Issues

ZF-10621: Expanded IP Address

Issue Type: Improvement Created: 2010-11-01T12:04:59.000+0000 Last Updated: 2011-08-26T18:04:42.000+0000 Status: Resolved Fix version(s): - Next Major Release ()

Reporter: Sammie S. Taunton (diemuzi) Assignee: Thomas Weidner (thomas) Tags: - Zend_Validate

  • validating

Related issues: Attachments:

Description

$validator = new Zend_Validate_Ip();

if ($validator->isValid('10.2.1.1')) { echo 'Valid'; } else { echo 'InValid'; }

This code produces the expected 'Valid' to be returned. However if you exchange the IPv4 Address with it's real notation as '010.002.001.001' the result is returned as 'InValid'.

I retested using IPv6 addresses and could not reproduce this behavior. Example IPv6 addresses used were:

FD35:4776:6804:2:1::4 and FD35:4776:6804:0002:0001:0000:0000:0004

This appears to only affect IPv4.

Comments

Posted by Sammie S. Taunton (diemuzi) on 2010-11-22T11:41:11.000+0000

Re-Tested with 1.11.0, same results.

Posted by Adam Lundrigan (adamlundrigan) on 2010-12-17T19:41:16.000+0000

Test case to reproduce your issue:

<pre class="highlight">
/**
 * @ZF-10621
 */
public function testZeroPaddedIPv4AddressesAreValid()
{
    $this->assertTrue($this->_validator->isValid("010.002.001.001"));
}

The IPv4 address validation in Zend_Validate_Ip simply proxies to the built-in PHP functions ip2long and long2ip, and it is these functions which are rejecting the zero-padded octet format. I'm unsure if this by design or not. The Wikipedia article on dotted-decimal notation (http://en.wikipedia.org/wiki/Dot-decimal_notation/…) alludes to some clients treating zero-prefixed IPv4 octets as octal numbers, which would obviously be a different address than one having the octets in decimal representation.

Posted by Marc Hodgins (mjh_ca) on 2010-12-17T23:43:31.000+0000

The question becomes, if we are to override the default behavior in PHP's ip2long and long2ip, should zero-prefixed values be treated as octal (see [http://opengroup.org/onlinepubs/000095399/…]) or simply as zero-prefixed decimal.

Is there really a use case here where this needs to be fixed?

Posted by Sammie S. Taunton (diemuzi) on 2010-12-18T14:37:34.000+0000

I feel that if this is an IP Address Validation function then it should validate the true form of an IPv4 address. In my particular situation we recently had an administrator enter the IPv4 Address I referenced into a database and later a second admin also entered the IP but in short format. Zend_Validate_IP did not detect that another IP address was already entered into the database because of the leading zero's. We are now expanding all IP Addresses to resolve this issue. But then this comes back to being an IP Validation function.

Would it be possible to expand an IP Address using Zend_Validate_IP and then validate if the IP isValid?

Posted by Sammie S. Taunton (diemuzi) on 2011-02-01T14:09:29.000+0000

Since the original bug was submitted, three additional versions have been created and this issue still exists. This seems like a very simple fix, can we expect this to be fully resolved within the 1.x tree?

Posted by Thomas Weidner (thomas) on 2011-08-26T17:24:46.000+0000

Added to ZF2 with GH-333

Posted by Sammie S. Taunton (diemuzi) on 2011-08-26T18:04:42.000+0000

Thank You! =)

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts