ID: 25997 Updated by: [EMAIL PROTECTED] Reported By: xodfull at starmen dot net -Status: Analyzed +Status: Closed Bug Type: Documentation problem Operating System: Linux, Apache. PHP Version: 4.3.3 New Comment:
This bug has been fixed in the documentation's XML sources. Since the online and downloadable versions of the documentation need some time to get updated, we would like to ask you to be a bit patient. Thank you for the report, and for helping us make our documentation better. Previous Comments: ------------------------------------------------------------------------ [2003-10-27 17:29:54] [EMAIL PROTECTED] ip2long() works as advertised. However, if brought a very good point and this should be documented. For security, if ip2long() is used only for validation the IP should be escaped or should be used like this: $ip = long2ip(ip2long($ip)); ------------------------------------------------------------------------ [2003-10-26 22:32:27] xodfull at starmen dot net Description: ------------ ip2long() is supposed to return -1 on an invalid ip address. Because of PHP's method of storing strings, and a careless calling of standard C library functions that use null-terminated strings, it will not return -1 on invalid ip addresses that contain embedded null characters in appropriate places. " The function ip2long() generates an IPv4 Internet network address from its Internet standard format (dotted string) representation. If ip_address is invalid than -1 is returned. Note that -1 does not evaluate as FALSE in PHP." Reproduce code: --------------- if(ip2long($_GET[ip]) != -1) echo($_GET[ip]); http://something.net/somescript.php?ip=127.0.0.1%00<b>foo</b> Expected result: ---------------- Arbitrary HTML insertion. Worse effects may be possible depending on the application. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=25997&edit=1
