613910bc9f
This PR was squashed before being merged into the 2.3 branch (closes #16177).
Discussion
----------
[HttpFoundation] Fixes /0 subnet handling in IpUtils
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16055
| License | MIT
| Doc PR | Not needed
Fixes bug #16055. For IP addresses with CIDR subnet length 0, the IP address must be valid - IPs with subnet masks greater than zero are implicitly validated due to the use of `ip2long` and `substr_compare` (although it's not particularly robust - there could be some future work to improve this here).
Commits
-------
d9ac571
[HttpFoundation] Fixes /0 subnet handling in IpUtils
82 lines
2.8 KiB
PHP
82 lines
2.8 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of the Symfony package.
|
|
*
|
|
* (c) Fabien Potencier <fabien@symfony.com>
|
|
*
|
|
* For the full copyright and license information, please view the LICENSE
|
|
* file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Symfony\Component\HttpFoundation\Tests;
|
|
|
|
use Symfony\Component\HttpFoundation\IpUtils;
|
|
|
|
class IpUtilsTest extends \PHPUnit_Framework_TestCase
|
|
{
|
|
/**
|
|
* @dataProvider testIpv4Provider
|
|
*/
|
|
public function testIpv4($matches, $remoteAddr, $cidr)
|
|
{
|
|
$this->assertSame($matches, IpUtils::checkIp($remoteAddr, $cidr));
|
|
}
|
|
|
|
public function testIpv4Provider()
|
|
{
|
|
return array(
|
|
array(true, '192.168.1.1', '192.168.1.1'),
|
|
array(true, '192.168.1.1', '192.168.1.1/1'),
|
|
array(true, '192.168.1.1', '192.168.1.0/24'),
|
|
array(false, '192.168.1.1', '1.2.3.4/1'),
|
|
array(false, '192.168.1.1', '192.168.1.1/33'), // invalid subnet
|
|
array(true, '192.168.1.1', array('1.2.3.4/1', '192.168.1.0/24')),
|
|
array(true, '192.168.1.1', array('192.168.1.0/24', '1.2.3.4/1')),
|
|
array(false, '192.168.1.1', array('1.2.3.4/1', '4.3.2.1/1')),
|
|
array(true, '1.2.3.4', '0.0.0.0/0'),
|
|
array(true, '1.2.3.4', '192.168.1.0/0'),
|
|
array(false, '1.2.3.4', '256.256.256/0'), // invalid CIDR notation
|
|
);
|
|
}
|
|
|
|
/**
|
|
* @dataProvider testIpv6Provider
|
|
*/
|
|
public function testIpv6($matches, $remoteAddr, $cidr)
|
|
{
|
|
if (!defined('AF_INET6')) {
|
|
$this->markTestSkipped('Only works when PHP is compiled without the option "disable-ipv6".');
|
|
}
|
|
|
|
$this->assertSame($matches, IpUtils::checkIp($remoteAddr, $cidr));
|
|
}
|
|
|
|
public function testIpv6Provider()
|
|
{
|
|
return array(
|
|
array(true, '2a01:198:603:0:396e:4789:8e99:890f', '2a01:198:603:0::/65'),
|
|
array(false, '2a00:198:603:0:396e:4789:8e99:890f', '2a01:198:603:0::/65'),
|
|
array(false, '2a01:198:603:0:396e:4789:8e99:890f', '::1'),
|
|
array(true, '0:0:0:0:0:0:0:1', '::1'),
|
|
array(false, '0:0:603:0:396e:4789:8e99:0001', '::1'),
|
|
array(true, '2a01:198:603:0:396e:4789:8e99:890f', array('::1', '2a01:198:603:0::/65')),
|
|
array(true, '2a01:198:603:0:396e:4789:8e99:890f', array('2a01:198:603:0::/65', '::1')),
|
|
array(false, '2a01:198:603:0:396e:4789:8e99:890f', array('::1', '1a01:198:603:0::/65')),
|
|
);
|
|
}
|
|
|
|
/**
|
|
* @expectedException \RuntimeException
|
|
* @requires extension sockets
|
|
*/
|
|
public function testAnIpv6WithOptionDisabledIpv6()
|
|
{
|
|
if (defined('AF_INET6')) {
|
|
$this->markTestSkipped('Only works when PHP is compiled with the option "disable-ipv6".');
|
|
}
|
|
|
|
IpUtils::checkIp('2a01:198:603:0:396e:4789:8e99:890f', '2a01:198:603:0::/65');
|
|
}
|
|
}
|