PHP :: Bug #73178 :: FILTER_FLAG_NO_RES

Bug #73178	FILTER_FLAG_NO_RES_RANGE is defective
Submitted:	2016-09-26 13:16 UTC	Modified:	2016-09-26 14:02 UTC
From:	mlca at tdc dot dk	Assigned:	cmb (profile)
Status:	Duplicate	Package:	Filter related
PHP Version:	7.0.11	OS:	CentOS 7.2
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	mlca at tdc dot dk
New email:
PHP Version:		OS:

New/Additional Comment:

[2016-09-26 13:16 UTC] mlca at tdc dot dk

Description:
------------
Somewhere between PHP 7.0.8 and 7.0.11 FILTER_FLAG_NO_RES_RANGE behaviour has been changed. In PHP 7.0.11 RFC1918 IP addresses are now matched as reserved as well as private.

Test script:
---------------
<?php

$ips = array("172.16.0.0","172.31.255.255","10.0.0.0","10.255.255.255","127.0.0.1",
    "0.0.0.0","255.255.255.255","239.224.0.0","100.64.0.0","8.8.8.8");

print "PHP version: " . phpversion() . "\n";
foreach ($ips as $ip) {
    print "$ip\n";
    print "  is_reserved=" . ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE) === $ip) ? "false\n" : "true\n");
    print "  is_private=" . ((filter_var($ip, FILTER_VALIDATE_IP ,FILTER_FLAG_NO_PRIV_RANGE) === $ip) ? "false\n" : "true\n");
}

Expected result:
----------------
PHP version: 5.6.24
172.16.0.0
  is_reserved=false
  is_private=true
172.31.255.255
  is_reserved=false
  is_private=true
10.0.0.0
  is_reserved=false
  is_private=true
10.255.255.255
  is_reserved=false
  is_private=true
127.0.0.1
  is_reserved=true
  is_private=false
0.0.0.0
  is_reserved=true
  is_private=false
255.255.255.255
  is_reserved=true
  is_private=false
239.224.0.0
  is_reserved=true
  is_private=false
100.64.0.0
  is_reserved=true
  is_private=false
8.8.8.8
  is_reserved=false
  is_private=false


PHP version: 7.0.8-0ubuntu0.16.04.2
172.16.0.0
  is_reserved=false
  is_private=true
172.31.255.255
  is_reserved=false
  is_private=true
10.0.0.0
  is_reserved=false
  is_private=true
10.255.255.255
  is_reserved=false
  is_private=true
127.0.0.1
  is_reserved=true
  is_private=false
0.0.0.0
  is_reserved=true
  is_private=false
255.255.255.255
  is_reserved=true
  is_private=false
239.224.0.0
  is_reserved=true
  is_private=false
100.64.0.0
  is_reserved=true
  is_private=false
8.8.8.8
  is_reserved=false
  is_private=false

Actual result:
--------------
PHP version: 7.0.11
172.16.0.0
  is_reserved=true
  is_private=true
172.31.255.255
  is_reserved=true
  is_private=true
10.0.0.0
  is_reserved=true
  is_private=true
10.255.255.255
  is_reserved=true
  is_private=true
127.0.0.1
  is_reserved=true
  is_private=false
0.0.0.0
  is_reserved=true
  is_private=false
255.255.255.255
  is_reserved=true
  is_private=false
239.224.0.0
  is_reserved=true
  is_private=false
100.64.0.0
  is_reserved=true
  is_private=false
8.8.8.8
  is_reserved=false
  is_private=false

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-09-26 14:02 UTC] cmb@php.net

-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb

[2016-09-26 14:02 UTC] cmb@php.net

Indeed, that behavior changed with PHP 7.0.10 due to merging PR
#1954; this had already been reported as bug #72972, and the fix
is scheduled for PHP 7.0.12.

[2016-09-27 06:29 UTC] mlca at tdc dot dk

Thanks - should have used the "advanced search" for finding closed duplicates I guess...

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 17:01:31 2024 UTC