From 4c3159b662d1f4b7200c050668199f9c9b9bd63a Mon Sep 17 00:00:00 2001
From: albert <r888888888@gmail.com>
Date: Sat, 23 Feb 2013 11:16:23 -0500
Subject: [PATCH] more robust validation for ip bans

---
 app/controllers/ip_bans_controller.rb |  7 ++++++-
 app/models/ip_ban.rb                  | 10 ++++++----
 app/views/ip_bans/new.html.erb        |  4 +++-
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/app/controllers/ip_bans_controller.rb b/app/controllers/ip_bans_controller.rb
index 0cd904c06..a278d2a68 100644
--- a/app/controllers/ip_bans_controller.rb
+++ b/app/controllers/ip_bans_controller.rb
@@ -7,7 +7,12 @@ class IpBansController < ApplicationController
 
   def create
     @ip_ban = IpBan.create(params[:ip_ban])
-    redirect_to ip_bans_path
+
+    if @ip_ban.errors.any?
+      render :action => "new"
+    else
+      redirect_to ip_bans_path
+    end
   end
   
   def index
diff --git a/app/models/ip_ban.rb b/app/models/ip_ban.rb
index b07932b32..8d6855bdc 100644
--- a/app/models/ip_ban.rb
+++ b/app/models/ip_ban.rb
@@ -1,18 +1,20 @@
 class IpBan < ActiveRecord::Base
+  IP_ADDR_REGEX = /\A(?:[0-9]{1,3}\.){3}[0-9]{1,3}\Z/
   belongs_to :creator, :class_name => "User"
   before_validation :initialize_creator, :on => :create
-  validates_presence_of :reason, :creator
-  validates_uniqueness_of :ip_addr
+  validates_presence_of :reason, :creator, :ip_addr
+  validates_format_of :ip_addr, :with => IP_ADDR_REGEX
+  validates_uniqueness_of :ip_addr, :if => lambda {|rec| rec.ip_addr =~ IP_ADDR_REGEX}
   
   def self.is_banned?(ip_addr)
-    exists?(["ip_addr = ?", ip_addr])
+    exists?("ip_addr = ?", ip_addr)
   end
   
   def self.search(params)
     q = scoped
     return q if params.blank?
     
-    if params[:ip_addr]
+    if params[:ip_addr].present?
       q = q.where("ip_addr = ?", params[:ip_addr])
     end
     
diff --git a/app/views/ip_bans/new.html.erb b/app/views/ip_bans/new.html.erb
index dbd1a79da..3a00f2108 100644
--- a/app/views/ip_bans/new.html.erb
+++ b/app/views/ip_bans/new.html.erb
@@ -2,8 +2,10 @@
   <div id="a-new">
     <h1>New IP Ban</h1>
 
+    <%= error_messages_for "ip_ban" %>
+    
     <%= simple_form_for(@ip_ban) do |f| %>
-      <%= f.input :ip_addr %>
+      <%= f.input :ip_addr, :label => "IP Address" %>
       <%= f.input :reason, :input_html => {:size => "50x5"} %>
       <%= f.button :submit, "Submit" %>
     <% end %>