Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:47831 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 94485 invoked from network); 7 Apr 2010 21:18:31 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 7 Apr 2010 21:18:31 -0000 Authentication-Results: pb1.pair.com header.from=mikeg@bsd-box.net; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=mikeg@bsd-box.net; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain bsd-box.net designates 207.252.0.184 as permitted sender) X-PHP-List-Original-Sender: mikeg@bsd-box.net X-Host-Fingerprint: 207.252.0.184 flexo.bsd-box.net Received: from [207.252.0.184] ([207.252.0.184:60289] helo=flexo.bsd-box.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C6/13-20534-4A6FCBB4 for ; Wed, 07 Apr 2010 17:18:29 -0400 Received: from bsd-box.net (localhost [127.0.0.1]) by flexo.bsd-box.net (8.14.3/8.14.3) with ESMTP id o37LIJO1095617; Wed, 7 Apr 2010 17:18:20 -0400 (EDT) (envelope-from mikeg@bsd-box.net) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.95.3 at flexo.bsd-box.net Received: from 75.99.28.114 (SquirrelMail authenticated user mikeg) by bsd-box.net with HTTP; Wed, 7 Apr 2010 17:18:20 -0400 Message-ID: In-Reply-To: References: Date: Wed, 7 Apr 2010 17:18:20 -0400 To: "Justin Dearing" Cc: "Rasmus Lerdorf" , valli@icsurselva.ch, internals@lists.php.net User-Agent: SquirrelMail/1.4.19 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: Re: Bug 47435[Was]: Re: [PHP-DEV] What gruntwork needs to be done From: mikeg@bsd-box.net ("Michael Graziano") > Ramus, > > On Tue, Apr 6, 2010 at 1:34 PM, Rasmus Lerdorf wrote: > >> >> Here is a straightforward (but not easy) one: >> >> http://bugs.php.net/bug.php?id=47435 >> >> I actually found it easy, slightly tedious, and not straightforward. I > guess its perspective. > > I am CCing my former colleague Mike G who added is $.02 to the ticket at > my > request. > Valli's notes implied that FILTER_VALIDATE_IP should match CIDR netmask > notations. eg 0.0.0.0/0 and ::1/128 should match. They do not. I propose a > new flag called FILTER_FLAG_INCLUDE_CIDR_NETMASK that does match. I have mixed feelings on the CIDR matching aspect -- using CIDR notation It's possible to define an "insane" network (like 8000::/1 or 128.0.0.0/1 or 192.0.0.0/8) that encompasses a bunch of "special" nets, but is not itself "special" per the RFCs. It's a stupid and pathological edge case which should never happen, but it creates all sorts of funky interaction with the other filter flags that you would need to account for. Rejecting the CIDR mask and requiring an unqualified (and therefore implied v4/32 or v6/128) address is a neat (and common) way of sidestepping that problem. Having said that, in the sane, non-pathological case subnet matching is really nice to have. :) -MG