php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #72972 Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE
Submitted: 2016-08-30 12:58 UTC Modified: 2016-09-08 22:23 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: mrowiec dot adam at gmail dot com Assigned: cmb (profile)
Status: Closed Package: filter (PECL)
PHP Version: 5.6.25 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mrowiec dot adam at gmail dot com
New email:
PHP Version: OS:

 

 [2016-08-30 12:58 UTC] mrowiec dot adam at gmail dot com 
Description:
------------
You made the bug in the commit:

https://github.com/php/php-src/commit/6fc7817558db2016b160277e410381f286fe127a


Because, You have bad ranges for the flags in IPv4.

FILTER_FLAG_NO_RES_RANGE - Range reserved by protocol:

0.0.0.0/8
240.0.0.0/4
127.0.0.0/8
169.254.0.0/16

This filter should return false only for this ranges

FILTER_FLAG_NO_PRIV_RANGE - Range use for private network:

10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

This filter should return false only for this ranges

Look in rfc6890:

https://tools.ietf.org/html/rfc6890

And your documentation is not actual:

http://www.php.net/filter.filters.flags

Test script:
---------------
var_dump(filter_var('192.168.0.1', FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_RES_RANGE));
var_dump(filter_var('169.254.0.1', FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE));

Expected result:
----------------
string(11) "192.168.0.1"
string(11) "169.254.0.1"

Actual result:
--------------
bool(false)
bool(false)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-31 16:51 UTC] cmb@php.net
-Assigned To: +Assigned To: jpauli
 [2016-08-31 16:51 UTC] cmb@php.net 
The reasoning is explained in the respective PR, see
<https://github.com/php/php-src/pull/1954#issue-162266976>.

Julien, do we stick with this? If so, please re-classify as doc
bug, and assign to me.
 [2016-09-01 08:37 UTC] jpauli@php.net 
Please, have a look at https://github.com/jpauli/php-src/commit/3b47ad7b835aaae547bbbfe749d19485ec0c5046 and tell me if it is all right to you
 [2016-09-01 19:43 UTC] mrowiec dot adam at gmail dot com 
Yes, I thing that it is all right
 [2016-09-02 08:15 UTC] jpauli@php.net 
Please have a look at https://github.com/php/php-src/pull/2113  with tests.

Tell me if it is OK
 [2016-09-04 10:10 UTC] mrowiec dot adam at gmail dot com 
FILTER_FLAG_NO_PRIV_RANGE - is OK
FILTER_FLAG_NO_RES_RANGE  - is OK
 [2016-09-05 08:13 UTC] jpauli@php.net 
Automatic comment on behalf of jpauli
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9834978a8b80dace62adfc82b41918dc239e9e85
Log: Fix #72972, Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE
 [2016-09-05 08:13 UTC] jpauli@php.net
-Status: Assigned +Status: Closed
 [2016-09-05 08:15 UTC] jpauli@php.net 
Just merged that
 [2016-09-08 08:44 UTC] jpauli@php.net
-Status: Closed +Status: Re-Opened -Type: Bug +Type: Documentation Problem -Assigned To: jpauli +Assigned To: cmb
 [2016-09-08 08:44 UTC] jpauli@php.net 
Doc for FILTER_FLAG_NO_RES_RANGE needs an update
 [2016-09-08 11:47 UTC] cmb@php.net
-Status: Re-Opened +Status: Closed
 [2016-09-08 11:47 UTC] cmb@php.net 
I have updated the FILTER_FLAG_NO_(RES|PRIV)_RANGE docs to what
these constants should do[1]. That is also what the implementation
currently does, except for FILTER_FLAG_NO_RES_RANGE for IPv6
addresses. This still implements RFC 5156[2] which has, however,
been obsoleted by RFC 6890[3]. I'll open a new ticket wrt. this
issue.

[1] <http://svn.php.net/viewvc?view=revision&revision=340004>
[2] <https://tools.ietf.org/html/rfc5156>
[3] <https://tools.ietf.org/html/rfc6890>
 [2016-09-08 19:33 UTC] mrowiec dot adam at gmail dot com 
thank you. Good work
 [2016-09-08 22:23 UTC] cmb@php.net
-Type: Documentation Problem +Type: Bug
 [2016-09-08 22:23 UTC] cmb@php.net 
Thanks to you for reporting the issue!
 [2016-09-26 14:02 UTC] cmb@php.net 
Related To: Bug #73178
 [2016-10-01 08:39 UTC] requinix@php.net 
Related To: Bug #73216
 [2016-10-17 10:08 UTC] bwoebi@php.net 
Automatic comment on behalf of jpauli
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9834978a8b80dace62adfc82b41918dc239e9e85
Log: Fix #72972, Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 10:01:29 2024 UTC