","\t"," "), '', $regex);
+		
+		foreach($ip_list as $i => $ip)
+		{
+			preg_match($regex, $ip, $matches);
+			if(!count($matches)) return false;
+		}
+		
+		return true;
+	}
+	
+}
+
+
+/* End of file : IpFilter.class.php */
+/* Location: ./classes/security/IpFilter.class.php */