From: Aaron Schulz Date: Mon, 27 Jul 2009 06:08:41 +0000 (+0000) Subject: * IPv6 validation check fix for bug 19003 X-Git-Tag: 1.31.0-rc.0~40701 X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/membres/fiche.php?a=commitdiff_plain;h=c0a1b76624770e5d12bc317e7ff5f6eacae2156e;p=lhc%2Fweb%2Fwiklou.git * IPv6 validation check fix for bug 19003 * Made regexps a bit more readable by breaking lines --- diff --git a/includes/IP.php b/includes/IP.php index a2a3547807..45ac6289f6 100644 --- a/includes/IP.php +++ b/includes/IP.php @@ -18,16 +18,24 @@ define( 'RE_IPV6_GAP', ':(?:0+:)*(?::(?:0+:)*)?' ); define( 'RE_IPV6_V4_PREFIX', '0*' . RE_IPV6_GAP . '(?:ffff:)?' ); // An IPv6 block is an IP address and a prefix (d1 to d128) define( 'RE_IPV6_PREFIX', '(12[0-8]|1[01][0-9]|[1-9]?\d)'); -// An IPv6 IP is made up of 8 octets. However abbreviations like "::" can be used. This is lax! -define( 'RE_IPV6_ADD', '(:(:' . RE_IPV6_WORD . '){1,7}|' . RE_IPV6_WORD . '(:{1,2}' . RE_IPV6_WORD . '|::$){1,7})' ); +// An IPv6 IP is made up of 8 octets. However abbreviations like "::" can be used. +// This is lax! Number of octets/double colons validation not done. +define( 'RE_IPV6_ADD', + '(' . + ':(:' . RE_IPV6_WORD . '){1,7}' . // IPs that start with ":" + '|' . + RE_IPV6_WORD . '(:{1,2}' . RE_IPV6_WORD . '|::$){1,7}' . // IPs that don't start with ":" + ')' +); define( 'RE_IPV6_BLOCK', RE_IPV6_ADD . '\/' . RE_IPV6_PREFIX ); // This might be useful for regexps used elsewhere, matches any IPv6 or IPv6 address or network define( 'IP_ADDRESS_STRING', '(?:' . - RE_IP_ADD . '(\/' . RE_IP_PREFIX . '|)' . + RE_IP_ADD . '(\/' . RE_IP_PREFIX . '|)' . // IPv4 '|' . - RE_IPV6_ADD . '(\/' . RE_IPV6_PREFIX . '|)' . - ')' ); + RE_IPV6_ADD . '(\/' . RE_IPV6_PREFIX . '|)' . // IPv6 + ')' +); /** * A collection of public static functions to play with IP address @@ -52,10 +60,12 @@ class IP { public static function isIPv6( $ip ) { if ( !$ip ) return false; if( is_array( $ip ) ) { - throw new MWException( "invalid value passed to " . __METHOD__ ); + throw new MWException( "invalid value passed to " . __METHOD__ ); } + $doubleColons = substr_count($ip, '::'); // IPv6 IPs with two "::" strings are ambiguous and thus invalid - return preg_match( '/^' . RE_IPV6_ADD . '(\/' . RE_IPV6_PREFIX . '|)$/', $ip) && ( substr_count($ip, '::') < 2); + return preg_match( '/^' . RE_IPV6_ADD . '(\/' . RE_IPV6_PREFIX . '|)$/', $ip) + && ( $doubleColons == 1 || substr_count($ip,':') == 7 ); } public static function isIPv4( $ip ) {