Verify explicitly that the request IP is a valid IPv4 address

2016-08-18 22:02:09 +02:00 · 2016-08-18 22:02:09 +02:00 · 17e418caf0
parent 56cdaf96d6
commit 17e418caf0
2 changed files with 5 additions and 1 deletions
--- a/src/Symfony/Component/HttpFoundation/IpUtils.php
+++ b/src/Symfony/Component/HttpFoundation/IpUtils.php
@ -61,11 +61,14 @@ class IpUtils
     */
    public static function checkIp4($requestIp, $ip)
    {
+        if (!filter_var($requestIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+            return false;
+        }
+
        if (false !== strpos($ip, '/')) {
            list($address, $netmask) = explode('/', $ip, 2);

            if ($netmask === '0') {
-                // Ensure IP is valid - using ip2long below implicitly validates, but we need to do it manually here
                return filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
            }

--- a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php
@ -37,6 +37,7 @@ class IpUtilsTest extends \PHPUnit_Framework_TestCase
            array(true, '1.2.3.4', '0.0.0.0/0'),
            array(true, '1.2.3.4', '192.168.1.0/0'),
            array(false, '1.2.3.4', '256.256.256/0'), // invalid CIDR notation
+            array(false, 'an_invalid_ip', '192.168.1.0/24'),
        );
    }