function test_sanitizeIp()
{
$tests = array('127.0.0.1' => '127.0.0.1', '::1' => '::1', '::ffff:127.0.0.1' => '::ffff:127.0.0.1', '2001:5c0:1000:b::90f8' => '2001:5c0:1000:b::90f8', '[::1]' => '::1', '[2001:5c0:1000:b::90f8]' => '2001:5c0:1000:b::90f8', '[::ffff:127.0.0.1]' => '::ffff:127.0.0.1', '192.168.1.1/32' => '192.168.1.1', '::1/128' => '::1', '::ffff:127.0.0.1/128' => '::ffff:127.0.0.1', '2001:5c0:1000:b::90f8/128' => '2001:5c0:1000:b::90f8', '192.168.1.2:80' => '192.168.1.2', '[::1]:80' => '::1', '[::ffff:127.0.0.1]:80' => '::ffff:127.0.0.1', '[2001:5c0:1000:b::90f8]:80' => '2001:5c0:1000:b::90f8', 'localhost' => 'localhost', 'localhost:80' => 'localhost', 'www.example.com' => 'www.example.com', 'example.com:80' => 'example.com');
foreach ($tests as $ip => $expected) {
$this->assertEqual(Piwik_IP::sanitizeIp($ip), $expected, "{$ip}");
}
}
/**
* Is the URL on the same host?
*
* @param string $url
* @return bool True if local; false otherwise.
*/
public static function isLocalUrl($url)
{
if (empty($url)) {
return true;
}
// handle host name mangling
$requestUri = isset($_SERVER['SCRIPT_URI']) ? $_SERVER['SCRIPT_URI'] : '';
$parseRequest = @parse_url($requestUri);
$hosts = array(self::getHost(), self::getCurrentHost());
if (isset($parseRequest['host'])) {
$hosts[] = $parseRequest['host'];
}
// drop port numbers from hostnames and IP addresses
$hosts = array_map(array('Piwik_IP', 'sanitizeIp'), $hosts);
// compare scheme and host
$parsedUrl = @parse_url($url);
$scheme = $parsedUrl['scheme'];
$host = Piwik_IP::sanitizeIp($parsedUrl['host']);
return in_array($scheme, array('http', 'https')) && in_array($host, $hosts);
}
/**
* @dataProvider getIPData
* @group Core
* @group IP
*/
public function testSanitizeIp($ip, $expected)
{
$this->assertEquals($expected, Piwik_IP::sanitizeIp($ip));
}
/**
* Is the URL on the same host?
*
* @param string $url
* @return bool True if local; false otherwise.
*/
public static function isLocalUrl($url)
{
if (empty($url)) {
return true;
}
// handle host name mangling
$requestUri = isset($_SERVER['SCRIPT_URI']) ? $_SERVER['SCRIPT_URI'] : '';
$parseRequest = @parse_url($requestUri);
$hosts = array(self::getHost(), self::getCurrentHost());
if (!empty($parseRequest['host'])) {
$hosts[] = $parseRequest['host'];
}
// drop port numbers from hostnames and IP addresses
$hosts = array_map(array('Piwik_IP', 'sanitizeIp'), $hosts);
$disableHostCheck = Piwik_Config::getInstance()->General['enable_trusted_host_check'] == 0;
// compare scheme and host
$parsedUrl = @parse_url($url);
$host = Piwik_IP::sanitizeIp(@$parsedUrl['host']);
return !empty($host) && ($disableHostCheck || in_array($host, $hosts)) && !empty($parsedUrl['scheme']) && in_array($parsedUrl['scheme'], array('http', 'https'));
}