Protect IPs in public moderation logs.

As reported, IPv6 addresses were not properly hidden in the public facing moderation logs. This commit filters both IPv4 and IPv6 addresses. We broke out into a separate function so that it can be tested with the test suite. A rudimentary test has been added to test the newly added protect_ip($entry) function.
2021-01-17 13:03:17 -05:00 · 2021-01-17 13:03:17 -05:00 · 6d43a7f62b
parent 01dfb1850a
commit 6d43a7f62b
2 changed files with 626 additions and 588 deletions
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
--- a/tests/ProtectIPTest.php
+++ b/tests/ProtectIPTest.php
@ -0,0 +1,32 @@
+<?php
+use PHPUnit\Framework\TestCase;
+
+ob_start();
+define('TINYBOARD', true);
+require_once "inc/mod/pages.php";
+ob_end_clean();
+
+// This is probably best done with property testing library, but let's
+// wait add another dependency
+
+final class ProtectIPTest extends TestCase
+{
+    public function testProtectsIpv4Address(){
+        $expected = 'Some ban message: xxxx';
+
+        // Random IP, hope it's not yours
+        $input = 'Some ban message: <a href="?/IP/33.57.252.246">33.57.252.246</a>';
+        $output = protect_ip($input);
+        $this->assertEquals($output, $expected);
+    }
+
+    public function testProtectsIpv6Address(){
+        $expected = 'Some ban message: xxxx';
+
+        // Random IP, hope it's not yours
+        $input = 'Some ban message: <a href="?/IP/5e85:f252:9baf:2131:8984:6ab2:3db0:fa48">5e85:f252:9baf:2131:8984:6ab2:3db0:fa48</a>';
+        $output = protect_ip($input);
+
+        $this->assertEquals($output, $expected);
+    }
+}