symfony
diff --git a/‎UPGRADE-5.4.md
Copy file name to clipboardExpand all lines: UPGRADE-5.4.md
+1Lines changed: 1 addition & 0 deletions b/‎UPGRADE-5.4.md
Copy file name to clipboardExpand all lines: UPGRADE-5.4.md
+1Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Component/HttpClient/NoPrivateNetworkHttpClient.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpClient/NoPrivateNetworkHttpClient.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/HttpClient/NoPrivateNetworkHttpClient.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpClient/NoPrivateNetworkHttpClient.php
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/HttpFoundation/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/CHANGELOG.md
+1Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Component/HttpFoundation/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/CHANGELOG.md
+1Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/IpUtils.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/IpUtils.php
+14Lines changed: 14 additions & 0 deletions b/‎src/Symfony/Component/HttpFoundation/IpUtils.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/IpUtils.php
+14Lines changed: 14 additions & 0 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/RequestMatcher.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/RequestMatcher.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/HttpFoundation/RequestMatcher.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/RequestMatcher.php
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php
+30-2Lines changed: 30 additions & 2 deletions b/‎src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php
+30-2Lines changed: 30 additions & 2 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/HttpCache/SubRequestHandler.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/HttpCache/SubRequestHandler.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/HttpKernel/HttpCache/SubRequestHandler.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/HttpCache/SubRequestHandler.php
+1-1Lines changed: 1 addition & 1 deletion
@@ -39,6 +39,7 @@ HttpKernel
 HttpFoundation
 --------------
 
+ * Deprecate passing `null` as `$requestIp` to `IpUtils::checkIp()`, `IpUtils::checkIp4()` or `IpUtils::checkIp6()`, pass an empty string instead.
  * Mark `Request::get()` internal, use explicit input sources instead
  * Deprecate `upload_progress.*` and `url_rewriter.tags` session options
 
 
@@ -80,7 +80,7 @@ public function request(string $method, string $url, array $options = []): Respo
 
         $options['on_progress'] = function (int $dlNow, int $dlSize, array $info) use ($onProgress, $subnets, &$lastPrimaryIp): void {
             if ($info['primary_ip'] !== $lastPrimaryIp) {
-                if (IpUtils::checkIp($info['primary_ip'], $subnets ?? self::PRIVATE_SUBNETS)) {
+                if ($info['primary_ip'] && IpUtils::checkIp($info['primary_ip'], $subnets ?? self::PRIVATE_SUBNETS)) {
                     throw new TransportException(sprintf('IP "%s" is blocked for "%s".', $info['primary_ip'], $info['url']));
                 }
 
 
@@ -4,6 +4,7 @@ CHANGELOG
 5.4
 ---
 
+ * Deprecate passing `null` as `$requestIp` to `IpUtils::__checkIp()`, `IpUtils::__checkIp4()` or `IpUtils::__checkIp6()`, pass an empty string instead.
  * Add the `litespeed_finish_request` method to work with Litespeed
  * Deprecate `upload_progress.*` and `url_rewriter.tags` session options
 
 
@@ -37,6 +37,8 @@ private function __construct()
     public static function checkIp(?string $requestIp, $ips)
     {
         if (null === $requestIp) {
+            trigger_deprecation('symfony/http-foundation', '5.4', 'Passing null as $requestIp to "%s()" is deprecated, pass an empty string instead.', __METHOD__);
+
             return false;
         }
 
@@ -65,6 +67,12 @@ public static function checkIp(?string $requestIp, $ips)
      */
     public static function checkIp4(?string $requestIp, string $ip)
     {
+        if (null === $requestIp) {
+            trigger_deprecation('symfony/http-foundation', '5.4', 'Passing null as $requestIp to "%s()" is deprecated, pass an empty string instead.', __METHOD__);
+
+            return false;
+        }
+
         $cacheKey = $requestIp.'-'.$ip;
         if (isset(self::$checkedIps[$cacheKey])) {
             return self::$checkedIps[$cacheKey];
@@ -112,6 +120,12 @@ public static function checkIp4(?string $requestIp, string $ip)
      */
     public static function checkIp6(?string $requestIp, string $ip)
     {
+        if (null === $requestIp) {
+            trigger_deprecation('symfony/http-foundation', '5.4', 'Passing null as $requestIp to "%s()" is deprecated, pass an empty string instead.', __METHOD__);
+
+            return false;
+        }
+
         $cacheKey = $requestIp.'-'.$ip;
         if (isset(self::$checkedIps[$cacheKey])) {
             return self::$checkedIps[$cacheKey];
 
@@ -185,7 +185,7 @@ public function matches(Request $request)
             return false;
         }
 
-        if (IpUtils::checkIp($request->getClientIp(), $this->ips)) {
+        if (IpUtils::checkIp($request->getClientIp() ?? '', $this->ips)) {
             return true;
         }
 
 
@@ -12,10 +12,13 @@
 namespace Symfony\Component\HttpFoundation\Tests;
 
 use PHPUnit\Framework\TestCase;
+use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
 use Symfony\Component\HttpFoundation\IpUtils;
 
 class IpUtilsTest extends TestCase
 {
+    use ExpectDeprecationTrait;
+
     /**
      * @dataProvider getIpv4Data
      */
@@ -40,7 +43,6 @@ public function getIpv4Data()
             [false, '1.2.3.4', '256.256.256/0'], // invalid CIDR notation
             [false, 'an_invalid_ip', '192.168.1.0/24'],
             [false, '', '1.2.3.4/1'],
-            [false, null, '1.2.3.4/1'],
         ];
     }
 
@@ -72,10 +74,36 @@ public function getIpv6Data()
             [false, '}__test|O:21:&quot;JDatabaseDriverMysqli&quot;:3:{s:2', '::1'],
             [false, '2a01:198:603:0:396e:4789:8e99:890f', 'unknown'],
             [false, '', '::1'],
-            [false, null, '::1'],
         ];
     }
 
+    /**
+     * @group legacy
+     */
+    public function testIpTriggersDeprecationOnNull()
+    {
+        $this->expectDeprecation('Since symfony/http-foundation 5.4: Passing null as $requestIp to "Symfony\Component\HttpFoundation\IpUtils::checkIp()" is deprecated, pass an empty string instead.');
+        $this->assertFalse(IpUtils::checkIp(null, '192.168.1.1'));
+    }
+
+    /**
+     * @group legacy
+     */
+    public function testIp4TriggersDeprecationOnNull()
+    {
+        $this->expectDeprecation('Since symfony/http-foundation 5.4: Passing null as $requestIp to "Symfony\Component\HttpFoundation\IpUtils::checkIp4()" is deprecated, pass an empty string instead.');
+        $this->assertFalse(IpUtils::checkIp4(null, '192.168.1.1'));
+    }
+
+    /**
+     * @group legacy
+     */
+    public function testIp6TriggersDeprecationOnNull()
+    {
+        $this->expectDeprecation('Since symfony/http-foundation 5.4: Passing null as $requestIp to "Symfony\Component\HttpFoundation\IpUtils::checkIp6()" is deprecated, pass an empty string instead.');
+        $this->assertFalse(IpUtils::checkIp6(null, '2a01:198:603:0::/65'));
+    }
+
     /**
      * @requires extension sockets
      */
 
@@ -31,7 +31,7 @@ public static function handle(HttpKernelInterface $kernel, Request $request, int
 
         // remove untrusted values
         $remoteAddr = $request->server->get('REMOTE_ADDR');
-        if (!IpUtils::checkIp($remoteAddr, $trustedProxies)) {
+        if (!$remoteAddr || !IpUtils::checkIp($remoteAddr, $trustedProxies)) {
             $trustedHeaders = [
                 'FORWARDED' => $trustedHeaderSet & Request::HEADER_FORWARDED,
                 'X_FORWARDED_FOR' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_FOR,
Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ public function request(string $method, string $url, array $options = []): Respo`
`80`	`80`
`81`	`81`	`$options['on_progress'] = function (int $dlNow, int $dlSize, array $info) use ($onProgress, $subnets, &$lastPrimaryIp): void {`
`82`	`82`	`if ($info['primary_ip'] !== $lastPrimaryIp) {`
`83`		`- if (IpUtils::checkIp($info['primary_ip'], $subnets ?? self::PRIVATE_SUBNETS)) {`
	`83`	`+ if ($info['primary_ip'] && IpUtils::checkIp($info['primary_ip'], $subnets ?? self::PRIVATE_SUBNETS)) {`
`84`	`84`	`throw new TransportException(sprintf('IP "%s" is blocked for "%s".', $info['primary_ip'], $info['url']));`
`85`	`85`	`}`
`86`	`86`
Original file line number	Diff line number	Diff line change
`@@ -185,7 +185,7 @@ public function matches(Request $request)`
`185`	`185`	`return false;`
`186`	`186`	`}`
`187`	`187`
`188`		`- if (IpUtils::checkIp($request->getClientIp(), $this->ips)) {`
	`188`	`+ if (IpUtils::checkIp($request->getClientIp() ?? '', $this->ips)) {`
`189`	`189`	`return true;`
`190`	`190`	`}`
`191`	`191`