[eluser]victorche[/eluser]
I can not say that this is a bug, but anyway the user guide says:
Quote:If the IP address is not valid, the function will return an IP of: 0.0.0.0
And this is wrong. The current code will check only for ipv4 address. If you have a valid ipv6 address, it will show 0.0.0.0 too.
And ipv6 is coming fast...
[eluser]DjLeChuck[/eluser]
Hi victorche,
Take a look in ./system/core/Input.php [~ l.310, function valid_ip($ip)].
It works for ipv4, not ipv6... ;-)
You can hack the class (Don't know how to do with a hook...)
Code: <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
// [Blabla]
/**
* Input Class
*
* Pre-processes global input data for security
*
* @package CodeIgniter
* @subpackage Libraries
* @category Input
* @author ExpressionEngine Dev Team
* @link http://ellislab.com/codeigniter/user-guide/libraries/input.html
*/
class CI_Input {
// [Blabla]
/**
* Fetch the IP Address
*
* @access public
* @return string
*/
function ip_address()
{
if ($this->ip_address !== FALSE)
{
return $this->ip_address;
}
if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR'))
{
$proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY);
$proxies = is_array($proxies) ? $proxies : array($proxies);
$this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
}
elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP'))
{
$this->ip_address = $_SERVER['HTTP_CLIENT_IP'];
}
elseif ($this->server('REMOTE_ADDR'))
{
$this->ip_address = $_SERVER['REMOTE_ADDR'];
}
elseif ($this->server('HTTP_CLIENT_IP'))
{
$this->ip_address = $_SERVER['HTTP_CLIENT_IP'];
}
elseif ($this->server('HTTP_X_FORWARDED_FOR'))
{
$this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
if ($this->ip_address === FALSE)
{
$this->ip_address = '0.0.0.0';
return $this->ip_address;
}
if (strpos($this->ip_address, ',') !== FALSE)
{
$x = explode(',', $this->ip_address);
$this->ip_address = trim(end($x));
}
if ( ! $this->valid_ip($this->ip_address))
{
if (substr_count($this->ip_address, ':') > 0):
$this->ip_address = '::0.0.0.0';
else:
$this->ip_address = '0.0.0.0';
endif;
}
return $this->ip_address;
}
// --------------------------------------------------------------------
/**
* Validate IP Address
*
* Updated version suggested by Geert De Deckere
* Add IPV6 validation
*
* @access public
* @param string
* @return string
*/
function valid_ip($ip)
{
// Check if it's IPV4 or IPV6
if (substr_count($ip, ':') > 0):
// IPV6
// RegExp from http://forums.dartware.com/viewtopic.php?t=452
// MUST be in 1 line !
define('IPV6_REGEX', "/^\s*((([0-9A-Fa-f]{1,4}:){7}(([0-9A-Fa-f]{1,4})|:))|(([0-9A-Fa-f]{1,4}:){6}(:|((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})|(:[0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){5}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:){4}(:[0-9A-Fa-f]{1,4}){0,1}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:){3}(:[0-9A-Fa-f]{1,4}){0,2}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:){2}(:[0-9A-Fa-f]{1,4}){0,3}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:)(:[0-9A-Fa-f]{1,4}){0,4}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(:(:[0-9A-Fa-f]{1,4}){0,5}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})))(%.+)?\s*$/");
if (!preg_match(IPV6_REGEX, $ip)):
return FALSE;
endif;
else:
// IPV4
$ip_segments = explode('.', $ip);
// Always 4 segments needed
if (count($ip_segments) != 4)
{
return FALSE;
}
// IP can not start with 0
if ($ip_segments[0][0] == '0')
{
return FALSE;
}
// Check each segment
foreach ($ip_segments as $segment)
{
// IP segments must be digits and can not be
// longer than 3 digits or greater then 255
if ($segment == '' OR preg_match("/[^0-9]/", $segment) OR $segment > 255 OR strlen($segment) > 3)
{
return FALSE;
}
}
endif;
return TRUE;
}
// --------------------------------------------------------------------
// [Blabla]
}
// END Input class
/* End of file Input.php */
/* Location: ./system/core/Input.php */
?>
[eluser]victorche[/eluser]
That's what I am saying... It is not working with ipv6 addresses. It should be fixed, or described in the user guide. Because now, with a valid ipv6 ip address, it says 0.0.0.0, like it is invalid.
I am not capable of writing a fix for that, maybe some of the devs can check your code.
[eluser]DjLeChuck[/eluser]
You can't write a fix, but you can hack your own file if needed. 
[eluser]InsiteFX[/eluser]
You do not hack a CodeIgniter Core Class you extend the CI_Input Class and add your own code to it!
Code: Place in application/core
class MY_Input extends CI_Input{
}
InsiteFX
[eluser]Derek Allard[/eluser]
Actually, this is a really good point. Probably worth getting in touch with the CI team (I don't think a bug report here would be inappropriate) and asking for a note of clarification in the userguide.
[eluser]Derek Allard[/eluser]
submitted twice. baleete me.
[eluser]InsiteFX[/eluser]
Derek,
I have already placed this on the Reactor site a month ago, but no votes so it will not go anywhere!
They have already ran out of IPV4 addresses so IPV6 is now here!
InsiteFX
[eluser]Derek Allard[/eluser]
That's great man. Hey, what's the link?
|
