diff options
-rw-r--r-- | it.class | 25 | ||||
-rwxr-xr-x | tests/it.t | 1 |
2 files changed, 17 insertions, 9 deletions
@@ -317,18 +317,25 @@ static function toascii($text) /** * Check whether an IP adress lies within a given range. Supports IPv4 and IPv6 * @param $ip IP address (192.168.42.123) - * @param $cidr IP range in CIDR notation (192.168.42.64/26) + * @param $cidrs IP range in CIDR notation (192.168.42.64/26) or array of ranges * @return true if $ip is within $cidr */ -function cidr_match($ip, $cidr) +function cidr_match($ip, $cidrs) { - list($subnet, $mask) = explode('/', $cidr); - $ip_bin = inet_pton($ip); - $subnet_bin = inet_pton($subnet); - $valid_bytes = $mask ? $mask >> 3 : 42; - $bitmask = 256 - (1 << (8 - ($mask & 7))); - $lastbyte_matched = $bitmask ? (ord($ip_bin{$valid_bytes}) & $bitmask) == (ord($subnet_bin{$valid_bytes}) & $bitmask) : true; - return substr($ip_bin, 0, $valid_bytes) == substr($subnet_bin, 0, $valid_bytes) && $lastbyte_matched; + foreach ((array)$cidrs as $cidr) + { + list($subnet, $mask) = explode('/', $cidr); + $ip_bin = inet_pton($ip); + $subnet_bin = inet_pton($subnet); + $valid_bytes = $mask ? $mask >> 3 : 42; + $bitmask = 256 - (1 << (8 - ($mask & 7))); + $lastbyte_matched = $bitmask ? (ord($ip_bin{$valid_bytes}) & $bitmask) == (ord($subnet_bin{$valid_bytes}) & $bitmask) : true; + + if (substr($ip_bin, 0, $valid_bytes) == substr($subnet_bin, 0, $valid_bytes) && $lastbyte_matched) + return true; + } + + return false; } @@ -327,6 +327,7 @@ is(it::cidr_match('192.168.42.42', '192.168.42.64/26'), false, "cidr_match o is(it::cidr_match('192.168.42.42', '192.168.42.32/27'), true, "cidr_match offset"); is(it::cidr_match('2001:918:ff83:101:798e:77c0:b722:fe56', '2001:918:ff83:101::/64'), true, "cidr_match ipv6"); is(it::cidr_match('2001:918:ff83:102:798e:77c0:b722:fe56', '2001:918:ff83:101::/64'), false, "cidr_match ipv6 no match" ); +is(it::cidr_match('10.11.12.13', array('10.0.0.0/8', '192.168.0.0./16')), true, "cidr_match array"); # it::filter_keys tests |