From 13d6a06ffa8c93c5cb28b85b7746c533bb8c80b6 Mon Sep 17 00:00:00 2001
From: zefie <zefie@zefie.net>
Date: Sun, 15 Jun 2025 01:03:31 -0400
Subject: [PATCH] block ips in vhost

---
 zefie_wtvp_minisrv/includes/classes/WTVIRC.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/zefie_wtvp_minisrv/includes/classes/WTVIRC.js b/zefie_wtvp_minisrv/includes/classes/WTVIRC.js
index c4eca3bc..4e67fa29 100644
--- a/zefie_wtvp_minisrv/includes/classes/WTVIRC.js
+++ b/zefie_wtvp_minisrv/includes/classes/WTVIRC.js
@@ -1264,6 +1264,13 @@ class WTVIRC {
                         socket.write(`:${this.servername} 501 ${socket.nickname} :Invalid VHost format\r\n`);
                         break;
                     }
+                    // Prevent setting VHost to an IP address (IPv4 or IPv6)
+                    const ipv4Pattern = /^(?:\d{1,3}\.){3}\d{1,3}$/;
+                    const ipv6Pattern = /^([a-fA-F0-9:]+:+)+[a-fA-F0-9]+$/;
+                    if (ipv4Pattern.test(newVHost) || ipv6Pattern.test(newVHost)) {
+                        socket.write(`:${this.servername} 501 ${socket.nickname} :VHost cannot be an IP address\r\n`);
+                        break;
+                    }
                     dns.lookup(newVHost, (err, address) => {
                         if (!err && address) {
                             socket.write(`:${this.servername} 501 ${socket.nickname} :VHost must not resolve to a real IP (resolved to: ${address})\r\n`);