php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #64173 filter_var filter_validate_url incorrect
Submitted: 2013-02-08 09:03 UTC Modified: 2018-08-15 16:13 UTC
Votes:4
Avg. Score:3.5 ± 1.7
Reproduced:3 of 4 (75.0%)
Same Version:3 (100.0%)
Same OS:1 (33.3%)
From: retze dot faber at gmail dot com Assigned:
Status: Verified Package: Filter related
PHP Version: Irrelevant OS: debian squeeze
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: retze dot faber at gmail dot com
New email:
PHP Version: OS:

 

 [2013-02-08 09:03 UTC] retze dot faber at gmail dot com 
Description:
------------
---
From manual page: http://www.php.net/function.filter-var
---

http://http://www.google.com passes filter_var with FILTER_VALIDATE_URL

Test script:
---------------
$url = $_REQUEST['url'];

if (filter_var("http://" . $url, FILTER_VALIDATE_URL)) $filter="true"; else $filter="false";

echo "Filter var result of concat with http is:" . $filter . "<br>";

Expected result:
----------------
I expect it to return false when i run the script with http://www.google.com and true when i run it with www.google.com

Actual result:
--------------
It returns true in both cases

Patches

www.labqurzor.net (last revision 2019-10-09 08:09 UTC by franko-or at relojerias dot site)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-03-02 14:30 UTC] salathe@php.net 
I don't see this as a documentation bug.  This filter effectively just calls 
parse_url() on the value and looks to see if the resulting array makes some 
sense. Running "http://http://www.google.com" through parse_url() gives an array 
like array('scheme' => 'http', 'host' => 'http', 'path' => '//www.google.com').

If you feel this is a bug in the filter, please change the Bug Type to "bug". If 
you feel this is not a bug in the implementation, rather still a documentation 
problem then could you elaborate on what details you would like to be added or 
changed?  A final option is to close off this report if you decide that this 
behaviour is now to be expected and there is no issue.

Let us know what you think.
 [2013-03-02 14:30 UTC] salathe@php.net
-Status: Open +Status: Feedback
 [2013-03-02 17:51 UTC] retze dot faber at gmail dot com 
Changed to bug, cause I feel it should return false when I call it with http://http://www.google.com
 [2013-03-02 17:51 UTC] retze dot faber at gmail dot com
-Status: Feedback +Status: Open -Type: Documentation Problem +Type: Bug
 [2014-04-04 04:30 UTC] f21 dot groups at gmail dot com 
Just ran into this as well. I think there some further checking should be done in filter_var as http://http://www.google.com is not valid.
 [2018-08-15 16:13 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2018-08-15 16:13 UTC] cmb@php.net 
For reference: <https://3v4l.org/MIRZR>.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Dec 04 19:01:32 2024 UTC