From 70c0beb857d879b8c2c74ac0922f82b37717c989 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 29 Aug 2013 16:46:22 -0700
Subject: block attempts to set the baseurl to an ip address if it was
 previously a dns name

---
 boot.php | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'boot.php')

diff --git a/boot.php b/boot.php
index ed378a45b..a5ff7ea0b 100755
--- a/boot.php
+++ b/boot.php
@@ -1164,9 +1164,21 @@ function check_config(&$a) {
 		set_config('system','urlverify',bin2hex(z_root()));
 	if(($saved) && ($saved != bin2hex(z_root()))) {
 		// our URL changed. Do something.
+
 		$oldurl = hex2bin($saved);
-		fix_system_urls($oldurl,z_root());
-		set_config('system','urlverify',bin2hex(z_root()));
+		
+		$oldhost = substr($oldurl,strpos($oldurl,'//')+2);
+		$host = substr(z_root(),strpos(z_root(),'//')+2);
+
+		$is_ip_addr = ((preg_match("/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/",$host)) ? true : false);
+		$was_ip_addr = ((preg_match("/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/",$oldhost)) ? true : false);
+		// only change the url to an ip address if it was already an ip and not a dns name
+		if((! $is_ip_addr) || ($is_ip_addr && $was_ip_addr)) {
+			fix_system_urls($oldurl,z_root());
+			set_config('system','urlverify',bin2hex(z_root()));
+		}
+		else
+			logger('Attempt to change baseurl from a DNS name to an IP address was refused.');  
 	}
 
 	// This will actually set the url to the one stored in .htconfig, and ignore what 
-- 
cgit v1.2.3