Bug #17221

Matching IPv6-addresses is not working correctly

Added by Rechenzentrum TU over 14 years ago. Updated over 10 years ago.

Should have
Target version:
Start date:
Due date:
% Done:


Estimated time:
TYPO3 Version:
PHP Version:
Is Regression:
Sprint Focus:


Matching IPv6-addresses isn't currently working.

cmpIPv6($baseIP, $list)
fails for an entry in $list that repesents a subnet like 2001:638:605::/48
Therefore it fails before starting the compare-process.

Testing netmask, i.e. comparing starting X bits, fails in interaction with function IPv6Hex2Bin().

Please check out http://t3dev.rz.tu-clausthal.de/ipv6test.php for demonstration of this issue!

This issue affects TYPO3-Core 4.0.6!

Affected class:

Affected functions:
(issue imported from #M5459)


patch_on_t3lib_div.diff (1.24 KB) patch_on_t3lib_div.diff Administrator Admin, 2007-04-19 13:44

Related issues

Related to TYPO3 Core - Bug #27210: t3lib_div::cmpIPv6() fails to compareClosedStefan Neufeind2011-06-04


Updated by Rechenzentrum TU over 14 years ago

Due to the fact that functions cmpIPv6() and IPv6Hex2Bin() are the same in Core 4.0.6 and 4.1.1 the bug can be resolved also in 4.1 by replacing these functions by the ones patched in 4.0 by the attached patch.


Updated by Martin Kutschker over 14 years ago

The loop in IPv6Hex2Bin can be made a bit more elegant:

for ($i=0; $i<strlen($hex); $i+=4) {
$binPart = base_convert(substr($hex, $i, 4), 16, 2);
$bin .= str_pad(base_convert($binPart, 16, 2), 16, '0', STR_PAD_LEFT);


Updated by Rechenzentrum TU over 14 years ago

Indeed, nice try; but your for-loop isn't working.

But why not use this instead:

function IPv6Hex2Bin ($hex) {
$bin = '';
$hex = str_replace(':', '', $hex); // Replace colon to nothing
for ($i=0; $i&lt;strlen($hex); $i+=4) {
$binPart = base_convert(substr($hex, $i, 4), 16, 2);
$bin .= str_pad($binPart, 16, '0', STR_PAD_LEFT);
return $bin;

because return result from base_convert is a bit-string; why therefore again a base_convert (in your case again with base 16) on this?


Updated by Martin Kutschker over 14 years ago

Forget the extra base_convert, it's a mistake. But Matthias Kall and I figured out that if you fix validIPv6() you don't need to move to normalize before you check the validity. Here's the code:

function validIPv6($ip) {
$uppercaseIP = strtoupper($ip);

$regex = '/^(?:';
$regex.= '(?:(?:[\dA-F]{1,4}:){7}:)|';
$regex.= '(?:(?:[\dA-F]{1,4}:){7}[\dA-F]{1,4})|';
$regex.= '(?:(?:[\dA-F]{1,4}:){1}:(?:[\dA-F]{1,4}:){1,5}[\dA-F]{1,4})|';
$regex.= '(?:(?:[\dA-F]{1,4}:){2}:(?:[\dA-F]{1,4}:){1,4}[\dA-F]{1,4})|';
$regex.= '(?:(?:[\dA-F]{1,4}:){3}:(?:[\dA-F]{1,4}:){1,3}[\dA-F]{1,4})|';
$regex.= '(?:(?:[\dA-F]{1,4}:){4}:(?:[\dA-F]{1,4}:){1,2}[\dA-F]{1,4})|';
$regex.= '(?:(?:[\dA-F]{1,4}:){5}:(?:[\dA-F]{1,4}:){0,1}[\dA-F]{1,4})|';
$regex.= '(::(?:[\dA-F]{1,4}:){0,6}[\dA-F]{1,4})';
$regex.= ')$/';
return preg_match($regex, $uppercaseIP) ? true : false;

Note: the ?: only suppress the subgroup matching of the regexp to make it faster.


Updated by Stefan Neufeind over 10 years ago

Proposed patch to #27210 fixes IPv6-comparison. (Sorry, new ticket opened before I found this.)

Since 4.0.x is no longer supported, I just checked validIPv6 against 4.4, 4.5, 4.6 and they now all use the PHP-internal filter_var()-functionality which is even faster/safer than the regex-check proposed.

So I guess we could close this bug.


Updated by Andreas Wolf over 10 years ago

  • Status changed from Accepted to Closed
  • Target version deleted (0)

As Stefan pointed out, this has become obsolete.

Also available in: Atom PDF