Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-60335

curlsecurityblockedhosts does not recognise faß.de as valid domain

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 3.3.2
    • 3.2.6, 3.3.3
    • General
    • MOODLE_33_STABLE
    • MOODLE_32_STABLE, MOODLE_33_STABLE
    • wip-MDL-60335-master
    • Hide

      Find curlsecurityblockedhosts in the site administration and try to set it to different values including non-latin domain names such as

      • правительство.рф
      • faß.de
      • ß.ß

      Make sure the settings saves and displays back the same value.

      Show
      Find curlsecurityblockedhosts in the site administration and try to set it to different values including non-latin domain names such as правительство.рф faß.de ß.ß Make sure the settings saves and displays back the same value.

    Description

      Discovered while working on MDL-60279

      PHP 7.2 deprecated INTL_IDNA_VARIANT_2003 that we use in admin setting admin_setting_configmixedhostiplist :
      https://wiki.php.net/rfc/deprecate-and-remove-intl_idna_variant_2003

      cameron1729 and I started looking at the current implementation and Cam noticed that it should be 

      idn_to_ascii($entry, IDNA_NONTRANSITIONAL_TO_ASCII, INTL_IDNA_VARIANT_UTS46)

      because otherwise domains like faß.de would not be converted properly.

      While testing we found out that regex in line https://github.com/moodle/moodle/blob/master/lib/tests/admintree_test.php#L154 is incorrect and faß.de does not even pass validation

      So there are several problems here:
      1. correct regex in ace_encode() so it works with mixed ascii and non-ascii characters
      2. change arguments for idn_to_ascii and idn_to_unt8
      3. add unittests

      Attachments

        Issue Links

          has a non-specific relationship to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. MDL-60279 Prepare Moodle for PHP 7.2

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-60337 htmlpurifier incorrectly encodes domain names like http://teßt.de/

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Activity

            People

              marina Marina Glancy
              marina Marina Glancy
              cameron1729 cameron1729
              Jun Pataleta Jun Pataleta
              David Mudrák (@mudrd8mz) David Mudrák (@mudrd8mz)
              Adrian Greeve, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                13/Nov/17