Yes, it times out after a few seconds.
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.200.200.46 mb2.nawcc.org mb2 xf.nawcc.org xf
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
$ips = @gethostbynamel($parts['host']);
if ($ips)
{
foreach ($ips AS $ip)
{
if (self::isLocalIpv4($ip))
{
$error = "local: $ip";
return false;
}
else
{
$hasValidIp = true;
}
}
}
if (function_exists('dns_get_record') && defined('DNS_AAAA'))
{
$hasIpv6 = defined('AF_INET6');
if (!$hasIpv6 && function_exists('curl_version') && defined('CURL_VERSION_IPV6'))
{
$version = curl_version();
if ($version['features'] & CURL_VERSION_IPV6)
{
$hasIpv6 = true;
}
}
if ($hasIpv6)
{
$ipv6s = @dns_get_record($parts['host'], DNS_AAAA);
if ($ipv6s)
{
foreach ($ipv6s AS $ipv6)
{
$ip = $ipv6['ipv6'];
if (self::isLocalIpv6($ip))
{
$error = "local: $ip";
return false;
}
else
{
$hasValidIp = true;
}
}
}
}
}
Our server and our vB site are both behind the firewall, hence the 10.200.200.46 but I do not know the correct syntax for these entries. We are trying to reference the vB site during the conversion, but the title reference problem exists for both the vB and the xF site.Code:127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.200.200.46 mb2.nawcc.org mb2 xf.nawcc.org xf
My system is not private, but it is behind a firewall with address translation.
public static function isLocalIpv4($ip)
{
return preg_match('#^(
0\.|
10\.|
100\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\.|
127\.|
169\.254\.|
172\.(1[6-9]|2[0-9]|3[01])\.|
192\.0\.0\.|
192\.0\.2\.|
192\.88\.99\.|
192\.168\.|
198\.1[89]\.|
198\.51\.100\.|
203\.0\.113\.|
224\.|
240\.|
255\.255\.255\.255
)#x', $ip);
}
public static function isLocalIpv6($ip)
{
$ip = XenForo_Helper_Ip::convertIpStringToBinary($ip);
$ranges = array(
'::' => 128,
'::1' => 128,
'::ffff:0:0' => 96,
'100::' => 64,
'64:ff9b::' => 96,
'2001::' => 32,
'2001:db8::' => 32,
'2002::' => 16,
'fc00::' => 7,
'fe80::' => 10,
'ff00::' => 8
);
public static function isRequestableUntrustedUrl($url, &$error = null)
{
return true;
$parts = @parse_url($url);
Can anyone tell me without compromising world security why that safety check is necessary?
...
$ips = @gethostbynamel($parts['host']);
if ($ips)
{
foreach ($ips AS $ip)
{
if (self::isLocalIpv4($ip) && $ip != '10.200.200.46') // Allow from your server's private IP address
{
$error = "local: $ip";
return false;
}
else
{
$hasValidIp = true;
}
}
}
...
Did this, yet I can't auto-link urls to the board itself.In v1.5.13 you can test if this is the cause by editing library/XenForo/Helper/Http.php then finding the isRequestableUntrustedUrl() function and putting return true; at the very start like below.
We use essential cookies to make this site work, and optional cookies to enhance your experience.