Skip to content

Commit 6fc7817

Browse files
zghostsJulien Pauli
zghosts
authored and
Julien Pauli
committed
update filter_var filters for ipv4 addresses to reflect rfc6890
1 parent 1071a26 commit 6fc7817

File tree

3 files changed

+148
-2
lines changed

3 files changed

+148
-2
lines changed

ext/filter/logical_filters.c

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -704,6 +704,7 @@ void php_filter_validate_ip(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
704704
if (flags & FILTER_FLAG_NO_PRIV_RANGE) {
705705
if (
706706
(ip[0] == 10) ||
707+
(ip[0] == 169 && ip[1] == 254) ||
707708
(ip[0] == 172 && (ip[1] >= 16 && ip[1] <= 31)) ||
708709
(ip[0] == 192 && ip[1] == 168)
709710
) {
@@ -714,10 +715,18 @@ void php_filter_validate_ip(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
714715
if (flags & FILTER_FLAG_NO_RES_RANGE) {
715716
if (
716717
(ip[0] == 0) ||
718+
(ip[0] == 10) ||
717719
(ip[0] == 100 && (ip[1] >= 64 && ip[1] <= 127)) ||
720+
(ip[0] == 127) ||
718721
(ip[0] == 169 && ip[1] == 254) ||
722+
(ip[0] == 172 && (ip[1] >= 16 && ip[1] <= 31)) ||
723+
(ip[0] == 192 && ip[1] == 0 && ip[2] == 0) ||
719724
(ip[0] == 192 && ip[1] == 0 && ip[2] == 2) ||
720-
(ip[0] == 127 && ip[1] == 0 && ip[2] == 0 && ip[3] == 1) ||
725+
(ip[0] == 192 && ip[1] == 88 && ip[2] == 99) ||
726+
(ip[0] == 192 && ip[1] == 168) ||
727+
(ip[0] == 198 && (ip[1] == 18 || ip[1] == 19)) ||
728+
(ip[0] == 198 && ip[1] == 51 && ip[2] == 100) ||
729+
(ip[0] == 203 && ip[1] == 0 && ip[2] == 113) ||
721730
(ip[0] >= 224 && ip[0] <= 255)
722731
) {
723732
RETURN_VALIDATION_FAILED

ext/filter/tests/018.phpt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ string(9) "127.0.0.1"
4141
bool(false)
4242
string(12) "192.0.34.166"
4343
bool(false)
44-
string(9) "192.0.0.1"
44+
bool(false)
4545
bool(false)
4646
bool(false)
4747
string(12) "192.0.34.166"

ext/filter/tests/filter_ipv4_rfc6890.phpt

Lines changed: 137 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,137 @@
1+
--TEST--
2+
Bug #71745 FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range
3+
--FILE--
4+
<?php
5+
//https://tools.ietf.org/html/rfc6890#section-2.1
6+
7+
$privateRanges = array();
8+
// 10.0.0.0/8
9+
$privateRanges['10.0.0.0/8'] = array('10.0.0.0', '10.255.255.255');
10+
11+
// 169.254.0.0/16
12+
$privateRanges['168.254.0.0/16'] = array('169.254.0.0', '169.254.255.255');
13+
14+
// 172.16.0.0/12
15+
$privateRanges['172.16.0.0/12'] = array('172.16.0.0', '172.31.0.0');
16+
17+
// 192.168.0.0/16
18+
$privateRanges['192.168.0.0/16'] = array('192.168.0.0', '192.168.255.255');
19+
20+
foreach ($privateRanges as $key => $range) {
21+
list($min, $max) = $range;
22+
var_dump($key);
23+
var_dump(filter_var($min, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE));
24+
var_dump(filter_var($max, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE));
25+
}
26+
27+
$reservedRanges = array();
28+
29+
// 0.0.0.0/8
30+
$reserverRanges['0.0.0.0/8'] = array('0.0.0.0', '0.255.255.255');
31+
32+
// 10.0.0.0/8
33+
$reserverdRanges['10.0.0.0/8'] = array('10.0.0.0', '10.255.255.255');
34+
35+
// 100.64.0.0/10
36+
$reserverdRanges['10.64.0.0/10'] = array('100.64.0.0', '100.127.255.255');
37+
38+
// 127.0.0.0/8
39+
$reserverdRanges['127.0.0.0/8'] = array('127.0.0.0', '127.255.255.255');
40+
41+
// 169.254.0.0/16
42+
$reserverdRanges['169.254.0.0/16'] = array('169.254.0.0', '169.254.255.255');
43+
44+
// 172.16.0.0/12
45+
$reserverdRanges['172.16.0.0/12'] = array('172.16.0.0', '172.31.0.0');
46+
47+
// 192.0.0.0/24
48+
$reserverdRanges['192.0.0.0/24'] = array('192.0.0.0', '192.0.0.255');
49+
50+
// 192.0.0.0/29
51+
$reserverdRanges['192.0.0.0/29'] = array('192.0.0.0', '192.0.0.7');
52+
53+
// 192.0.2.0/24
54+
$reserverdRanges['192.0.2.0/24'] = array('192.0.2.0', '192.0.2.255');
55+
56+
// 198.18.0.0/15
57+
$reserverdRanges['198.18.0.0/15'] = array('198.18.0.0', '198.19.255.255');
58+
59+
// 198.51.100.0/24
60+
$reserverdRanges['198.51.100.0/24'] = array('198.51.100.0', '198.51.100.255');
61+
62+
// 192.88.99.0/24
63+
$reserverdRanges['192.88.99.0/24'] = array('192.88.99.0', '192.88.99.255');
64+
65+
// 192.168.0.0/16
66+
$reserverdRanges['192.168.0.0/16'] = array('192.168.0.0', '192.168.255.255');
67+
68+
// 203.0.113.0/24
69+
$reserverdRanges['203.0.113.0/24'] = array('203.0.113.0', '203.0.113.255');
70+
71+
// 240.0.0.0/4 + 255.255.255.255/32
72+
$reserverdRanges['240.0.0.0/4'] = array('224.0.0.0', '255.255.255.255');
73+
74+
foreach ($reserverdRanges as $key => $range) {
75+
list($min, $max) = $range;
76+
var_dump($key);
77+
var_dump(filter_var($min, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_RES_RANGE));
78+
var_dump(filter_var($max, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_RES_RANGE));
79+
}
80+
81+
82+
83+
--EXPECT--
84+
string(10) "10.0.0.0/8"
85+
bool(false)
86+
bool(false)
87+
string(14) "168.254.0.0/16"
88+
bool(false)
89+
bool(false)
90+
string(13) "172.16.0.0/12"
91+
bool(false)
92+
bool(false)
93+
string(14) "192.168.0.0/16"
94+
bool(false)
95+
bool(false)
96+
string(10) "10.0.0.0/8"
97+
bool(false)
98+
bool(false)
99+
string(12) "10.64.0.0/10"
100+
bool(false)
101+
bool(false)
102+
string(11) "127.0.0.0/8"
103+
bool(false)
104+
bool(false)
105+
string(14) "169.254.0.0/16"
106+
bool(false)
107+
bool(false)
108+
string(13) "172.16.0.0/12"
109+
bool(false)
110+
bool(false)
111+
string(12) "192.0.0.0/24"
112+
bool(false)
113+
bool(false)
114+
string(12) "192.0.0.0/29"
115+
bool(false)
116+
bool(false)
117+
string(12) "192.0.2.0/24"
118+
bool(false)
119+
bool(false)
120+
string(13) "198.18.0.0/15"
121+
bool(false)
122+
bool(false)
123+
string(15) "198.51.100.0/24"
124+
bool(false)
125+
bool(false)
126+
string(14) "192.88.99.0/24"
127+
bool(false)
128+
bool(false)
129+
string(14) "192.168.0.0/16"
130+
bool(false)
131+
bool(false)
132+
string(14) "203.0.113.0/24"
133+
bool(false)
134+
bool(false)
135+
string(11) "240.0.0.0/4"
136+
bool(false)
137+
bool(false)

0 commit comments

Comments
 (0)