diff options
| author | Dries Buytaert <dries@buytaert.net> | 2008-04-08 22:50:55 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2008-04-08 22:50:55 +0000 |
| commit | 08aa23227e45053117d273e517d7f386edc117ff (patch) | |
| tree | 49dbd259c7f3551ef8ab8c12cd665759d605c87f /modules/system/system.install | |
| parent | 1dfd1717c13db5d3ad0e6d64197241d33e6b5fb9 (diff) | |
| download | brdo-08aa23227e45053117d273e517d7f386edc117ff.tar.gz brdo-08aa23227e45053117d273e517d7f386edc117ff.tar.bz2 | |
- Patch #228594 by catch et al: removed access rule functionality from core.
The access rules capability of user module has been stripped down to a
simple method for blocking IP addresses. E-mail and username restrictions
are now available in a contributed module. IP address range blocking is
no longer supported and should be done at the server level.
This patch is partly motiviated by the fact that at the usability testing,
it frequently came up that users went to "access rules" when trying to
configure their site settings.
Diffstat (limited to 'modules/system/system.install')
| -rw-r--r-- | modules/system/system.install | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/modules/system/system.install b/modules/system/system.install index fc78a4db2..6d627c8bd 100644 --- a/modules/system/system.install +++ b/modules/system/system.install @@ -527,6 +527,29 @@ function system_schema() { ), ); + $schema['blocked_ips'] = array( + 'description' => t('Stores blocked IP addresses.'), + 'fields' => array( + 'iid' => array( + 'description' => t('Primary Key: unique ID for IP addresses.'), + 'type' => 'serial', + 'unsigned' => TRUE, + 'not null' => TRUE, + ), + 'ip' => array( + 'description' => t('IP address'), + 'type' => 'varchar', + 'length' => 32, + 'not null' => TRUE, + 'default' => '', + ), + ), + 'indexes' => array( + 'blocked_ip' => array('ip'), + ), + 'primary key' => array('iid'), + ); + $schema['cache'] = array( 'description' => t('Generic cache table for caching things not separated out into their own tables. Contributed modules may also use this to store cached items.'), 'fields' => array( @@ -2668,6 +2691,70 @@ function system_update_7001() { return $ret; } +/** + * Add a table to store blocked IP addresses. + */ +function system_update_7002() { + $ret = array(); + $schema['blocked_ips'] = array( + 'description' => t('Stores blocked IP addresses.'), + 'fields' => array( + 'iid' => array( + 'description' => t('Primary Key: unique ID for IP addresses.'), + 'type' => 'serial', + 'unsigned' => TRUE, + 'not null' => TRUE, + ), + 'ip' => array( + 'description' => t('IP address'), + 'type' => 'varchar', + 'length' => 32, + 'not null' => TRUE, + 'default' => '', + ), + ), + 'indexes' => array( + 'blocked_ip' => array('ip'), + ), + 'primary key' => array('iid'), + ); + + db_create_table($ret, 'blocked_ips', $schema['blocked_ips']); + + return $ret; +} + +/** + * Update {blocked_ips} with valid IP addresses from {access}. + */ +function system_update_7003() { + $ret = array(); + $type = 'host'; + $result = db_query("SELECT mask FROM {access} WHERE status = %d AND TYPE = '%s'", 0, $type); + while ($blocked = db_fetch_object($result)) { + if (filter_var($blocked->mask, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE) !== FALSE) { + $ret[] = update_sql("INSERT INTO {blocked_ips} (ip) VALUES ('$blocked->mask')"); + } + else { + $invalid_host = check_plain($blocked->mask); + $ret[] = array('success' => TRUE, 'query' => 'The host '. $invalid_host .' is no longer blocked because it is not a valid IP address.'); + } + } + if (isset($invalid_host)) { + drupal_set_message('Drupal no longer supports wildcard IP address blocking. Visitors whose IP addresses match ranges you have previously set using <em>access rules</em> will no longer be blocked from your site when you take it out of maintenance mode. See the <a href="http://drupal.org/node/24302">IP address and referrer blocking Handbook page</a> for alternative methods.', 'warning'); + $ret[] = array('success' => TRUE, 'query' => ''); + } + // Make sure not to block any IP addresses that were specifically allowed by access rules. + if (!empty($result)) { + $result = db_query("SELECT mask FROM {access} WHERE status = %d AND type = '%s'", 1, $type); + while ($allowed = db_fetch_object($result)) { + $ret[] = update_sql("DELETE FROM {blocked_ips} WHERE LOWER(ip) LIKE LOWER('$allowed->mask')"); + } + } + + return $ret; +} + /** * @} End of "defgroup updates-6.x-to-7.x" |