|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #70845 ip2long should not fail with number starting with zero
Submitted: 2015-11-03 16:28 UTC Modified: 2016-07-03 11:06 UTC
From: raffaellobertini at gmail dot com Assigned:
Status: Open Package: Network related
PHP Version: 5.4.45 OS: centos6.5
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2015-11-03 16:28 UTC] raffaellobertini at gmail dot com
just run ip2long('') it will return false instead of 
interpreting the string as '195,194.213.96'

if you point me to the code i fix myself. I mean, the function is not robust.
cannot crash for a number that is '096' that it will be 96 as integer. 

Test script:
ip2long('') === ip2long('195,194.213.96')

//anyway the code to convert into packed format is quite easy, but It is not nice that I cannot rely on php built in function....


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-12-19 01:48 UTC]
This is merely speculation, but I think it may be interpreting '096' as octal due to the leading zero. '9' is not a valid octal digit, so in that case, it would be an invalid IP address.
 [2016-07-01 19:28 UTC]
-Summary: ip2long fails with number starting with zero +Summary: ip2long should not fail with number starting with zero -Type: Bug +Type: Feature/Change Request
 [2016-07-01 19:28 UTC]
I can confirm the behavior, see <>.

ip2long() is defined in ext/standard/basic_functions.c[1].
However, it appears to me the "culprit" is inet_addr() and/or
inet_pton() to which PHP delegates without much further
processing. I don't know about inet_pton(), but indeed inet_addr()
interprets fields with a leading zero as octal integers[2], so in
this case it fails. As this behavior is documented[3] and makes
sense, I'm changing this ticket to feature request.

Changing the behavior of ip2long() would be possible, but that
would obviously cause a BC break, and as such likely would require
the RFC process[4].

[1] <>
[2] <>
[3] <>
[4] <>
 [2016-07-02 15:39 UTC] raffaellobertini at gmail dot com you are perfectly right!

I would like to suggest (raw idea), instead of changing ip2long(), to built-in another helper function instead, that process the IP in string format and "clean" it and make it concise.

it will be something like:

    function ip_clean(string $ip) : ?string { ... }

and just process splitting by dot returning in a "correct" format the string to be processed further if required.
 [2016-07-03 11:06 UTC]
ip_clean() could be easily implemented in userland, though, for

    function ip_clean(string $ip) : ?string
        return implode(
                function ($el) {
                    return (int) $el;
                explode('.', $ip)

See <>.
 [2016-07-09 13:14 UTC] raffaellobertini at gmail dot com
My point was to do not always rewrite/paste the same function for each project, but instead have one built in. That even generalize better than the "ip_clean" raw idea proposed. Taking even the base as parameter for example.
Maybe would it be better to have inside a framework has ip validator instead of in a built in php way?

[Thanks for replies]
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed May 29 03:01:29 2024 UTC