Edit report at http://bugs.php.net/bug.php?id=50830&edit=1
ID: 50830 Comment by: sob at academ dot com Reported by: mikerushton at hotmail dot co dot uk Summary: FILTER_VALIDATE_IP incorrectly validates a compressed IPv4-mapped IPv6 address Status: Open Type: Bug Package: Filter related Operating System: * PHP Version: 5.*, 6 Block user comment: N New Comment: Please note that RFC 4291 has been updated by RFC 5952. Previous Comments: ------------------------------------------------------------------------ [2010-08-17 18:47:30] michael at squiloople dot com It has come to my attention that the regular expression I provided above uses RFC 5321 as the authority on IPv6 address format. This differs from RFC 4291 however, which is the ACTUAL authority on IPv6 address format. The key difference between the two is that 4291 allows a double colon to represent just ONE 16-bit group of zeros whereas 5321 requires that it represent at least TWO groups. As such, I have provided a modified regular expression which conforms with 4291 in this respect (and have also removed the unnecessary capturing groups present in my earlier regex) (?:(?:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0- 9](?::|$)){8,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,6})?::(?:[a-f0- 9]{1,4}(?::[a-f0-9]{1,4}){0,6})?)))|(?:(?:(?:(?:[a-f0-9]{1,4}(?::[a-f0- 9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){6,})(?:[a-f0-9]{1,4}(?::[a-f0- 9]{1,4}){0,4})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,4}:)?)))?(?:25[0-5]|2[0- 4][0-9]|1[0-9]{2}|[1-9]?[0-9])(?:\.(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0- 9])){3})) ------------------------------------------------------------------------ [2010-02-01 15:34:13] mikerushton at hotmail dot co dot uk An addition: here's my solution (as a regular expression): (?:(?:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9](? ::|$)){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(? ::[a-f0-9]{1,4}){0,5})?)))|(?:(?:(?:[a-f0-9]{1,4}(?::[a-f0- 9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0- 9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?))?(?:(? :25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\.(?:(?:25[0- 5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3})) ------------------------------------------------------------------------ [2010-01-24 15:45:29] mikerushton at hotmail dot co dot uk Description: ------------ FILTER_VALIDATE_IP validates the incorrect 0:::255.255.255.255 and does not validate the correct 0::255.255.255.255 According to RFC 5321, the correct syntax is: [IPv6-hex *3(":" IPv6-hex)] "::" [IPv6-hex *3(":" IPv6-hex) ":"] IPv4- address-literal This does not allow for three consecutive colons. Reproduce code: --------------- // First filter_var('FFFF:::255.255.255.255', FILTER_VALIDATE_IP); // Second filter_var('FFFF::255.255.255.255', FILTER_VALIDATE_IP); Expected result: ---------------- // First bool(false) // Second string(21) 'FFFF::255.255.255.255' Actual result: -------------- // First string(22) 'FFFF:::255.255.255.255' // Second bool(false) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=50830&edit=1