PHP :: Bug #73047 :: FILTER_FLAG_NO_RES_RANGE implements obsoleted RFC 5156

Bug #73047

FILTER_FLAG_NO_RES_RANGE implements obsoleted RFC 5156

Submitted:

2016-09-08 11:54 UTC

Modified:

2021-08-05 17:07 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	1 (100.0%)

From:

cmb@php.net

Assigned:

cmb (profile)

Status:

Closed

Package:

Filter related

PHP Version:

7.1Git-2016-09-08 (Git)

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	cmb@php.net
New email:
PHP Version:		OS:

New Comment:

[2016-09-08 11:54 UTC] cmb@php.net

Description:
------------
FILTER_FLAG_NO_RES_RANGE still implements the obsoleted RFC
5156[1] for IPv6 addresses, instead of the current RFC 6890[2].

[1] <https://tools.ietf.org/html/rfc5156>
[2] <https://tools.ietf.org/html/rfc6890>


Test script:
---------------
<?php
var_dump(filter_var('5f00:0:0:0:0:0:0:0', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6));
var_dump(filter_var('5f00:0:0:0:0:0:0:0', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_NO_RES_RANGE));


Expected result:
----------------
string(18) "5f00:0:0:0:0:0:0:0"
string(18) "5f00:0:0:0:0:0:0:0"


Actual result:
--------------
string(18) "5f00:0:0:0:0:0:0:0"
bool(false)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-10-30 14:27 UTC] sniper at nerdsluts dot net

Can add that php does not seem to filter the range 3ffe::/16 from the same RFC, which it of course shouldn't, but it might explain why it does filter 3ff3::/16 if done by mistake as I've not managed to find any reason why it should be filtered.
Looking back at the git history:
https://github.com/php/php-src/commit/e90265ac978a5d92beb7c37ecf3107c2c5f1d7f5
And the bug report:
https://bugs.php.net/bug.php?id=47435
This seems to be the case.

Test script:
---------------
<?php
var_dump(filter_var('3ff3::', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6));
var_dump(filter_var('3ff3::', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_NO_RES_RANGE));
var_dump(filter_var('5f00::', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6));
var_dump(filter_var('5f00::', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_NO_RES_RANGE));
var_dump(filter_var('3ffe::', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6));
var_dump(filter_var('3ffe::', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_NO_RES_RANGE));

Expected result:
---------------
string(6) "3ff3::"
string(6) "3ff3::"
string(6) "5f00::"
string(6) "5f00::"
string(6) "3ffe::"
string(6) "3ffe::"

Actual Result:
---------------
string(6) "3ff3::"
bool(false)
string(6) "5f00::"
bool(false)
string(6) "3ffe::"
string(6) "3ffe::"

[2021-08-05 17:07 UTC] cmb@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb

[2021-08-05 17:07 UTC] cmb@php.net

This has been fixed in the meantime.

[2021-08-05 17:07 UTC] cmb@php.net

This has been fixed in the meantime.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 11:01:30 2024 UTC