Edit report at http://bugs.php.net/bug.php?id=47435&edit=1
ID: 47435
Updated by: il...@php.net
Reported by: valli at icsurselva dot ch
Summary: FILTER_FLAG_NO_PRIV_RANGE and
FILTER_FLAG_NO_RES_RANGE don't work with ipv6
-Status: Open
+Status: Closed
Type: Bug
Package: Filter related
Operating System: linux
PHP Version: 5.*, 6CVS (2009-02-18)
-Assigned To:
+Assigned To: iliaa
Block user comment: N
Private report: N
New Comment:
This bug has been fixed in SVN.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
Thank you for the report, and for helping us make PHP better.
Previous Comments:
------------------------------------------------------------------------
[2010-12-12 20:54:23] il...@php.net
Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&revision=306290
Log: Fixed bug #47435 (FILTER_FLAG_NO_RES_RANGE don't work with ipv6).
------------------------------------------------------------------------
[2010-04-07 21:14:15] zippy1981 at gmail dot com
I implemented Valli's suggestion with two caveats:
1) I have to do the IPv4 mapping addresses. I will do that next.
2) FILTER_VALIDATE_IP does not handle subnets, only IPs.
------------------------------------------------------------------------
[2010-04-07 19:27:13] mikeg at bsd-box dot net
Valli's comment seems to be the right solution: It correctly identifies
& differentiates the RFC-listed private & reserved space.
I would propose an additional "FILTER_FLAG_NO_SPECIAL_RANGE" that
captures the union of the other sets as a convenient shortcut,
but that's just laziness on my part.
------------------------------------------------------------------------
[2009-03-03 06:42:20] valli at icsurselva dot ch
Yes, fc00::/7 is the one and only IPv6 private range.
But there are also a lot of reserved ranges.
FILTER_FLAG_NO_PRIV_RANGE (IP not from private ranges)
fc00::/7 // unique-local addresses (rfc4193)
FILTER_FLAG_NO_RES_RANGE (IP not from reserved ranges)
::/128 // unspecified address (rfc4291)
::1/128 // loopback address (rfc4291)
fe80::/10 // link local unicast (rfc4291)
2001:db8::/32 // documentation addresses (rfc3849)
5f00::/8 // 6Bone
3ffe::/16 // 6Bone
::ffff:0:0/96 // IPv4-Mapped addresses (rfc4291)
2001:10::/28 // ORCHID addresses (rfc4843)
::/0 // default unicast route address
FYI the following ranges are implemented for IPv4 in logical_filters.c
FILTER_FLAG_NO_PRIV_RANGE (IP not from private ranges)
10.0.0.0/8 // private use network (rfc1918)
172.16.0.0/12 // private use network (rfc1918)
192.168.0.0/16 // private use network (rfc1918)
FILTER_FLAG_NO_RES_RANGE (IP not from reserved ranges)
0.0.0.0/8 // "this" network (rfc1700)
169.254.0.0/16 // link local network (rfc3927)
192.0.2.0/24 // test net (rfc3330)
224.0.0.0/4 // Multicast (rfc3171)
240.0.0.0/4 // Reserved for Future Use (rfc1700)
------------------------------------------------------------------------
[2009-03-03 01:20:16] il...@php.net
According to the RFC I saw, the indicated ranges are the only ones
identified as private.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=47435
--
Edit this bug report at http://bugs.php.net/bug.php?id=47435&edit=1
