[TYPO3-core] RFC Bug #11450: Install tool access check should take IPv6 loopback into account
Martin Kutschker
masi-no at spam-typo3.org
Tue Jun 30 15:05:01 CEST 2009
Steffen Kamper schrieb:
> Hi,
>
> the "private" adresses should be solved with some php tricks, this could
> be a way to be not fixed on 127.0.0.1
> (t3lib_div::validIPv4($_SERVER['REMOTE_ADDR']) &&
> filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP,
> FILTER_FLAG_IPV4, FILTER_FLAG_NO_PRIV_RANGE) === FALSE)
> ||
> (t3lib_div::validIPv6($_SERVER['REMOTE_ADDR']) &&
> filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP,
> FILTER_FLAG_IPV6, FILTER_FLAG_NO_PRIV_RANGE) === FALSE)
Why doing a double filtering? t3lib_div and filter_var is an overkill.
Also it doesn't make sense to use both the FILTER_FLAG_IPV4 and
FILTER_FLAG_IPV6 one after the other. Simply leave it out to accept v4
and v6. Not to mention that the options are bit masks.
filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP,
FILTER_FLAG_NO_PRIV_RANGE)
But the real problem is that the filter doesn't do what you want it to.
It doesn't filter for loopback addresses.
Masi
More information about the TYPO3-team-core
mailing list