Make WordPress Core

Opened 14 years ago

Closed 14 years ago

#11393 closed defect (bug) (fixed)

class-ftp.php doesn't check correctly for IP validity under PHP5

Reported by: miqrogroove's profile miqrogroove Owned by:
Milestone: 2.9 Priority: normal
Severity: minor Version:
Component: General Keywords: has-patch
Focuses: Cc:


if(ip2long($ip) === -1) {

ip2long() never returns int(-1) in PHP5, except on 32-bit servers.

Attachments (1)

11393.diff (527 bytes) - added by nacin 14 years ago.
Checks for false in addition to -1.

Download all attachments as: .zip

Change History (7)

14 years ago

Checks for false in addition to -1.

#1 @nacin
14 years ago

  • Keywords has-patch added

Attached is a simple fix is to allow for both. Pretty sure that's exactly what the PHP docs suggest.

#2 @miqrogroove
14 years ago

Just for reference, Akismet is using

if ( $ip && long2ip(ip2long($ip)) ) {

Checking FALSE is much easier to read, so nacin's patch has my vote.

#3 @nacin
14 years ago

Yea, I was going to reference Akismet's use of long2ip & ip2long together. I'm pretty sure that's to correct to whether an IP is valid, not to check whether it is valid, if that makes sense, though I suppose both would work here.

Both examples appear in the PHP docs:

#4 @westi
14 years ago

  • Summary changed from class-ftp.php Using a PHP4 Return Value to class-ftp.php doesn't check correctly for IP validity under PHP5

#5 @westi
14 years ago

The check in akismet won't actually work anyway.

For Example "Howdy" && long2ip(ip2long("Howdy")) will evaluate to true as the string evaluates to true and the false returned by ip2long will cast to an int(0) fine which becomes an ip address of "" which as a string with evaluate to true.

#6 @westi
14 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [12387]) Fix the IP Address validation code in the FTP class. Fixes #11393 props nacin.

Note: See TracTickets for help on using tickets.