diff options
| -rw-r--r-- | ext/filter/logical_filters.c | 11 | ||||
| -rw-r--r-- | ext/filter/tests/018.phpt | 2 | ||||
| -rw-r--r-- | ext/filter/tests/filter_ipv4_rfc6890.phpt | 137 |
3 files changed, 148 insertions, 2 deletions
diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c index 0e55c2548b..521fb50a3a 100644 --- a/ext/filter/logical_filters.c +++ b/ext/filter/logical_filters.c @@ -704,6 +704,7 @@ void php_filter_validate_ip(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ if (flags & FILTER_FLAG_NO_PRIV_RANGE) { if ( (ip[0] == 10) || + (ip[0] == 169 && ip[1] == 254) || (ip[0] == 172 && (ip[1] >= 16 && ip[1] <= 31)) || (ip[0] == 192 && ip[1] == 168) ) { @@ -714,10 +715,18 @@ void php_filter_validate_ip(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ if (flags & FILTER_FLAG_NO_RES_RANGE) { if ( (ip[0] == 0) || + (ip[0] == 10) || (ip[0] == 100 && (ip[1] >= 64 && ip[1] <= 127)) || + (ip[0] == 127) || (ip[0] == 169 && ip[1] == 254) || + (ip[0] == 172 && (ip[1] >= 16 && ip[1] <= 31)) || + (ip[0] == 192 && ip[1] == 0 && ip[2] == 0) || (ip[0] == 192 && ip[1] == 0 && ip[2] == 2) || - (ip[0] == 127 && ip[1] == 0 && ip[2] == 0 && ip[3] == 1) || + (ip[0] == 192 && ip[1] == 88 && ip[2] == 99) || + (ip[0] == 192 && ip[1] == 168) || + (ip[0] == 198 && (ip[1] == 18 || ip[1] == 19)) || + (ip[0] == 198 && ip[1] == 51 && ip[2] == 100) || + (ip[0] == 203 && ip[1] == 0 && ip[2] == 113) || (ip[0] >= 224 && ip[0] <= 255) ) { RETURN_VALIDATION_FAILED diff --git a/ext/filter/tests/018.phpt b/ext/filter/tests/018.phpt index 75bbd13427..11d7fc64ef 100644 --- a/ext/filter/tests/018.phpt +++ b/ext/filter/tests/018.phpt @@ -41,7 +41,7 @@ string(9) "127.0.0.1" bool(false) string(12) "192.0.34.166" bool(false) -string(9) "192.0.0.1" +bool(false) bool(false) bool(false) string(12) "192.0.34.166" diff --git a/ext/filter/tests/filter_ipv4_rfc6890.phpt b/ext/filter/tests/filter_ipv4_rfc6890.phpt new file mode 100644 index 0000000000..cfd9f8dc07 --- /dev/null +++ b/ext/filter/tests/filter_ipv4_rfc6890.phpt @@ -0,0 +1,137 @@ +--TEST-- +Bug #71745 FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range +--FILE-- +<?php +//https://tools.ietf.org/html/rfc6890#section-2.1 + +$privateRanges = array(); +// 10.0.0.0/8 +$privateRanges['10.0.0.0/8'] = array('10.0.0.0', '10.255.255.255'); + +// 169.254.0.0/16 +$privateRanges['168.254.0.0/16'] = array('169.254.0.0', '169.254.255.255'); + +// 172.16.0.0/12 +$privateRanges['172.16.0.0/12'] = array('172.16.0.0', '172.31.0.0'); + +// 192.168.0.0/16 +$privateRanges['192.168.0.0/16'] = array('192.168.0.0', '192.168.255.255'); + +foreach ($privateRanges as $key => $range) { + list($min, $max) = $range; + var_dump($key); + var_dump(filter_var($min, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE)); + var_dump(filter_var($max, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE)); +} + +$reservedRanges = array(); + +// 0.0.0.0/8 +$reserverRanges['0.0.0.0/8'] = array('0.0.0.0', '0.255.255.255'); + +// 10.0.0.0/8 +$reserverdRanges['10.0.0.0/8'] = array('10.0.0.0', '10.255.255.255'); + +// 100.64.0.0/10 +$reserverdRanges['10.64.0.0/10'] = array('100.64.0.0', '100.127.255.255'); + +// 127.0.0.0/8 +$reserverdRanges['127.0.0.0/8'] = array('127.0.0.0', '127.255.255.255'); + +// 169.254.0.0/16 +$reserverdRanges['169.254.0.0/16'] = array('169.254.0.0', '169.254.255.255'); + +// 172.16.0.0/12 +$reserverdRanges['172.16.0.0/12'] = array('172.16.0.0', '172.31.0.0'); + +// 192.0.0.0/24 +$reserverdRanges['192.0.0.0/24'] = array('192.0.0.0', '192.0.0.255'); + +// 192.0.0.0/29 +$reserverdRanges['192.0.0.0/29'] = array('192.0.0.0', '192.0.0.7'); + +// 192.0.2.0/24 +$reserverdRanges['192.0.2.0/24'] = array('192.0.2.0', '192.0.2.255'); + +// 198.18.0.0/15 +$reserverdRanges['198.18.0.0/15'] = array('198.18.0.0', '198.19.255.255'); + +// 198.51.100.0/24 +$reserverdRanges['198.51.100.0/24'] = array('198.51.100.0', '198.51.100.255'); + +// 192.88.99.0/24 +$reserverdRanges['192.88.99.0/24'] = array('192.88.99.0', '192.88.99.255'); + +// 192.168.0.0/16 +$reserverdRanges['192.168.0.0/16'] = array('192.168.0.0', '192.168.255.255'); + +// 203.0.113.0/24 +$reserverdRanges['203.0.113.0/24'] = array('203.0.113.0', '203.0.113.255'); + +// 240.0.0.0/4 + 255.255.255.255/32 +$reserverdRanges['240.0.0.0/4'] = array('224.0.0.0', '255.255.255.255'); + +foreach ($reserverdRanges as $key => $range) { + list($min, $max) = $range; + var_dump($key); + var_dump(filter_var($min, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_RES_RANGE)); + var_dump(filter_var($max, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_RES_RANGE)); +} + + + +--EXPECT-- +string(10) "10.0.0.0/8" +bool(false) +bool(false) +string(14) "168.254.0.0/16" +bool(false) +bool(false) +string(13) "172.16.0.0/12" +bool(false) +bool(false) +string(14) "192.168.0.0/16" +bool(false) +bool(false) +string(10) "10.0.0.0/8" +bool(false) +bool(false) +string(12) "10.64.0.0/10" +bool(false) +bool(false) +string(11) "127.0.0.0/8" +bool(false) +bool(false) +string(14) "169.254.0.0/16" +bool(false) +bool(false) +string(13) "172.16.0.0/12" +bool(false) +bool(false) +string(12) "192.0.0.0/24" +bool(false) +bool(false) +string(12) "192.0.0.0/29" +bool(false) +bool(false) +string(12) "192.0.2.0/24" +bool(false) +bool(false) +string(13) "198.18.0.0/15" +bool(false) +bool(false) +string(15) "198.51.100.0/24" +bool(false) +bool(false) +string(14) "192.88.99.0/24" +bool(false) +bool(false) +string(14) "192.168.0.0/16" +bool(false) +bool(false) +string(14) "203.0.113.0/24" +bool(false) +bool(false) +string(11) "240.0.0.0/4" +bool(false) +bool(false) |