Issues

ZF-10621: Expanded IP Address

Description

$validator = new Zend_Validate_Ip();

if ($validator->isValid('10.2.1.1')) { echo 'Valid'; } else { echo 'InValid'; }

This code produces the expected 'Valid' to be returned. However if you exchange the IPv4 Address with it's real notation as '010.002.001.001' the result is returned as 'InValid'.

I retested using IPv6 addresses and could not reproduce this behavior. Example IPv6 addresses used were:

FD35:4776:6804:2:1::4 and FD35:4776:6804:0002:0001:0000:0000:0004

This appears to only affect IPv4.

Comments

Re-Tested with 1.11.0, same results.

Test case to reproduce your issue:


/**
 * @ZF-10621
 */
public function testZeroPaddedIPv4AddressesAreValid()
{
    $this->assertTrue($this->_validator->isValid("010.002.001.001"));
}

The IPv4 address validation in Zend_Validate_Ip simply proxies to the built-in PHP functions ip2long and long2ip, and it is these functions which are rejecting the zero-padded octet format. I'm unsure if this by design or not. The Wikipedia article on dotted-decimal notation (http://en.wikipedia.org/wiki/Dot-decimal_notation/…) alludes to some clients treating zero-prefixed IPv4 octets as octal numbers, which would obviously be a different address than one having the octets in decimal representation.

The question becomes, if we are to override the default behavior in PHP's ip2long and long2ip, should zero-prefixed values be treated as octal (see [http://opengroup.org/onlinepubs/000095399/…]) or simply as zero-prefixed decimal.

Is there really a use case here where this needs to be fixed?

I feel that if this is an IP Address Validation function then it should validate the true form of an IPv4 address. In my particular situation we recently had an administrator enter the IPv4 Address I referenced into a database and later a second admin also entered the IP but in short format. Zend_Validate_IP did not detect that another IP address was already entered into the database because of the leading zero's. We are now expanding all IP Addresses to resolve this issue. But then this comes back to being an IP Validation function.

Would it be possible to expand an IP Address using Zend_Validate_IP and then validate if the IP isValid?

Since the original bug was submitted, three additional versions have been created and this issue still exists. This seems like a very simple fix, can we expect this to be fully resolved within the 1.x tree?

Added to ZF2 with GH-333

Thank You! =)