php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #40301 ip-to-country.inc has a wrong RegExp to ignore RFC 1918 addresses
Submitted: 2007-02-01 04:40 UTC Modified: 2007-02-02 14:35 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: v1d4l0k4 at gmail dot com Assigned:
Status: Closed Package: Website problem
PHP Version: Irrelevant OS: Irrelevant
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: v1d4l0k4 at gmail dot com
New email:
PHP Version: OS:

 

 [2007-02-01 04:40 UTC] v1d4l0k4 at gmail dot com 
Description:
------------
In agreement with the RFC 1918 document (page 4, item 3), the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets:

10.0.0.0    - 10.255.255.255  (10/8 prefix)
172.16.0.0  - 172.31.255.255  (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

Ok, until there it's good. :)

Main problem: The www.php.net/source.php?url=/include/ip-to-country.inc include file used here has a wrong regular expression. The RegExp used doesn't ignore 172.17.0.0-172.31.255.255 IP block, that they're private.

Other problem: As well told smith99 on ip-to-country.com forums (topic: http://ip-to-country.webhosting.info/node/view/43), the RegExp also doesn't ignore Unknown values of some proxies.

Reproduce code:
---------------
Line 207-210:

           // Skip RFC 1918 IP's 10.0.0.0/8, 172.16.0.0/12 and
           // 192.168.0.0/16 -- jim kill me later with my regexp pattern
           // below.
           if (!eregi ("^(10|172\.16|192\.168)\.", $ips[$i])) {

Expected result:
----------------
Also ignore 172.17.0.0-172.31.255.255 IP block and Unknown values, with something as this code:

           // Skip RFC 1918 IP's 10.x.x.x/8, 172.16-31.x.x/12 and
           // 192.168.x.x/16 -- jim kill me later with my regexp pattern
           // below.
           if (!preg_match("/^(unknown|10|172\.(1[6-9]|2[0-9]|3[0-1])|192\.168)\.*/", $ips[$i])) {

Actual result:
--------------
172.17.0.0-172.31.255.255 IP block and Unknown values doesn't ignored.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-02-02 14:35 UTC] nlopess@php.net 
This bug has been fixed in CVS. Since the websites are not directly
updated from the CVS server, the fix might need some time to spread
across the globe to all mirror sites, including PHP.net itself.

Thank you for the report, and for helping us make PHP.net better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun May 05 11:01:33 2024 UTC