From c2b45250c29357361d1f3f10dddd3c341864230b Mon Sep 17 00:00:00 2001 From: Johann Pardanaud Date: Thu, 18 Aug 2016 22:02:09 +0200 Subject: [PATCH 1/2] Verify explicitly that the request IP is a valid address --- src/Symfony/Component/HttpFoundation/IpUtils.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/HttpFoundation/IpUtils.php b/src/Symfony/Component/HttpFoundation/IpUtils.php index 82461d015960f..28093be43403f 100644 --- a/src/Symfony/Component/HttpFoundation/IpUtils.php +++ b/src/Symfony/Component/HttpFoundation/IpUtils.php @@ -61,11 +61,14 @@ public static function checkIp($requestIp, $ips) */ public static function checkIp4($requestIp, $ip) { + if (!filter_var($requestIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { + return false; + } + if (false !== strpos($ip, '/')) { list($address, $netmask) = explode('/', $ip, 2); if ($netmask === '0') { - // Ensure IP is valid - using ip2long below implicitly validates, but we need to do it manually here return filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } From 8491fcc315f9b8dae5dec6e63075bee4671e5c8b Mon Sep 17 00:00:00 2001 From: Johann Pardanaud Date: Fri, 19 Aug 2016 09:31:05 +0200 Subject: [PATCH 2/2] Add a new assertion in IPv4 tests Test added for the c2b45250c29357361d1f3f10dddd3c341864230b commit --- src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php index 877053f0f3907..a6d28a2943bbe 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php @@ -37,6 +37,7 @@ public function testIpv4Provider() array(true, '1.2.3.4', '0.0.0.0/0'), array(true, '1.2.3.4', '192.168.1.0/0'), array(false, '1.2.3.4', '256.256.256/0'), // invalid CIDR notation + array(false, 'an_invalid_ip', '192.168.1.0/24'), ); } pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy