php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67311 FILTER_VALIDATE_IP bug with array reference
Submitted: 2014-05-20 14:01 UTC Modified: 2015-05-28 14:01 UTC
From: bug_34 at hotmaill dot com Assigned: cmb (profile)
Status: Not a bug Package: Filter related
PHP Version: Irrelevant OS: Windows XP
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: bug_34 at hotmaill dot com
New email:
PHP Version: OS:

 

 [2014-05-20 14:01 UTC] bug_34 at hotmaill dot com
Description:
------------
FILTER_VALIDATE_IP is not working as expected. Please see code snippet.

PHP version: 5.4.16
OS: Windows XP

Works: 
if (filter_var($ip, FILTER_VALIDATE_IP, array('flags' => array(FILTER_FLAG_IPV4, FILTER_FLAG_NO_PRIV_RANGE, FILTER_FLAG_NO_RES_RANGE))) !== false) {

Does not work:
if (filter_var($ip, FILTER_VALIDATE_IP, array('flags' => array(FILTER_FLAG_IPV6, FILTER_FLAG_NO_PRIV_RANGE))) !== false) {

Works:
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE) !== false) {


I didn't test it on different OS and PHP versions.

Test script:
---------------
<?php

	function is_ip($ip, $version = null) {
		switch ($version) {
			case 4:
				if (filter_var($ip, FILTER_VALIDATE_IP, array('flags' => array(FILTER_FLAG_IPV4, FILTER_FLAG_NO_PRIV_RANGE, FILTER_FLAG_NO_RES_RANGE))) !== false) {
					return "passed <br />\n";
				}
			break;
			case 6:
				if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== false) {
					return "passed <br />\n";
				}
			break;
			case 'bug':
				if (filter_var($ip, FILTER_VALIDATE_IP, array('flags' => array(FILTER_FLAG_IPV6, FILTER_FLAG_NO_PRIV_RANGE))) !== false) {
					return "passed <br />\n";
				}
			default:
				if (filter_var($ip, FILTER_VALIDATE_IP, array('flags' => array(FILTER_FLAG_IPV4, FILTER_FLAG_IPV6, FILTER_FLAG_NO_PRIV_RANGE, FILTER_FLAG_NO_RES_RANGE))) !== false) {
					return "passed <br />\n";
				}
			break;
		}
		
		return "didn't pass <br />\n";
	}

$ip = "127.0.0.1";
echo "IP address validation test: " . $ip .  "<br />\n";
echo "v4: ". is_ip($ip, 4);
echo "v6: ". is_ip($ip, 6);
echo "v6: ". is_ip($ip, 'bug');
echo "v4 or v6: ". is_ip($ip);



Expected result:
----------------
The expected result:

IP address validation test: 127.0.0.1
v4: passed
v6: didn't pass
v6: didn't pass
v4 or v6: passed 


Actual result:
--------------
The actual result:

IP address validation test: 127.0.0.1
v4: passed
v6: didn't pass
v6: passed
v4 or v6: passed 

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-05-28 14:01 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2015-05-28 14:01 UTC] cmb@php.net
Well, the value of the "flags" element is supposed to be an
integer, not an array. The following works as expected:

    var_dump(filter_var(
        '127.0.0.1',
        FILTER_VALIDATE_IP,
        array('flags' => FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE)
    ));
    // => bool(false)    

When a non-empty array is passed as value of the "flags" element,
this is converted to 1 according to PHP's type juggling. 1,
however, is (currently) the value of FILTER_FLAG_ALLOW_OCTAL,
which is ignored for FILTER_VALIDATE_IP, so the result is
basically identical to not passing any $options argument to
filter_var().

Also compare that your "working"

    var_dump(filter_var(
        '127.0.0.1',
        FILTER_VALIDATE_IP,
        array('flags' => array(
            FILTER_FLAG_IPV4,
            FILTER_FLAG_NO_PRIV_RANGE,
            FILTER_FLAG_NO_RES_RANGE
        ))
    ));
    // => string(9) "127.0.0.1"

with the correct

    var_dump(filter_var(
        '127.0.0.1',
        FILTER_VALIDATE_IP,
        array('flags' => FILTER_FLAG_IPV4 |
                         FILTER_FLAG_NO_PRIV_RANGE |
                         FILTER_FLAG_NO_RES_RANGE)
    ));
    // => bool(false)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 11:01:30 2024 UTC