ÿØÿà JFIF    ÿÛ „  ( %"1!%)+...383,7(-.+  -+++--++++---+-+-----+---------------+---+-++7-----ÿÀ  ß â" ÿÄ     ÿÄ H    !1AQaq"‘¡2B±ÁÑð#R“Ò Tbr‚²á3csƒ’ÂñDS¢³$CÿÄ   ÿÄ %  !1AQa"23‘ÿÚ   ? ôÿ ¨pŸªáÿ —åYõõ\?àÒü©ŠÄï¨pŸªáÿ —åYõõ\?àÓü©ŠÄá 0Ÿªáÿ Ÿå[úƒ ú®ði~TÁbqÐ8OÕpÿ ƒOò¤Oè`–RÂáœá™êi€ßÉ< FtŸI“öÌ8úDf´°å}“¾œ6  öFá°y¥jñÇh†ˆ¢ã/ÃÐ:ªcÈ "Y¡ðÑl>ÿ ”ÏËte:qž\oäŠe÷󲍷˜HT4&ÿ ÓÐü6ö®¿øþßèô Ÿ•7Ñi’•j|“ñì>b…þS?*Óôÿ ÓÐü*h¥£ír¶ü UãSç‚Ÿ[AÐaè[ûª•õ&õj?†Éö+EzP—WeÒírJFt ‘BŒ†Ï‡%#tE Øz ¥OÛ«!1›üä±Í™%ºÍãö]°î(–:@<‹ŒÊö×òÆt¦ãº+‡¦%ÌÁ²h´OƒJŒtMÜ>ÀÜÊw3Y´•牋4ǍýʏTì>œú=Íwhyë,¾Ôò×õ¿ßÊa»«þˆѪQ|%6ž™A õ%:øj<>É—ÿ Å_ˆCbõ¥š±ý¯Ýƒï…¶|RëócÍf溪“t.СøTÿ *Ä¿-{†çàczůŽ_–^XþŒ±miB[X±d 1,é”zEù»& î9gœf™9Ð'.;—™i}!ôšåîqêÛ٤ёý£½ÆA–àôe"A$˝Úsäÿ ÷Û #°xŸëí(l »ý3—¥5m! rt`†0~'j2(]S¦¦kv,ÚÇ l¦øJA£Šƒ J3E8ÙiŽ:cÉžúeZ°€¯\®kÖ(79«Ž:¯X”¾³Š&¡* ….‰Ž(ÜíŸ2¥ª‡×Hi²TF¤ò[¨íÈRëÉ䢍mgÑ.Ÿ<öäS0í„ǹÁU´f#Vß;Õ–…P@3ío<ä-±»Ž.L|kªÀê›fÂ6@»eu‚|ÓaÞÆŸ…¨ááå>åŠ?cKü6ùTÍÆ”†sĤÚ;H2RÚ†õ\Ö·Ÿn'¾ ñ#ºI¤Å´%çÁ­‚â7›‹qT3Iï¨ÖÚ5I7Ë!ÅOóŸ¶øÝñØôת¦$Tcö‘[«Ö³šÒ';Aþ ¸èíg A2Z"i¸vdÄ÷.iõ®§)¿]¤À†–‡É&ä{V¶iŽ”.Ó×Õÿ û?h¬Mt–íª[ÿ Ñÿ ÌV(í}=ibÔ¡›¥¢±b Lô¥‡piη_Z<‡z§èŒ)iÖwiÇ 2hÙ3·=’d÷8éŽ1¦¸c¤µ€7›7Ø ð\á)} ¹fËí›pAÃL%âc2 í§æQz¿;T8sæ°qø)QFMð‰XŒÂ±N¢aF¨…8¯!U  Z©RÊ ÖPVÄÀÍin™Ì-GˆªÅËŠ›•zË}º±ŽÍFò¹}Uw×#ä5B¤{î}Ð<ÙD é©¤&‡ïDbàÁôMÁ.. /** * Contains a simple class providing some useful internet protocol-related functions. * * @package core * @copyright 2016 Jake Dallimore * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later * @author Jake Dallimore */ namespace core; defined('MOODLE_INTERNAL') || exit(); /** * Static helper class providing some useful internet-protocol-related functions. * * @package core * @copyright 2016 Jake Dallimore * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later * @author Jake Dallimore */ final class ip_utils { /** * Syntax checking for domain names, including fully qualified domain names. * * This function does not verify the existence of the domain name. It only verifies syntactic correctness. * This is based on RFC1034/1035 and does not provide support for validation of internationalised domain names (IDNs). * All IDNs must be prior-converted to their ascii-compatible encoding before being passed to this function. * * @param string $domainname the input string to check. * @return bool true if the string has valid syntax, false otherwise. */ public static function is_domain_name($domainname) { if (!is_string($domainname)) { return false; } // Usually the trailing dot (null label) is omitted, but is valid if supplied. We'll just remove it and validate as normal. $domainname = rtrim($domainname, '.'); // The entire name cannot exceed 253 ascii characters (255 octets, less the leading label-length byte and null label byte). if (strlen($domainname) > 253) { return false; } // Tertiary domain labels can have 63 octets max, and must not have begin or end with a hyphen. // The TLD label cannot begin with a number, but otherwise, is only loosely restricted here (TLD list is not checked). $domaintertiary = '([a-zA-Z0-9](([a-zA-Z0-9-]{0,61})[a-zA-Z0-9])?\.)*'; $domaintoplevel = '([a-zA-Z](([a-zA-Z0-9-]*)[a-zA-Z0-9])?)'; $address = '(' . $domaintertiary . $domaintoplevel . ')'; $regexp = '#^' . $address . '$#i'; // Case insensitive matching. return preg_match($regexp, $domainname, $match) == true; // False for error, 0 for no match - we treat the same. } /** * Checks whether the input string is a valid wildcard domain matching pattern. * * A domain matching pattern is essentially a domain name with a single, leading wildcard (*) label, and at least one other * label. The wildcard label is considered to match at least one label at or above (to the left of) its position in the string, * but will not match the trailing domain (everything to its right). * * The string must be dot-separated, and the whole pattern must follow the domain name syntax rules defined in RFC1034/1035. * Namely, the character type (ascii), total-length (253) and label-length (63) restrictions. This function only confirms * syntactic correctness. It does not check for the existence of the domain/subdomains. * * For example, the string '*.example.com' is a pattern deemed to match any direct subdomain of * example.com (such as test.example.com), any higher level subdomains (e.g. another.test.example.com) but will not match * the 'example.com' domain itself. * * @param string $pattern the string to check. * @return bool true if the input string is a valid domain wildcard matching pattern, false otherwise. */ public static function is_domain_matching_pattern($pattern) { if (!is_string($pattern)) { return false; } // Usually the trailing dot (null label) is omitted, but is valid if supplied. We'll just remove it and validate as normal. $pattern = rtrim($pattern, '.'); // The entire name cannot exceed 253 ascii characters (255 octets, less the leading label-length byte and null label byte). if (strlen($pattern) > 253) { return false; } // A valid pattern must left-positioned wildcard symbol (*). // Tertiary domain labels can have 63 octets max, and must not have begin or end with a hyphen. // The TLD label cannot begin with a number, but otherwise, is only loosely restricted here (TLD list is not checked). $wildcard = '((\*)\.){1}'; $domaintertiary = '([a-zA-Z0-9](([a-zA-Z0-9-]{0,61})[a-zA-Z0-9])?\.)*'; $domaintoplevel = '([a-zA-Z](([a-zA-Z0-9-]*)[a-zA-Z0-9])?)'; $address = '(' . $wildcard . $domaintertiary . $domaintoplevel . ')'; $regexp = '#^' . $address . '$#i'; // Case insensitive matching. return preg_match($regexp, $pattern, $match) == true; // False for error, 0 for no match - we treat the same. } /** * Syntax validation for IP addresses, supporting both IPv4 and Ipv6 formats. * * @param string $address the address to check. * @return bool true if the address is a valid IPv4 of IPv6 address, false otherwise. */ public static function is_ip_address($address) { return filter_var($address, FILTER_VALIDATE_IP) !== false; } /** * Syntax validation for IPv4 addresses. * * @param string $address the address to check. * @return bool true if the address is a valid IPv4 address, false otherwise. */ public static function is_ipv4_address($address) { return filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false; } /** * Syntax checking for IPv4 address ranges. * Supports CIDR notation and last-group ranges. * Eg. 127.0.0.0/24 or 127.0.0.80-255 * * @param string $addressrange the address range to check. * @return bool true if the string is a valid range representation, false otherwise. */ public static function is_ipv4_range($addressrange) { // Check CIDR notation. if (preg_match('#^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\/(\d{1,2})$#', $addressrange, $match)) { $address = "{$match[1]}.{$match[2]}.{$match[3]}.{$match[4]}"; return self::is_ipv4_address($address) && $match[5] <= 32; } // Check last-group notation. if (preg_match('#^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})-(\d{1,3})$#', $addressrange, $match)) { $address = "{$match[1]}.{$match[2]}.{$match[3]}.{$match[4]}"; return self::is_ipv4_address($address) && $match[5] <= 255 && $match[5] >= $match[4]; } return false; } /** * Syntax validation for IPv6 addresses. * This function does not check whether the address is assigned, only its syntactical correctness. * * @param string $address the address to check. * @return bool true if the address is a valid IPv6 address, false otherwise. */ public static function is_ipv6_address($address) { return filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== false; } /** * Syntax validation for IPv6 address ranges. * Supports CIDR notation and last-group ranges. * Eg. fe80::d98c/64 or fe80::d98c-ffee * * @param string $addressrange the IPv6 address range to check. * @return bool true if the string is a valid range representation, false otherwise. */ public static function is_ipv6_range($addressrange) { // Check CIDR notation. $ipv6parts = explode('/', $addressrange); if (count($ipv6parts) == 2) { $range = (int)$ipv6parts[1]; return self::is_ipv6_address($ipv6parts[0]) && (string)$range === $ipv6parts[1] && $range >= 0 && $range <= 128; } // Check last-group notation. $ipv6parts = explode('-', $addressrange); if (count($ipv6parts) == 2) { $addressparts = explode(':', $ipv6parts[0]); $rangestart = $addressparts[count($addressparts) - 1]; $rangeend = $ipv6parts[1]; return self::is_ipv6_address($ipv6parts[0]) && ctype_xdigit($rangestart) && ctype_xdigit($rangeend) && strlen($rangeend) <= 4 && strlen($rangestart) <= 4 && hexdec($rangeend) >= hexdec($rangestart); } return false; } /** * Checks the domain name against a list of allowed domains. The list of allowed domains may use wildcards * that match {@see is_domain_matching_pattern()}. Domains are compared in a case-insensitive manner * * @param string $domain Domain address * @param array $alloweddomains An array of allowed domains. * @return boolean True if the domain matches one of the entries in the allowed domains list. */ public static function is_domain_in_allowed_list($domain, $alloweddomains) { if (!self::is_domain_name($domain)) { return false; } foreach ($alloweddomains as $alloweddomain) { if (strpos($alloweddomain, '*') !== false) { if (!self::is_domain_matching_pattern($alloweddomain)) { continue; } // Use of wildcard for possible subdomains. $escapeperiods = str_replace('.', '\.', $alloweddomain); $replacewildcard = str_replace('*', '.*', $escapeperiods); $ultimatepattern = '/' . $replacewildcard . '$/i'; if (preg_match($ultimatepattern, $domain)) { return true; } } else { if (!self::is_domain_name($alloweddomain)) { continue; } // Strict domain setting. if (strcasecmp($domain, $alloweddomain) === 0) { return true; } } } return false; } /** * Is an ip in a given list of subnets? * * @param string $ip - the IP to test against the list * @param string $list - the list of IP subnets * @param string $delim a delimiter of the list * @return bool */ public static function is_ip_in_subnet_list($ip, $list, $delim = "\n") { $list = explode($delim, $list); foreach ($list as $line) { $tokens = explode('#', $line); $subnet = trim($tokens[0]); if (address_in_subnet($ip, $subnet)) { return true; } } return false; } /** * Return IP address for given hostname, or null on failure * * @param string $hostname * @return string|null */ public static function get_ip_address(string $hostname): ?string { if (self::is_domain_name($hostname)) { $address = gethostbyname($hostname); // If address is different from hostname, we have success. if (strcasecmp($address, $hostname) !== 0) { return $address; } } return null; } }