php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73178 FILTER_FLAG_NO_RES_RANGE is defective
Submitted: 2016-09-26 13:16 UTC Modified: 2016-09-26 14:02 UTC
From: mlca at tdc dot dk Assigned: cmb (profile)
Status: Duplicate Package: Filter related
PHP Version: 7.0.11 OS: CentOS 7.2
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mlca at tdc dot dk
New email:
PHP Version: OS:

 

 [2016-09-26 13:16 UTC] mlca at tdc dot dk
Description:
------------
Somewhere between PHP 7.0.8 and 7.0.11 FILTER_FLAG_NO_RES_RANGE behaviour has been changed. In PHP 7.0.11 RFC1918 IP addresses are now matched as reserved as well as private.

Test script:
---------------
<?php

$ips = array("172.16.0.0","172.31.255.255","10.0.0.0","10.255.255.255","127.0.0.1",
    "0.0.0.0","255.255.255.255","239.224.0.0","100.64.0.0","8.8.8.8");

print "PHP version: " . phpversion() . "\n";
foreach ($ips as $ip) {
    print "$ip\n";
    print "  is_reserved=" . ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE) === $ip) ? "false\n" : "true\n");
    print "  is_private=" . ((filter_var($ip, FILTER_VALIDATE_IP ,FILTER_FLAG_NO_PRIV_RANGE) === $ip) ? "false\n" : "true\n");
}

Expected result:
----------------
PHP version: 5.6.24
172.16.0.0
  is_reserved=false
  is_private=true
172.31.255.255
  is_reserved=false
  is_private=true
10.0.0.0
  is_reserved=false
  is_private=true
10.255.255.255
  is_reserved=false
  is_private=true
127.0.0.1
  is_reserved=true
  is_private=false
0.0.0.0
  is_reserved=true
  is_private=false
255.255.255.255
  is_reserved=true
  is_private=false
239.224.0.0
  is_reserved=true
  is_private=false
100.64.0.0
  is_reserved=true
  is_private=false
8.8.8.8
  is_reserved=false
  is_private=false


PHP version: 7.0.8-0ubuntu0.16.04.2
172.16.0.0
  is_reserved=false
  is_private=true
172.31.255.255
  is_reserved=false
  is_private=true
10.0.0.0
  is_reserved=false
  is_private=true
10.255.255.255
  is_reserved=false
  is_private=true
127.0.0.1
  is_reserved=true
  is_private=false
0.0.0.0
  is_reserved=true
  is_private=false
255.255.255.255
  is_reserved=true
  is_private=false
239.224.0.0
  is_reserved=true
  is_private=false
100.64.0.0
  is_reserved=true
  is_private=false
8.8.8.8
  is_reserved=false
  is_private=false

Actual result:
--------------
PHP version: 7.0.11
172.16.0.0
  is_reserved=true
  is_private=true
172.31.255.255
  is_reserved=true
  is_private=true
10.0.0.0
  is_reserved=true
  is_private=true
10.255.255.255
  is_reserved=true
  is_private=true
127.0.0.1
  is_reserved=true
  is_private=false
0.0.0.0
  is_reserved=true
  is_private=false
255.255.255.255
  is_reserved=true
  is_private=false
239.224.0.0
  is_reserved=true
  is_private=false
100.64.0.0
  is_reserved=true
  is_private=false
8.8.8.8
  is_reserved=false
  is_private=false

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-09-26 14:02 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2016-09-26 14:02 UTC] cmb@php.net
Indeed, that behavior changed with PHP 7.0.10 due to merging PR
#1954; this had already been reported as bug #72972, and the fix
is scheduled for PHP 7.0.12.
 [2016-09-27 06:29 UTC] mlca at tdc dot dk
Thanks - should have used the "advanced search" for finding closed duplicates I guess...
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 10 14:01:27 2024 UTC