php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #53924 FILTER_VALIDATE_URL doesn't validate port numbers
Submitted: 2011-02-04 12:18 UTC Modified: 2011-02-04 22:41 UTC
From: aharvey@php.net Assigned: iliaa (profile)
Status: Closed Package: Filter related
PHP Version: trunk-SVN-2011-02-04 (SVN) OS: Irrelevant
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: aharvey@php.net
New email:
PHP Version: OS:

 

 [2011-02-04 12:18 UTC] aharvey@php.net 
Description:
------------
Non-integer port numbers are currently validated as OK by FILTER_VALIDATE_URL, 
per a comment in bug #53901.

Test script:
---------------
<?php
var_dump(filter_var('http://example.com:qq', FILTER_VALIDATE_URL));
?>

Expected result:
----------------
bool(false)

Actual result:
--------------
string(21) "http://example.com:qq"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-04 15:34 UTC] aaz at althenia dot net 
Thanks.

Since this filter uses parse_url() internally, I suggest the easiest
fix would be to make parse_url() return FALSE here.

Note that parse_url() already does some validation of the port number:

   parse_url('http://example.com:12345');  // OK
   parse_url('http://example.com:123456'); // FALSE
 [2011-02-04 22:41 UTC] iliaa@php.net 
Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=308035
Log: Fixed bug #53924 (FILTER_VALIDATE_URL doesn't validate port number).
 [2011-02-04 22:41 UTC] iliaa@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: iliaa
 [2011-02-04 22:41 UTC] iliaa@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 12:01:29 2024 UTC