# HG changeset patch
# User Dan
# Date 1243431903 14400
# Node ID b7c7f7e2e93b4bad2fd38594e84392b3452e57dc
# Parent  e01c51cc1b354226067bf743a548945ef7f30920
AJAX rdns call now calls is_valid_ip() (security?)

diff -r e01c51cc1b35 -r b7c7f7e2e93b ajax.php
--- a/ajax.php	Wed May 27 09:44:27 2009 -0400
+++ b/ajax.php	Wed May 27 09:45:03 2009 -0400
@@ -539,8 +539,13 @@
     case "rdns":
       if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!');
       $ip = $_GET['ip'];
+      if ( !is_valid_ip($ip) )
+      {
+        echo $lang->get('acpsl_err_invalid_ip');
+      }
       $rdns = gethostbyaddr($ip);
-      if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.';
+      if ( $rdns == $ip )
+        echo $lang->get('acpsl_err_ptr_no_resolve');
       else echo $rdns;
       break;
     case 'acljson':
diff -r e01c51cc1b35 -r b7c7f7e2e93b language/english/admin.json
--- a/language/english/admin.json	Wed May 27 09:44:27 2009 -0400
+++ b/language/english/admin.json	Wed May 27 09:45:03 2009 -0400
@@ -1087,6 +1087,9 @@
       entry_u_to_mod: 'User %username% added to Moderators group',
       entry_view_comment_ip: 'IP address viewed on comment by %username%',
       tip_reverse_dns: 'Click for reverse DNS info',
+      
+      err_invalid_ip: 'No valid IPv4 or IPv6 address was provided. (In the demo, this is to be expected.)',
+      err_ptr_no_resolve: 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.'
     },
     acpbc: {
       err_empty: 'Please enter something to ban.',