php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73047 FILTER_FLAG_NO_RES_RANGE implements obsoleted RFC 5156
Submitted: 2016-09-08 11:54 UTC Modified: -
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: cmb@php.net Assigned:
Status: Open Package: Filter related
PHP Version: 7.1Git-2016-09-08 (Git) OS: *
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2016-09-08 11:54 UTC] cmb@php.net
Description:
------------
FILTER_FLAG_NO_RES_RANGE still implements the obsoleted RFC
5156[1] for IPv6 addresses, instead of the current RFC 6890[2].

[1] <https://tools.ietf.org/html/rfc5156>
[2] <https://tools.ietf.org/html/rfc6890>


Test script:
---------------
<?php
var_dump(filter_var('5f00:0:0:0:0:0:0:0', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6));
var_dump(filter_var('5f00:0:0:0:0:0:0:0', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_NO_RES_RANGE));


Expected result:
----------------
string(18) "5f00:0:0:0:0:0:0:0"
string(18) "5f00:0:0:0:0:0:0:0"


Actual result:
--------------
string(18) "5f00:0:0:0:0:0:0:0"
bool(false)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-30 14:27 UTC] sniper at nerdsluts dot net
Can add that php does not seem to filter the range 3ffe::/16 from the same RFC, which it of course shouldn't, but it might explain why it does filter 3ff3::/16 if done by mistake as I've not managed to find any reason why it should be filtered.
Looking back at the git history:
https://github.com/php/php-src/commit/e90265ac978a5d92beb7c37ecf3107c2c5f1d7f5
And the bug report:
https://bugs.php.net/bug.php?id=47435
This seems to be the case.

Test script:
---------------
<?php
var_dump(filter_var('3ff3::', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6));
var_dump(filter_var('3ff3::', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_NO_RES_RANGE));
var_dump(filter_var('5f00::', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6));
var_dump(filter_var('5f00::', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_NO_RES_RANGE));
var_dump(filter_var('3ffe::', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6));
var_dump(filter_var('3ffe::', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_NO_RES_RANGE));

Expected result:
---------------
string(6) "3ff3::"
string(6) "3ff3::"
string(6) "5f00::"
string(6) "5f00::"
string(6) "3ffe::"
string(6) "3ffe::"

Actual Result:
---------------
string(6) "3ff3::"
bool(false)
string(6) "5f00::"
bool(false)
string(6) "3ffe::"
string(6) "3ffe::"
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat May 25 19:01:26 2019 UTC