Support » Plugin: User Access Manager » Suggest to fix checkUserIp

  • Resolved Takanashi

    (@takanashi-motoharu)



    I am using ver.1.2.5.0 and I found bug in function checkUserIp, so I suggest the following fix.

    UamAccessHandler.class.php – 668

    if ($aRangeBegin[0] <= $aCurIp[0]  && $aCurIp[0] <= $aRangeEnd[0]
        && $aRangeBegin[1] <= $aCurIp[1] && $aCurIp[1] <= $aRangeEnd[1]
        && $aRangeBegin[2] <= $aCurIp[2] && $aCurIp[2] <= $aRangeEnd[2]
        && $aRangeBegin[3] <= $aCurIp[3] && $aCurIp[3] <= $aRangeEnd[3]

    would have to change to

    if (($aRangeBegin[0] << 24) + ($aRangeBegin[1] << 16) + ($aRangeBegin[2] << 8) + $aRangeBegin[3]
        <= ($aCurIp[0]    << 24) + ($aCurIp[1]     << 16) + ($aCurIp[2]      << 8) + $aCurIp[3]
        && ($aCurIp[0]    << 24) + ($aCurIp[1]     << 16) + ($aCurIp[2]      << 8) + $aCurIp[3]
        <= ($aRangeEnd[0] << 24) + ($aRangeEnd[1]  << 16) + ($aRangeEnd[2]   << 8) + $aRangeEnd[3]

    for in case like

    IP range: 1.1.1.0-1.1.1.127;1.1.1.129-1.1.2.255
    Users IP: 1.1.2.1

    https://wordpress.org/plugins/user-access-manager/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author GM_Alex

    (@gm_alex)

    How I’m able to reproduce this bug?

    Takanashi

    (@takanashi-motoharu)

    Thanks for your response.

    This bug reproduce in case of User group – IP range: “a.b.c0.1-a.b.c1.d” for deny a IP: a.b.c1.D (c0 < c1, d < D).
    This option is expected to allow a IP: a.b.c0.D, but in fact this effect to deny it.

    e.g.: If your IP address: 192.168.1.2 and User group – IP range: “192.168.1.1-192.168.2.1;192.168.2.3-192.168.2.255” then you will encounter the bug.

    please consider.

    Takanashi

    (@takanashi-motoharu)

    Thank you for fix.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Suggest to fix checkUserIp’ is closed to new replies.