php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73178 FILTER_FLAG_NO_RES_RANGE is defective
Submitted: 2016-09-26 13:16 UTC Modified: 2016-09-26 14:02 UTC
From: mlca at tdc dot dk Assigned: cmb
Status: Duplicate Package: Filter related
PHP Version: 7.0.11 OS: CentOS 7.2
Private report: No CVE-ID:
 [2016-09-26 13:16 UTC] mlca at tdc dot dk
Description:
------------
Somewhere between PHP 7.0.8 and 7.0.11 FILTER_FLAG_NO_RES_RANGE behaviour has been changed. In PHP 7.0.11 RFC1918 IP addresses are now matched as reserved as well as private.

Test script:
---------------
<?php

$ips = array("172.16.0.0","172.31.255.255","10.0.0.0","10.255.255.255","127.0.0.1",
    "0.0.0.0","255.255.255.255","239.224.0.0","100.64.0.0","8.8.8.8");

print "PHP version: " . phpversion() . "\n";
foreach ($ips as $ip) {
    print "$ip\n";
    print "  is_reserved=" . ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE) === $ip) ? "false\n" : "true\n");
    print "  is_private=" . ((filter_var($ip, FILTER_VALIDATE_IP ,FILTER_FLAG_NO_PRIV_RANGE) === $ip) ? "false\n" : "true\n");
}

Expected result:
----------------
PHP version: 5.6.24
172.16.0.0
  is_reserved=false
  is_private=true
172.31.255.255
  is_reserved=false
  is_private=true
10.0.0.0
  is_reserved=false
  is_private=true
10.255.255.255
  is_reserved=false
  is_private=true
127.0.0.1
  is_reserved=true
  is_private=false
0.0.0.0
  is_reserved=true
  is_private=false
255.255.255.255
  is_reserved=true
  is_private=false
239.224.0.0
  is_reserved=true
  is_private=false
100.64.0.0
  is_reserved=true
  is_private=false
8.8.8.8
  is_reserved=false
  is_private=false


PHP version: 7.0.8-0ubuntu0.16.04.2
172.16.0.0
  is_reserved=false
  is_private=true
172.31.255.255
  is_reserved=false
  is_private=true
10.0.0.0
  is_reserved=false
  is_private=true
10.255.255.255
  is_reserved=false
  is_private=true
127.0.0.1
  is_reserved=true
  is_private=false
0.0.0.0
  is_reserved=true
  is_private=false
255.255.255.255
  is_reserved=true
  is_private=false
239.224.0.0
  is_reserved=true
  is_private=false
100.64.0.0
  is_reserved=true
  is_private=false
8.8.8.8
  is_reserved=false
  is_private=false

Actual result:
--------------
PHP version: 7.0.11
172.16.0.0
  is_reserved=true
  is_private=true
172.31.255.255
  is_reserved=true
  is_private=true
10.0.0.0
  is_reserved=true
  is_private=true
10.255.255.255
  is_reserved=true
  is_private=true
127.0.0.1
  is_reserved=true
  is_private=false
0.0.0.0
  is_reserved=true
  is_private=false
255.255.255.255
  is_reserved=true
  is_private=false
239.224.0.0
  is_reserved=true
  is_private=false
100.64.0.0
  is_reserved=true
  is_private=false
8.8.8.8
  is_reserved=false
  is_private=false

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-09-26 14:02 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2016-09-26 14:02 UTC] cmb@php.net
Indeed, that behavior changed with PHP 7.0.10 due to merging PR
#1954; this had already been reported as bug #72972, and the fix
is scheduled for PHP 7.0.12.
 [2016-09-27 06:29 UTC] mlca at tdc dot dk
Thanks - should have used the "advanced search" for finding closed duplicates I guess...
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC