ID: 25997 Updated by: [EMAIL PROTECTED] Reported By: xodfull at starmen dot net -Status: Open +Status: Analyzed -Bug Type: *General Issues +Bug Type: Documentation problem Operating System: Linux, Apache. PHP Version: 4.3.3 New Comment:
ip2long() works as advertised. However, if brought a very good point and this should be documented. For security, if ip2long() is used only for validation the IP should be escaped or should be used like this: $ip = long2ip(ip2long($ip)); Previous Comments: ------------------------------------------------------------------------ [2003-10-27 10:32:49] xodfull at starmen dot net "Magic quotes" needs to be disabled for this particular example to work. Anyway, I'm using RedHat's build of Linux 2.4.20, with Apache 1.3.28. ------------------------------------------------------------------------ [2003-10-27 02:03:03] [EMAIL PROTECTED] I've tested your code with 4.3.3, 4.3.4-CVS, 5-CVS and can't reproduce reasult you get (ip2long returns -1, as expected). Please, give more info about your OS & Apache. ------------------------------------------------------------------------ [2003-10-26 22:32:27] xodfull at starmen dot net Description: ------------ ip2long() is supposed to return -1 on an invalid ip address. Because of PHP's method of storing strings, and a careless calling of standard C library functions that use null-terminated strings, it will not return -1 on invalid ip addresses that contain embedded null characters in appropriate places. " The function ip2long() generates an IPv4 Internet network address from its Internet standard format (dotted string) representation. If ip_address is invalid than -1 is returned. Note that -1 does not evaluate as FALSE in PHP." Reproduce code: --------------- if(ip2long($_GET[ip]) != -1) echo($_GET[ip]); http://something.net/somescript.php?ip=127.0.0.1%00<b>foo</b> Expected result: ---------------- Arbitrary HTML insertion. Worse effects may be possible depending on the application. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=25997&edit=1