php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #71935 FILTER_FLAG_NO_RES_RANGE is missing 100.64.0.0/10
Submitted: 2016-03-31 23:45 UTC Modified: 2021-08-05 16:28 UTC
Votes:3
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: bbcan177 at gmail dot com Assigned: cmb (profile)
Status: Not a bug Package: Filter related
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
 [2016-03-31 23:45 UTC] bbcan177 at gmail dot com
Description:
------------
---
From manual page: http://www.php.net/filter.filters.flags
---

FILTER_FLAG_NO_RES_RANGE  is missing 100.64.0.0/10 in the documentation.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-22 12:12 UTC] jame2 at ceh dot ac dot uk
I think the documentation is missing a lot more IP addresses than given in the original bug report. 127.0.0.1 is the one that caught me out.

The documentation says "Fails validation for the following reserved IPv4 ranges: 0.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24 and 224.0.0.0/4." Compare this with the code for 5.6.25

if (flags & FILTER_FLAG_NO_RES_RANGE) {
  if (
    (ip[0] == 0) ||
    (ip[0] == 10) ||
    (ip[0] == 100 && (ip[1] >= 64 && ip[1] <= 127)) ||
    (ip[0] == 127) ||
    (ip[0] == 169 && ip[1] == 254) ||
    (ip[0] == 172 && (ip[1] >= 16 && ip[1] <= 31)) ||
    (ip[0] == 192 && ip[1] == 0 && ip[2] == 0) ||
    (ip[0] == 192 && ip[1] == 0 && ip[2] == 2) ||
    (ip[0] == 192 && ip[1] == 88 && ip[2] == 99) ||
    (ip[0] == 192 && ip[1] == 168) ||
    (ip[0] == 198 && (ip[1] == 18 || ip[1] == 19)) ||
    (ip[0] == 198 && ip[1] == 51 && ip[2] == 100) ||
    (ip[0] == 203 && ip[1] == 0 && ip[2] == 113) ||
    (ip[0] >= 224 && ip[0] <= 255)
  ) {
    RETURN_VALIDATION_FAILED
  }
}
 [2017-01-28 13:54 UTC] cmb@php.net
-Package: Documentation problem +Package: Filter related
 [2021-08-05 16:28 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2021-08-05 16:28 UTC] cmb@php.net
> FILTER_FLAG_NO_RES_RANGE  is missing 100.64.0.0/10 in the
> documentation.

No, it doesn't.  FILTER_FLAG_NO_RES_RANGE only considers addresses
as reserved which are reserved-by-protocol according to RFC 6890.

> Compare this with the code for 5.6.25

That code has long been fixed.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 05:01:29 2024 UTC