linuxserver/Heimdall
1
0
Fork 0
mirror of https://github.com/linuxserver/Heimdall.git synced 2025-12-10 00:43:50 +09:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Update dependencies

Browse Source
This commit is contained in:
Chris Hunt
2024-02-16 21:36:54 +00:00
parent 22d7a59e59
commit d52ae0d3c3
9569 changed files with 460443 additions and 282416 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
vendor/symfony/http-foundation/IpUtils.php vendored
View File

@@ -18,7 +18,22 @@ namespace Symfony\Component\HttpFoundation;
*/
class IpUtils
{
private static $checkedIps = [];
public const PRIVATE_SUBNETS = [
'127.0.0.0/8', // RFC1700 (Loopback)
'10.0.0.0/8', // RFC1918
'192.168.0.0/16', // RFC1918
'172.16.0.0/12', // RFC1918
'169.254.0.0/16', // RFC3927
'0.0.0.0/8', // RFC5735
'240.0.0.0/4', // RFC1112
'::1/128', // Loopback
'fc00::/7', // Unique Local Address
'fe80::/10', // Link Local Address
'::ffff:0:0/96', // IPv4 translations
'::/128', // Unspecified address
];
private static array $checkedIps = [];
/**
* This class should not be instantiated.
@@ -31,17 +46,9 @@ class IpUtils
* Checks if an IPv4 or IPv6 address is contained in the list of given IPs or subnets.
*
* @param string|array $ips List of IPs or subnets (can be a string if only a single one)
*
* @return bool
*/
public static function checkIp(?string $requestIp, $ips)
public static function checkIp(string $requestIp, string|array $ips): bool
{
if (null === $requestIp) {
trigger_deprecation('symfony/http-foundation', '5.4', 'Passing null as $requestIp to "%s()" is deprecated, pass an empty string instead.', __METHOD__);
return false;
}
if (!\is_array($ips)) {
$ips = [$ips];
}
@@ -65,32 +72,26 @@ class IpUtils
*
* @return bool Whether the request IP matches the IP, or whether the request IP is within the CIDR subnet
*/
public static function checkIp4(?string $requestIp, string $ip)
public static function checkIp4(string $requestIp, string $ip): bool
{
if (null === $requestIp) {
trigger_deprecation('symfony/http-foundation', '5.4', 'Passing null as $requestIp to "%s()" is deprecated, pass an empty string instead.', __METHOD__);
return false;
}
$cacheKey = $requestIp.'-'.$ip;
if (isset(self::$checkedIps[$cacheKey])) {
return self::$checkedIps[$cacheKey];
$cacheKey = $requestIp.'-'.$ip.'-v4';
if (null !== $cacheValue = self::getCacheResult($cacheKey)) {
return $cacheValue;
}
if (!filter_var($requestIp, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV4)) {
return self::$checkedIps[$cacheKey] = false;
return self::setCacheResult($cacheKey, false);
}
if (str_contains($ip, '/')) {
[$address, $netmask] = explode('/', $ip, 2);
if ('0' === $netmask) {
return self::$checkedIps[$cacheKey] = filter_var($address, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV4);
return self::setCacheResult($cacheKey, false !== filter_var($address, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV4));
}
if ($netmask < 0 || $netmask > 32) {
return self::$checkedIps[$cacheKey] = false;
return self::setCacheResult($cacheKey, false);
}
} else {
$address = $ip;
@@ -98,10 +99,10 @@ class IpUtils
}
if (false === ip2long($address)) {
return self::$checkedIps[$cacheKey] = false;
return self::setCacheResult($cacheKey, false);
}
return self::$checkedIps[$cacheKey] = 0 === substr_compare(sprintf('%032b', ip2long($requestIp)), sprintf('%032b', ip2long($address)), 0, $netmask);
return self::setCacheResult($cacheKey, 0 === substr_compare(sprintf('%032b', ip2long($requestIp)), sprintf('%032b', ip2long($address)), 0, $netmask));
}
/**
@@ -114,38 +115,43 @@ class IpUtils
*
* @param string $ip IPv6 address or subnet in CIDR notation
*
* @return bool
*
* @throws \RuntimeException When IPV6 support is not enabled
*/
public static function checkIp6(?string $requestIp, string $ip)
public static function checkIp6(string $requestIp, string $ip): bool
{
if (null === $requestIp) {
trigger_deprecation('symfony/http-foundation', '5.4', 'Passing null as $requestIp to "%s()" is deprecated, pass an empty string instead.', __METHOD__);
return false;
}
$cacheKey = $requestIp.'-'.$ip;
if (isset(self::$checkedIps[$cacheKey])) {
return self::$checkedIps[$cacheKey];
$cacheKey = $requestIp.'-'.$ip.'-v6';
if (null !== $cacheValue = self::getCacheResult($cacheKey)) {
return $cacheValue;
}
if (!((\extension_loaded('sockets') && \defined('AF_INET6')) || @inet_pton('::1'))) {
throw new \RuntimeException('Unable to check Ipv6. Check that PHP was not compiled with option "disable-ipv6".');
}
// Check to see if we were given a IP4 $requestIp or $ip by mistake
if (!filter_var($requestIp, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6)) {
return self::setCacheResult($cacheKey, false);
}
if (str_contains($ip, '/')) {
[$address, $netmask] = explode('/', $ip, 2);
if (!filter_var($address, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6)) {
return self::setCacheResult($cacheKey, false);
}
if ('0' === $netmask) {
return (bool) unpack('n*', @inet_pton($address));
}
if ($netmask < 1 || $netmask > 128) {
return self::$checkedIps[$cacheKey] = false;
return self::setCacheResult($cacheKey, false);
}
} else {
if (!filter_var($ip, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6)) {
return self::setCacheResult($cacheKey, false);
}
$address = $ip;
$netmask = 128;
}
@@ -154,7 +160,7 @@ class IpUtils
$bytesTest = unpack('n*', @inet_pton($requestIp));
if (!$bytesAddr || !$bytesTest) {
return self::$checkedIps[$cacheKey] = false;
return self::setCacheResult($cacheKey, false);
}
for ($i = 1, $ceil = ceil($netmask / 16); $i <= $ceil; ++$i) {
@@ -162,11 +168,11 @@ class IpUtils
$left = ($left <= 16) ? $left : 16;
$mask = ~(0xFFFF >> $left) & 0xFFFF;
if (($bytesAddr[$i] & $mask) != ($bytesTest[$i] & $mask)) {
return self::$checkedIps[$cacheKey] = false;
return self::setCacheResult($cacheKey, false);
}
}
return self::$checkedIps[$cacheKey] = true;
return self::setCacheResult($cacheKey, true);
}
/**
@@ -177,7 +183,7 @@ class IpUtils
public static function anonymize(string $ip): string
{
$wrappedIPv6 = false;
if ('[' === substr($ip, 0, 1) && ']' === substr($ip, -1, 1)) {
if (str_starts_with($ip, '[') && str_ends_with($ip, ']')) {
$wrappedIPv6 = true;
$ip = substr($ip, 1, -1);
}
@@ -200,4 +206,36 @@ class IpUtils
return $ip;
}
/**
* Checks if an IPv4 or IPv6 address is contained in the list of private IP subnets.
*/
public static function isPrivateIp(string $requestIp): bool
{
return self::checkIp($requestIp, self::PRIVATE_SUBNETS);
}
private static function getCacheResult(string $cacheKey): ?bool
{
if (isset(self::$checkedIps[$cacheKey])) {
// Move the item last in cache (LRU)
$value = self::$checkedIps[$cacheKey];
unset(self::$checkedIps[$cacheKey]);
self::$checkedIps[$cacheKey] = $value;
return self::$checkedIps[$cacheKey];
}
return null;
}
private static function setCacheResult(string $cacheKey, bool $result): bool
{
if (1000 < \count(self::$checkedIps)) {
// stop memory leak if there are many keys
self::$checkedIps = \array_slice(self::$checkedIps, 500, null, true);
}
return self::$checkedIps[$cacheKey] = $result;
}
}