PHP :: Bug #68129 :: parse_url() - incomplete support for empty usernames and passwords

Bug #68129	parse_url() - incomplete support for empty usernames and passwords
Submitted:	2014-10-02 00:58 UTC	Modified:	-
From:	vort dot fu at gmail dot com	Assigned:
Status:	Closed	Package:	URL related
PHP Version:	5.6.0	OS:	OS X 10.9.5
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	vort dot fu at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2014-10-02 00:58 UTC] vort dot fu at gmail dot com

Description:
------------
Section 3.1 "Common Internet Scheme Syntax" of RFC-1738 "Uniform Resource Locators (URL)" (https://www.ietf.org/rfc/rfc1738.txt) states the following:

   Note that an empty user name or password is different than no user
   name or password; there is no way to specify a password without
   specifying a user name. E.g., <URL:ftp://@host.com/> has an empty
   user name and no password, <URL:ftp://host.com/> has no user name,
   while <URL:ftp://foo:@host.com/> has a user name of "foo" and an
   empty password.


parse_url() currently only supports empty user names if a password component is not specified (including empty passwords, which aren't supported at all)

Test script:
---------------
<?php

   // correct (returns empty username)
   var_dump( parse_url( 'https://@example.com' ) );

   // incorrect (doesn't return empty username or password)
   var_dump( parse_url( 'https://:@example.com' ) );

   // incorrect (doesn't return empty username)
   var_dump( parse_url( 'https://:password@example.com' ) );

   // incorrect (doesn't return empty password)
   var_dump( parse_url( 'https://username:@example.com' ) );



Expected result:
----------------
array(3) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(0) ""
}
array(4) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(0) ""
  ["pass"]=>
  string(0) ""
}
array(4) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(0) ""
  ["pass"]=>
  string(8) "password"
}
array(4) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(8) "username"
  ["pass"]=>
  string(0) ""
}

Actual result:
--------------
array(3) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(0) ""
}
array(2) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
}
array(3) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["pass"]=>
  string(8) "password"
}
array(3) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(8) "username"
}

Patches

Pull Requests

Pull requests:

Fixed bug #68129 (php-src/864)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-10-09 00:27 UTC] datibbaw@php.net

Automatic comment on behalf of datibbaw
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d0e51f5ce992ab5fc90c4d962a5d4e8c24b74823
Log: Fixed bug #68129

[2014-10-09 00:27 UTC] datibbaw@php.net

-Status: Open +Status: Closed

[2014-10-10 20:59 UTC] ab@php.net

Automatic comment on behalf of datibbaw
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d0e51f5ce992ab5fc90c4d962a5d4e8c24b74823
Log: Fixed bug #68129

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Nov 23 07:01:29 2024 UTC