Home Original page

Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE

Bug #72972 Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE
Submitted: 2016-08-30 12:58 UTC Modified: 2016-09-08 22:23 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: mrowiec dot adam at gmail dot com Assigned: cmb (profile)
Status: Closed Package: filter (PECL)
PHP Version: 5.6.25 OS: Linux
Private report: No CVE-ID: None

 [2016-08-30 12:58 UTC] mrowiec dot adam at gmail dot com

Description:
------------
You made the bug in the commit:

https://github.com/php/php-src/commit/6fc7817558db2016b160277e410381f286fe127a


Because, You have bad ranges for the flags in IPv4.

FILTER_FLAG_NO_RES_RANGE - Range reserved by protocol:

0.0.0.0/8
240.0.0.0/4
127.0.0.0/8
169.254.0.0/16

This filter should return false only for this ranges

FILTER_FLAG_NO_PRIV_RANGE - Range use for private network:

10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

This filter should return false only for this ranges

Look in rfc6890:

https://tools.ietf.org/html/rfc6890

And your documentation is not actual:

http://www.php.net/filter.filters.flags

Test script:
---------------
var_dump(filter_var('192.168.0.1', FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_RES_RANGE));
var_dump(filter_var('169.254.0.1', FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE));

Expected result:
----------------
string(11) "192.168.0.1"
string(11) "169.254.0.1"

Actual result:
--------------
bool(false)
bool(false)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2016-08-31 16:51 UTC] cmb@php.net

-Assigned To: +Assigned To: jpauli

 [2016-09-01 19:43 UTC] mrowiec dot adam at gmail dot com

Yes, I thing that it is all right

 [2016-09-04 10:10 UTC] mrowiec dot adam at gmail dot com

FILTER_FLAG_NO_PRIV_RANGE - is OK
FILTER_FLAG_NO_RES_RANGE  - is OK

 [2016-09-05 08:13 UTC] jpauli@php.net

-Status: Assigned +Status: Closed

 [2016-09-08 08:44 UTC] jpauli@php.net

-Status: Closed +Status: Re-Opened -Type: Bug +Type: Documentation Problem -Assigned To: jpauli +Assigned To: cmb

 [2016-09-08 08:44 UTC] jpauli@php.net

Doc for FILTER_FLAG_NO_RES_RANGE needs an update

 [2016-09-08 11:47 UTC] cmb@php.net

-Status: Re-Opened +Status: Closed

 [2016-09-08 19:33 UTC] mrowiec dot adam at gmail dot com

thank you. Good work

 [2016-09-08 22:23 UTC] cmb@php.net

-Type: Documentation Problem +Type: Bug

 [2016-09-08 22:23 UTC] cmb@php.net

Thanks to you for reporting the issue!