Exception
4 years ago
File
4 years ago
Session
4 years ago
Tests
4 years ago
AcceptHeader.php
4 years ago
AcceptHeaderItem.php
4 years ago
ApacheRequest.php
4 years ago
BinaryFileResponse.php
4 years ago
Cookie.php
4 years ago
ExpressionRequestMatcher.php
4 years ago
FileBag.php
4 years ago
HeaderBag.php
4 years ago
IpUtils.php
4 years ago
JsonResponse.php
4 years ago
LICENSE
4 years ago
ParameterBag.php
4 years ago
RedirectResponse.php
4 years ago
Request.php
4 years ago
RequestMatcher.php
4 years ago
RequestMatcherInterface.php
4 years ago
RequestStack.php
4 years ago
Response.php
4 years ago
ResponseHeaderBag.php
4 years ago
ServerBag.php
4 years ago
StreamedResponse.php
4 years ago
IpUtils.php
157 lines
| 1 | <?php |
| 2 | |
| 3 | /* |
| 4 | * This file is part of the Symfony package. |
| 5 | * |
| 6 | * (c) Fabien Potencier <fabien@symfony.com> |
| 7 | * |
| 8 | * For the full copyright and license information, please view the LICENSE |
| 9 | * file that was distributed with this source code. |
| 10 | */ |
| 11 | |
| 12 | namespace Symfony\Component\HttpFoundation; |
| 13 | |
| 14 | /** |
| 15 | * Http utility functions. |
| 16 | * |
| 17 | * @author Fabien Potencier <fabien@symfony.com> |
| 18 | */ |
| 19 | class IpUtils |
| 20 | { |
| 21 | private static $checkedIps = []; |
| 22 | |
| 23 | /** |
| 24 | * This class should not be instantiated. |
| 25 | */ |
| 26 | private function __construct() |
| 27 | { |
| 28 | } |
| 29 | |
| 30 | /** |
| 31 | * Checks if an IPv4 or IPv6 address is contained in the list of given IPs or subnets. |
| 32 | * |
| 33 | * @param string $requestIp IP to check |
| 34 | * @param string|array $ips List of IPs or subnets (can be a string if only a single one) |
| 35 | * |
| 36 | * @return bool Whether the IP is valid |
| 37 | */ |
| 38 | public static function checkIp($requestIp, $ips) |
| 39 | { |
| 40 | if (!\is_array($ips)) { |
| 41 | $ips = [$ips]; |
| 42 | } |
| 43 | |
| 44 | $method = substr_count($requestIp, ':') > 1 ? 'checkIp6' : 'checkIp4'; |
| 45 | |
| 46 | foreach ($ips as $ip) { |
| 47 | if (self::$method($requestIp, $ip)) { |
| 48 | return true; |
| 49 | } |
| 50 | } |
| 51 | |
| 52 | return false; |
| 53 | } |
| 54 | |
| 55 | /** |
| 56 | * Compares two IPv4 addresses. |
| 57 | * In case a subnet is given, it checks if it contains the request IP. |
| 58 | * |
| 59 | * @param string $requestIp IPv4 address to check |
| 60 | * @param string $ip IPv4 address or subnet in CIDR notation |
| 61 | * |
| 62 | * @return bool Whether the request IP matches the IP, or whether the request IP is within the CIDR subnet |
| 63 | */ |
| 64 | public static function checkIp4($requestIp, $ip) |
| 65 | { |
| 66 | $cacheKey = $requestIp.'-'.$ip; |
| 67 | if (isset(self::$checkedIps[$cacheKey])) { |
| 68 | return self::$checkedIps[$cacheKey]; |
| 69 | } |
| 70 | |
| 71 | if (!filter_var($requestIp, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV4)) { |
| 72 | return self::$checkedIps[$cacheKey] = false; |
| 73 | } |
| 74 | |
| 75 | if (false !== strpos($ip, '/')) { |
| 76 | list($address, $netmask) = explode('/', $ip, 2); |
| 77 | |
| 78 | if ('0' === $netmask) { |
| 79 | return self::$checkedIps[$cacheKey] = filter_var($address, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV4); |
| 80 | } |
| 81 | |
| 82 | if ($netmask < 0 || $netmask > 32) { |
| 83 | return self::$checkedIps[$cacheKey] = false; |
| 84 | } |
| 85 | } else { |
| 86 | $address = $ip; |
| 87 | $netmask = 32; |
| 88 | } |
| 89 | |
| 90 | if (false === ip2long($address)) { |
| 91 | return self::$checkedIps[$cacheKey] = false; |
| 92 | } |
| 93 | |
| 94 | return self::$checkedIps[$cacheKey] = 0 === substr_compare(sprintf('%032b', ip2long($requestIp)), sprintf('%032b', ip2long($address)), 0, $netmask); |
| 95 | } |
| 96 | |
| 97 | /** |
| 98 | * Compares two IPv6 addresses. |
| 99 | * In case a subnet is given, it checks if it contains the request IP. |
| 100 | * |
| 101 | * @author David Soria Parra <dsp at php dot net> |
| 102 | * |
| 103 | * @see https://github.com/dsp/v6tools |
| 104 | * |
| 105 | * @param string $requestIp IPv6 address to check |
| 106 | * @param string $ip IPv6 address or subnet in CIDR notation |
| 107 | * |
| 108 | * @return bool Whether the IP is valid |
| 109 | * |
| 110 | * @throws \RuntimeException When IPV6 support is not enabled |
| 111 | */ |
| 112 | public static function checkIp6($requestIp, $ip) |
| 113 | { |
| 114 | $cacheKey = $requestIp.'-'.$ip; |
| 115 | if (isset(self::$checkedIps[$cacheKey])) { |
| 116 | return self::$checkedIps[$cacheKey]; |
| 117 | } |
| 118 | |
| 119 | if (!((\extension_loaded('sockets') && \defined('AF_INET6')) || @inet_pton('::1'))) { |
| 120 | throw new \RuntimeException('Unable to check Ipv6. Check that PHP was not compiled with option "disable-ipv6".'); |
| 121 | } |
| 122 | |
| 123 | if (false !== strpos($ip, '/')) { |
| 124 | list($address, $netmask) = explode('/', $ip, 2); |
| 125 | |
| 126 | if ('0' === $netmask) { |
| 127 | return (bool) unpack('n*', @inet_pton($address)); |
| 128 | } |
| 129 | |
| 130 | if ($netmask < 1 || $netmask > 128) { |
| 131 | return self::$checkedIps[$cacheKey] = false; |
| 132 | } |
| 133 | } else { |
| 134 | $address = $ip; |
| 135 | $netmask = 128; |
| 136 | } |
| 137 | |
| 138 | $bytesAddr = unpack('n*', @inet_pton($address)); |
| 139 | $bytesTest = unpack('n*', @inet_pton($requestIp)); |
| 140 | |
| 141 | if (!$bytesAddr || !$bytesTest) { |
| 142 | return self::$checkedIps[$cacheKey] = false; |
| 143 | } |
| 144 | |
| 145 | for ($i = 1, $ceil = ceil($netmask / 16); $i <= $ceil; ++$i) { |
| 146 | $left = $netmask - 16 * ($i - 1); |
| 147 | $left = ($left <= 16) ? $left : 16; |
| 148 | $mask = ~(0xffff >> $left) & 0xffff; |
| 149 | if (($bytesAddr[$i] & $mask) != ($bytesTest[$i] & $mask)) { |
| 150 | return self::$checkedIps[$cacheKey] = false; |
| 151 | } |
| 152 | } |
| 153 | |
| 154 | return self::$checkedIps[$cacheKey] = true; |
| 155 | } |
| 156 | } |
| 157 |