PHP :: Bug #46343 :: IPv6 address filter accepts invalid address

Bug #46343	IPv6 address filter accepts invalid address
Submitted:	2008-10-20 11:10 UTC	Modified:	2008-10-20 23:23 UTC
From:	daan at react dot nl	Assigned:
Status:	Closed	Package:	Filter related
PHP Version:	5.2.6	OS:	Debian
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	daan at react dot nl
New email:
PHP Version:		OS:

New/Additional Comment:

[2008-10-20 11:10 UTC] daan at react dot nl

Description:
------------
The IPv6 address filter in the filter extension accepts invalid IPv6 address notations: `:1:2:3:4:5:6:7` and `1:2:3:4:5:6:7:`.
Relevant RFC: http://tools.ietf.org/html/rfc4291#section-2.2

Reproduce code:
---------------
var_dump(filter_var(':1:2:3:4:5:6:7', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6));

Expected result:
----------------
false

Actual result:
--------------
':1:2:3:4:5:6:7'

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-10-20 11:55 UTC] daan at react dot nl

A little correction: `1:2:3:4:5:6:7:` is in fact reported correctly as being invalid. (so only `:1:2:3:4:5:6:7` is faulty)

[2008-10-20 23:23 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Apr 07 16:01:28 2025 UTC