- Generated on Wed Oct 1 2014 21:36:26 for MediaWiki by
1.7.6.1
|
MediaWiki
REL1_19
|
00001 <?php 00024 // Some regex definition to "play" with IP address and IP address blocks 00025 00026 // An IPv4 address is made of 4 bytes from x00 to xFF which is d0 to d255 00027 define( 'RE_IP_BYTE', '(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|0?[0-9]?[0-9])' ); 00028 define( 'RE_IP_ADD', RE_IP_BYTE . '\.' . RE_IP_BYTE . '\.' . RE_IP_BYTE . '\.' . RE_IP_BYTE ); 00029 // An IPv4 block is an IP address and a prefix (d1 to d32) 00030 define( 'RE_IP_PREFIX', '(3[0-2]|[12]?\d)' ); 00031 define( 'RE_IP_BLOCK', RE_IP_ADD . '\/' . RE_IP_PREFIX ); 00032 00033 // An IPv6 address is made up of 8 words (each x0000 to xFFFF). 00034 // However, the "::" abbreviation can be used on consecutive x0000 words. 00035 define( 'RE_IPV6_WORD', '([0-9A-Fa-f]{1,4})' ); 00036 define( 'RE_IPV6_PREFIX', '(12[0-8]|1[01][0-9]|[1-9]?\d)'); 00037 define( 'RE_IPV6_ADD', 00038 '(?:' . // starts with "::" (including "::") 00039 ':(?::|(?::' . RE_IPV6_WORD . '){1,7})' . 00040 '|' . // ends with "::" (except "::") 00041 RE_IPV6_WORD . '(?::' . RE_IPV6_WORD . '){0,6}::' . 00042 '|' . // contains one "::" in the middle, ending in "::WORD" 00043 RE_IPV6_WORD . '(?::' . RE_IPV6_WORD . '){0,5}' . '::' . RE_IPV6_WORD . 00044 '|' . // contains one "::" in the middle, not ending in "::WORD" (regex for PCRE 4.0+) 00045 RE_IPV6_WORD . '(?::(?P<abn>:(?P<iabn>))?' . RE_IPV6_WORD . '(?!:(?P=abn))){1,5}' . 00046 ':' . RE_IPV6_WORD . '(?P=iabn)' . 00047 // NOTE: (?!(?P=abn)) fails iff "::" used twice; (?P=iabn) passes iff a "::" was found. 00048 '|' . // contains no "::" 00049 RE_IPV6_WORD . '(?::' . RE_IPV6_WORD . '){7}' . 00050 ')' 00051 // NOTE: With PCRE 7.2+, we can combine the two '"::" in the middle' cases into: 00052 // RE_IPV6_WORD . '(?::((?(-1)|:))?' . RE_IPV6_WORD . '){1,6}(?(-2)|^)' 00053 // This also improves regex concatenation by using relative references. 00054 ); 00055 // An IPv6 block is an IP address and a prefix (d1 to d128) 00056 define( 'RE_IPV6_BLOCK', RE_IPV6_ADD . '\/' . RE_IPV6_PREFIX ); 00057 // For IPv6 canonicalization (NOT for strict validation; these are quite lax!) 00058 define( 'RE_IPV6_GAP', ':(?:0+:)*(?::(?:0+:)*)?' ); 00059 define( 'RE_IPV6_V4_PREFIX', '0*' . RE_IPV6_GAP . '(?:ffff:)?' ); 00060 00061 // This might be useful for regexps used elsewhere, matches any IPv6 or IPv6 address or network 00062 define( 'IP_ADDRESS_STRING', 00063 '(?:' . 00064 RE_IP_ADD . '(?:\/' . RE_IP_PREFIX . ')?' . // IPv4 00065 '|' . 00066 RE_IPV6_ADD . '(?:\/' . RE_IPV6_PREFIX . ')?' . // IPv6 00067 ')' 00068 ); 00069 00074 class IP { 00083 public static function isIPAddress( $ip ) { 00084 return (bool)preg_match( '/^' . IP_ADDRESS_STRING . '$/', $ip ); 00085 } 00086 00094 public static function isIPv6( $ip ) { 00095 return (bool)preg_match( '/^' . RE_IPV6_ADD . '(?:\/' . RE_IPV6_PREFIX . ')?$/', $ip ); 00096 } 00097 00105 public static function isIPv4( $ip ) { 00106 return (bool)preg_match( '/^' . RE_IP_ADD . '(?:\/' . RE_IP_PREFIX . ')?$/', $ip ); 00107 } 00108 00117 public static function isValid( $ip ) { 00118 return ( preg_match( '/^' . RE_IP_ADD . '$/', $ip ) 00119 || preg_match( '/^' . RE_IPV6_ADD . '$/', $ip ) ); 00120 } 00121 00130 public static function isValidBlock( $ipblock ) { 00131 return ( preg_match( '/^' . RE_IPV6_BLOCK . '$/', $ipblock ) 00132 || preg_match( '/^' . RE_IP_BLOCK . '$/', $ipblock ) ); 00133 } 00134 00143 public static function sanitizeIP( $ip ) { 00144 $ip = trim( $ip ); 00145 if ( $ip === '' ) { 00146 return null; 00147 } 00148 if ( self::isIPv4( $ip ) || !self::isIPv6( $ip ) ) { 00149 return $ip; // nothing else to do for IPv4 addresses or invalid ones 00150 } 00151 // Remove any whitespaces, convert to upper case 00152 $ip = strtoupper( $ip ); 00153 // Expand zero abbreviations 00154 $abbrevPos = strpos( $ip, '::' ); 00155 if ( $abbrevPos !== false ) { 00156 // We know this is valid IPv6. Find the last index of the 00157 // address before any CIDR number (e.g. "a:b:c::/24"). 00158 $CIDRStart = strpos( $ip, "/" ); 00159 $addressEnd = ( $CIDRStart !== false ) 00160 ? $CIDRStart - 1 00161 : strlen( $ip ) - 1; 00162 // If the '::' is at the beginning... 00163 if ( $abbrevPos == 0 ) { 00164 $repeat = '0:'; 00165 $extra = ( $ip == '::' ) ? '0' : ''; // for the address '::' 00166 $pad = 9; // 7+2 (due to '::') 00167 // If the '::' is at the end... 00168 } elseif ( $abbrevPos == ( $addressEnd - 1 ) ) { 00169 $repeat = ':0'; 00170 $extra = ''; 00171 $pad = 9; // 7+2 (due to '::') 00172 // If the '::' is in the middle... 00173 } else { 00174 $repeat = ':0'; 00175 $extra = ':'; 00176 $pad = 8; // 6+2 (due to '::') 00177 } 00178 $ip = str_replace( '::', 00179 str_repeat( $repeat, $pad - substr_count( $ip, ':' ) ) . $extra, 00180 $ip 00181 ); 00182 } 00183 // Remove leading zereos from each bloc as needed 00184 $ip = preg_replace( '/(^|:)0+(' . RE_IPV6_WORD . ')/', '$1$2', $ip ); 00185 return $ip; 00186 } 00187 00204 public static function splitHostAndPort( $both ) { 00205 if ( substr( $both, 0, 1 ) === '[' ) { 00206 if ( preg_match( '/^\[(' . RE_IPV6_ADD . ')\](?::(?P<port>\d+))?$/', $both, $m ) ) { 00207 if ( isset( $m['port'] ) ) { 00208 return array( $m[1], intval( $m['port'] ) ); 00209 } else { 00210 return array( $m[1], false ); 00211 } 00212 } else { 00213 // Square bracket found but no IPv6 00214 return false; 00215 } 00216 } 00217 $numColons = substr_count( $both, ':' ); 00218 if ( $numColons >= 2 ) { 00219 // Is it a bare IPv6 address? 00220 if ( preg_match( '/^' . RE_IPV6_ADD . '$/', $both ) ) { 00221 return array( $both, false ); 00222 } else { 00223 // Not valid IPv6, but too many colons for anything else 00224 return false; 00225 } 00226 } 00227 if ( $numColons >= 1 ) { 00228 // Host:port? 00229 $bits = explode( ':', $both ); 00230 if ( preg_match( '/^\d+/', $bits[1] ) ) { 00231 return array( $bits[0], intval( $bits[1] ) ); 00232 } else { 00233 // Not a valid port 00234 return false; 00235 } 00236 } 00237 // Plain hostname 00238 return array( $both, false ); 00239 } 00240 00252 public static function combineHostAndPort( $host, $port, $defaultPort = false ) { 00253 if ( strpos( $host, ':' ) !== false ) { 00254 $host = "[$host]"; 00255 } 00256 if ( $defaultPort !== false && $port == $defaultPort ) { 00257 return $host; 00258 } else { 00259 return "$host:$port"; 00260 } 00261 } 00262 00269 public static function toOctet( $ip_int ) { 00270 return self::hexToOctet( wfBaseConvert( $ip_int, 10, 16, 32, false ) ); 00271 } 00272 00279 public static function formatHex( $hex ) { 00280 if ( substr( $hex, 0, 3 ) == 'v6-' ) { // IPv6 00281 return self::hexToOctet( substr( $hex, 3 ) ); 00282 } else { // IPv4 00283 return self::hexToQuad( $hex ); 00284 } 00285 } 00286 00293 public static function hexToOctet( $ip_hex ) { 00294 // Pad hex to 32 chars (128 bits) 00295 $ip_hex = str_pad( strtoupper( $ip_hex ), 32, '0', STR_PAD_LEFT ); 00296 // Separate into 8 words 00297 $ip_oct = substr( $ip_hex, 0, 4 ); 00298 for ( $n = 1; $n < 8; $n++ ) { 00299 $ip_oct .= ':' . substr( $ip_hex, 4 * $n, 4 ); 00300 } 00301 // NO leading zeroes 00302 $ip_oct = preg_replace( '/(^|:)0+(' . RE_IPV6_WORD . ')/', '$1$2', $ip_oct ); 00303 return $ip_oct; 00304 } 00305 00312 public static function hexToQuad( $ip_hex ) { 00313 // Pad hex to 8 chars (32 bits) 00314 $ip_hex = str_pad( strtoupper( $ip_hex ), 8, '0', STR_PAD_LEFT ); 00315 // Separate into four quads 00316 $s = ''; 00317 for ( $i = 0; $i < 4; $i++ ) { 00318 if ( $s !== '' ) { 00319 $s .= '.'; 00320 } 00321 $s .= base_convert( substr( $ip_hex, $i * 2, 2 ), 16, 10 ); 00322 } 00323 return $s; 00324 } 00325 00334 public static function isPublic( $ip ) { 00335 if ( self::isIPv6( $ip ) ) { 00336 return self::isPublic6( $ip ); 00337 } 00338 $n = self::toUnsigned( $ip ); 00339 if ( !$n ) { 00340 return false; 00341 } 00342 00343 // ip2long accepts incomplete addresses, as well as some addresses 00344 // followed by garbage characters. Check that it's really valid. 00345 if ( $ip != long2ip( $n ) ) { 00346 return false; 00347 } 00348 00349 static $privateRanges = false; 00350 if ( !$privateRanges ) { 00351 $privateRanges = array( 00352 array( '10.0.0.0', '10.255.255.255' ), # RFC 1918 (private) 00353 array( '172.16.0.0', '172.31.255.255' ), # " 00354 array( '192.168.0.0', '192.168.255.255' ), # " 00355 array( '0.0.0.0', '0.255.255.255' ), # this network 00356 array( '127.0.0.0', '127.255.255.255' ), # loopback 00357 ); 00358 } 00359 00360 foreach ( $privateRanges as $r ) { 00361 $start = self::toUnsigned( $r[0] ); 00362 $end = self::toUnsigned( $r[1] ); 00363 if ( $n >= $start && $n <= $end ) { 00364 return false; 00365 } 00366 } 00367 return true; 00368 } 00369 00377 private static function isPublic6( $ip ) { 00378 static $privateRanges = false; 00379 if ( !$privateRanges ) { 00380 $privateRanges = array( 00381 array( 'fc00::', 'fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff' ), # RFC 4193 (local) 00382 array( '0:0:0:0:0:0:0:1', '0:0:0:0:0:0:0:1' ), # loopback 00383 ); 00384 } 00385 $n = self::toHex( $ip ); 00386 foreach ( $privateRanges as $r ) { 00387 $start = self::toHex( $r[0] ); 00388 $end = self::toHex( $r[1] ); 00389 if ( $n >= $start && $n <= $end ) { 00390 return false; 00391 } 00392 } 00393 return true; 00394 } 00395 00407 public static function toHex( $ip ) { 00408 if ( self::isIPv6( $ip ) ) { 00409 $n = 'v6-' . self::IPv6ToRawHex( $ip ); 00410 } else { 00411 $n = self::toUnsigned( $ip ); 00412 if ( $n !== false ) { 00413 $n = wfBaseConvert( $n, 10, 16, 8, false ); 00414 } 00415 } 00416 return $n; 00417 } 00418 00425 private static function IPv6ToRawHex( $ip ) { 00426 $ip = self::sanitizeIP( $ip ); 00427 if ( !$ip ) { 00428 return null; 00429 } 00430 $r_ip = ''; 00431 foreach ( explode( ':', $ip ) as $v ) { 00432 $r_ip .= str_pad( $v, 4, 0, STR_PAD_LEFT ); 00433 } 00434 return $r_ip; 00435 } 00436 00445 public static function toUnsigned( $ip ) { 00446 if ( self::isIPv6( $ip ) ) { 00447 $n = self::toUnsigned6( $ip ); 00448 } else { 00449 $n = ip2long( $ip ); 00450 if ( $n < 0 ) { 00451 $n += pow( 2, 32 ); 00452 } 00453 } 00454 return $n; 00455 } 00456 00461 private static function toUnsigned6( $ip ) { 00462 return wfBaseConvert( self::IPv6ToRawHex( $ip ), 16, 10 ); 00463 } 00464 00472 public static function parseCIDR( $range ) { 00473 if ( self::isIPv6( $range ) ) { 00474 return self::parseCIDR6( $range ); 00475 } 00476 $parts = explode( '/', $range, 2 ); 00477 if ( count( $parts ) != 2 ) { 00478 return array( false, false ); 00479 } 00480 list( $network, $bits ) = $parts; 00481 $network = ip2long( $network ); 00482 if ( $network !== false && is_numeric( $bits ) && $bits >= 0 && $bits <= 32 ) { 00483 if ( $bits == 0 ) { 00484 $network = 0; 00485 } else { 00486 $network &= ~( ( 1 << ( 32 - $bits ) ) - 1); 00487 } 00488 # Convert to unsigned 00489 if ( $network < 0 ) { 00490 $network += pow( 2, 32 ); 00491 } 00492 } else { 00493 $network = false; 00494 $bits = false; 00495 } 00496 return array( $network, $bits ); 00497 } 00498 00514 public static function parseRange( $range ) { 00515 // CIDR notation 00516 if ( strpos( $range, '/' ) !== false ) { 00517 if ( self::isIPv6( $range ) ) { 00518 return self::parseRange6( $range ); 00519 } 00520 list( $network, $bits ) = self::parseCIDR( $range ); 00521 if ( $network === false ) { 00522 $start = $end = false; 00523 } else { 00524 $start = sprintf( '%08X', $network ); 00525 $end = sprintf( '%08X', $network + pow( 2, ( 32 - $bits ) ) - 1 ); 00526 } 00527 // Explicit range 00528 } elseif ( strpos( $range, '-' ) !== false ) { 00529 list( $start, $end ) = array_map( 'trim', explode( '-', $range, 2 ) ); 00530 if ( self::isIPv6( $start ) && self::isIPv6( $end ) ) { 00531 return self::parseRange6( $range ); 00532 } 00533 if ( self::isIPv4( $start ) && self::isIPv4( $end ) ) { 00534 $start = self::toUnsigned( $start ); 00535 $end = self::toUnsigned( $end ); 00536 if ( $start > $end ) { 00537 $start = $end = false; 00538 } else { 00539 $start = sprintf( '%08X', $start ); 00540 $end = sprintf( '%08X', $end ); 00541 } 00542 } else { 00543 $start = $end = false; 00544 } 00545 } else { 00546 # Single IP 00547 $start = $end = self::toHex( $range ); 00548 } 00549 if ( $start === false || $end === false ) { 00550 return array( false, false ); 00551 } else { 00552 return array( $start, $end ); 00553 } 00554 } 00555 00564 private static function parseCIDR6( $range ) { 00565 # Explode into <expanded IP,range> 00566 $parts = explode( '/', IP::sanitizeIP( $range ), 2 ); 00567 if ( count( $parts ) != 2 ) { 00568 return array( false, false ); 00569 } 00570 list( $network, $bits ) = $parts; 00571 $network = self::IPv6ToRawHex( $network ); 00572 if ( $network !== false && is_numeric( $bits ) && $bits >= 0 && $bits <= 128 ) { 00573 if ( $bits == 0 ) { 00574 $network = "0"; 00575 } else { 00576 # Native 32 bit functions WONT work here!!! 00577 # Convert to a padded binary number 00578 $network = wfBaseConvert( $network, 16, 2, 128 ); 00579 # Truncate the last (128-$bits) bits and replace them with zeros 00580 $network = str_pad( substr( $network, 0, $bits ), 128, 0, STR_PAD_RIGHT ); 00581 # Convert back to an integer 00582 $network = wfBaseConvert( $network, 2, 10 ); 00583 } 00584 } else { 00585 $network = false; 00586 $bits = false; 00587 } 00588 return array( $network, (int)$bits ); 00589 } 00590 00604 private static function parseRange6( $range ) { 00605 # Expand any IPv6 IP 00606 $range = IP::sanitizeIP( $range ); 00607 // CIDR notation... 00608 if ( strpos( $range, '/' ) !== false ) { 00609 list( $network, $bits ) = self::parseCIDR6( $range ); 00610 if ( $network === false ) { 00611 $start = $end = false; 00612 } else { 00613 $start = wfBaseConvert( $network, 10, 16, 32, false ); 00614 # Turn network to binary (again) 00615 $end = wfBaseConvert( $network, 10, 2, 128 ); 00616 # Truncate the last (128-$bits) bits and replace them with ones 00617 $end = str_pad( substr( $end, 0, $bits ), 128, 1, STR_PAD_RIGHT ); 00618 # Convert to hex 00619 $end = wfBaseConvert( $end, 2, 16, 32, false ); 00620 # see toHex() comment 00621 $start = "v6-$start"; 00622 $end = "v6-$end"; 00623 } 00624 // Explicit range notation... 00625 } elseif ( strpos( $range, '-' ) !== false ) { 00626 list( $start, $end ) = array_map( 'trim', explode( '-', $range, 2 ) ); 00627 $start = self::toUnsigned6( $start ); 00628 $end = self::toUnsigned6( $end ); 00629 if ( $start > $end ) { 00630 $start = $end = false; 00631 } else { 00632 $start = wfBaseConvert( $start, 10, 16, 32, false ); 00633 $end = wfBaseConvert( $end, 10, 16, 32, false ); 00634 } 00635 # see toHex() comment 00636 $start = "v6-$start"; 00637 $end = "v6-$end"; 00638 } else { 00639 # Single IP 00640 $start = $end = self::toHex( $range ); 00641 } 00642 if ( $start === false || $end === false ) { 00643 return array( false, false ); 00644 } else { 00645 return array( $start, $end ); 00646 } 00647 } 00648 00656 public static function isInRange( $addr, $range ) { 00657 $hexIP = self::toHex( $addr ); 00658 list( $start, $end ) = self::parseRange( $range ); 00659 return ( strcmp( $hexIP, $start ) >= 0 && 00660 strcmp( $hexIP, $end ) <= 0 ); 00661 } 00662 00673 public static function canonicalize( $addr ) { 00674 if ( self::isValid( $addr ) ) { 00675 return $addr; 00676 } 00677 // Turn mapped addresses from ::ce:ffff:1.2.3.4 to 1.2.3.4 00678 if ( strpos( $addr, ':' ) !== false && strpos( $addr, '.' ) !== false ) { 00679 $addr = substr( $addr, strrpos( $addr, ':' ) + 1 ); 00680 if ( self::isIPv4( $addr ) ) { 00681 return $addr; 00682 } 00683 } 00684 // IPv6 loopback address 00685 $m = array(); 00686 if ( preg_match( '/^0*' . RE_IPV6_GAP . '1$/', $addr, $m ) ) { 00687 return '127.0.0.1'; 00688 } 00689 // IPv4-mapped and IPv4-compatible IPv6 addresses 00690 if ( preg_match( '/^' . RE_IPV6_V4_PREFIX . '(' . RE_IP_ADD . ')$/i', $addr, $m ) ) { 00691 return $m[1]; 00692 } 00693 if ( preg_match( '/^' . RE_IPV6_V4_PREFIX . RE_IPV6_WORD . 00694 ':' . RE_IPV6_WORD . '$/i', $addr, $m ) ) 00695 { 00696 return long2ip( ( hexdec( $m[1] ) << 16 ) + hexdec( $m[2] ) ); 00697 } 00698 00699 return null; // give up 00700 } 00701 00708 public static function sanitizeRange( $range ) { 00709 list( /*...*/, $bits ) = self::parseCIDR( $range ); 00710 list( $start, /*...*/ ) = self::parseRange( $range ); 00711 $start = self::formatHex( $start ); 00712 if ( $bits === false ) { 00713 return $start; // wasn't actually a range 00714 } 00715 return "$start/$bits"; 00716 } 00717 }
1.7.6.1