Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 613910b

Browse files
fabpotfabpot
committed
bug #16177 [HttpFoundation] Fixes /0 subnet handling in IpUtils (ultrafez)
This PR was squashed before being merged into the 2.3 branch (closes #16177). Discussion ---------- [HttpFoundation] Fixes /0 subnet handling in IpUtils | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #16055 | License | MIT | Doc PR | Not needed Fixes bug #16055. For IP addresses with CIDR subnet length 0, the IP address must be valid - IPs with subnet masks greater than zero are implicitly validated due to the use of `ip2long` and `substr_compare` (although it's not particularly robust - there could be some future work to improve this here). Commits ------- d9ac571 [HttpFoundation] Fixes /0 subnet handling in IpUtils
2 parents 66c99a0 + d9ac571 commit 613910b

File tree

2 files changed

+10
-9
lines changed

2 files changed

+10
-9
lines changed

src/Symfony/Component/HttpFoundation/IpUtils.php

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -57,18 +57,19 @@ public static function checkIp($requestIp, $ips)
5757
* @param string $requestIp IPv4 address to check
5858
* @param string $ip IPv4 address or subnet in CIDR notation
5959
*
60-
* @return bool Whether the IP is valid
60+
* @return bool Whether the request IP matches the IP, or whether the request IP is within the CIDR subnet.
6161
*/
6262
public static function checkIp4($requestIp, $ip)
6363
{
6464
if (false !== strpos($ip, '/')) {
65-
if ('0.0.0.0/0' === $ip) {
66-
return true;
67-
}
68-
6965
list($address, $netmask) = explode('/', $ip, 2);
7066

71-
if ($netmask < 1 || $netmask > 32) {
67+
if ($netmask === '0') {
68+
// Ensure IP is valid - using ip2long below implicitly validates, but we need to do it manually here
69+
return filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
70+
}
71+
72+
if ($netmask < 0 || $netmask > 32) {
7273
return false;
7374
}
7475
} else {

src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,13 +30,13 @@ public function testIpv4Provider()
3030
array(true, '192.168.1.1', '192.168.1.1/1'),
3131
array(true, '192.168.1.1', '192.168.1.0/24'),
3232
array(false, '192.168.1.1', '1.2.3.4/1'),
33-
array(false, '192.168.1.1', '192.168.1/33'),
33+
array(false, '192.168.1.1', '192.168.1.1/33'), // invalid subnet
3434
array(true, '192.168.1.1', array('1.2.3.4/1', '192.168.1.0/24')),
3535
array(true, '192.168.1.1', array('192.168.1.0/24', '1.2.3.4/1')),
3636
array(false, '192.168.1.1', array('1.2.3.4/1', '4.3.2.1/1')),
3737
array(true, '1.2.3.4', '0.0.0.0/0'),
38-
array(false, '1.2.3.4', '256.256.256/0'),
39-
array(false, '1.2.3.4', '192.168.1.0/0'),
38+
array(true, '1.2.3.4', '192.168.1.0/0'),
39+
array(false, '1.2.3.4', '256.256.256/0'), // invalid CIDR notation
4040
);
4141
}
4242

0 commit comments

Comments
 (0)