Merge branch '2.7' into 2.8

nicolas-grekas · nicolas-grekas · commit 909649ff5ff6 · 2016-08-22T14:09:58.000+02:00
* 2.7:
  [travis] Use 7.0 until 7.1 is fixed
  Verify explicitly that the request IP is a valid IPv4 address
diff --git a/.travis.yml b/.travis.yml
@@ -28,7 +28,7 @@ matrix:
         - php: 5.6
         - php: 7.0
           env: deps=high
-        - php: 7.1
+        - php: 7.0
           env: deps=low
     fast_finish: true
 
diff --git a/src/Symfony/Component/HttpFoundation/IpUtils.php b/src/Symfony/Component/HttpFoundation/IpUtils.php
@@ -61,11 +61,14 @@ public static function checkIp($requestIp, $ips)
      */
     public static function checkIp4($requestIp, $ip)
     {
+        if (!filter_var($requestIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+            return false;
+        }
+
         if (false !== strpos($ip, '/')) {
             list($address, $netmask) = explode('/', $ip, 2);
 
             if ($netmask === '0') {
-                // Ensure IP is valid - using ip2long below implicitly validates, but we need to do it manually here
                 return filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
             }
 
diff --git a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php
@@ -37,6 +37,7 @@ public function testIpv4Provider()
             array(true, '1.2.3.4', '0.0.0.0/0'),
             array(true, '1.2.3.4', '192.168.1.0/0'),
             array(false, '1.2.3.4', '256.256.256/0'), // invalid CIDR notation
+            array(false, 'an_invalid_ip', '192.168.1.0/24'),
         );
     }
 

Original file line number	Diff line number	Diff line change
`@@ -61,11 +61,14 @@ public static function checkIp($requestIp, $ips)`
`61`	`61`	`*/`
`62`	`62`	`public static function checkIp4($requestIp, $ip)`
`63`	`63`	`{`
	`64`	`+ if (!filter_var($requestIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {`
	`65`	`+ return false;`
	`66`	`+ }`
	`67`	`+`
`64`	`68`	`if (false !== strpos($ip, '/')) {`
`65`	`69`	`list($address, $netmask) = explode('/', $ip, 2);`
`66`	`70`
`67`	`71`	`if ($netmask === '0') {`
`68`		`- // Ensure IP is valid - using ip2long below implicitly validates, but we need to do it manually here`
`69`	`72`	`return filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);`
`70`	`73`	`}`
`71`	`74`
Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,7 @@ public function testIpv4Provider()`
`37`	`37`	`array(true, '1.2.3.4', '0.0.0.0/0'),`
`38`	`38`	`array(true, '1.2.3.4', '192.168.1.0/0'),`
`39`	`39`	`array(false, '1.2.3.4', '256.256.256/0'), // invalid CIDR notation`
	`40`	`+ array(false, 'an_invalid_ip', '192.168.1.0/24'),`
`40`	`41`	`);`
`41`	`42`	`}`
`42`	`43`