diff --git a/src/Symfony/Component/HttpFoundation/IpUtils.php b/src/Symfony/Component/HttpFoundation/IpUtils.php
index ceab620c2f560..18b1c5faf6af3 100644
--- a/src/Symfony/Component/HttpFoundation/IpUtils.php
+++ b/src/Symfony/Component/HttpFoundation/IpUtils.php
@@ -182,6 +182,16 @@ public static function checkIp6(string $requestIp, string $ip): bool
*/
public static function anonymize(string $ip): string
{
+ /**
+ * If the IP contains a % symbol, then it is a local-link address with scoping according to RFC 4007
+ * In that case, we only care about the part before the % symbol, as the following functions, can only work with
+ * the IP address itself. As the scope can leak information (containing interface name), we do not want to
+ * include it in our anonymized IP data.
+ */
+ if (str_contains($ip, '%')) {
+ $ip = substr($ip, 0, strpos($ip, '%'));
+ }
+
$wrappedIPv6 = false;
if (str_starts_with($ip, '[') && str_ends_with($ip, ']')) {
$wrappedIPv6 = true;
diff --git a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php
index ce93c69e90043..2a86fbc2dfed9 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php
@@ -147,6 +147,7 @@ public static function anonymizedIpData()
['[2a01:198::3]', '[2a01:198::]'],
['::ffff:123.234.235.236', '::ffff:123.234.235.0'], // IPv4-mapped IPv6 addresses
['::123.234.235.236', '::123.234.235.0'], // deprecated IPv4-compatible IPv6 address
+ ['fe80::1fc4:15d8:78db:2319%enp4s0', 'fe80::'], // IPv6 link-local with RFC4007 scoping
];
}
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy