php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #69670 bad url filtering with filer_flag_host_required
Submitted: 2015-05-20 09:48 UTC Modified: 2015-05-20 11:44 UTC
From: alexglue at gmail dot com Assigned: cmb (profile)
Status: Not a bug Package: Variables related
PHP Version: 5.6Git-2015-05-20 (Git) OS: ubuntu 14.04
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: alexglue at gmail dot com
New email:
PHP Version: OS:

 

 [2015-05-20 09:48 UTC] alexglue at gmail dot com 
Description:
------------
---
From manual page: http://www.php.net/function.filter-var
---
With test script usage we'll got this:

result:
http:///path/by/path?query=124
/path/by/path?query=124

instead of false value;

my php version is "PHP 5.5.9-1ubuntu4.7 (cli) (built: Mar 16 2015 20:47:39)"

Test script:
---------------
<?php
$uri = 'http:///path/by/path?query=124';
$uri = filter_var($uri, FILTER_SANITIZE_URL, FILTER_FLAG_HOST_REQUIRED);
var_dump($uri);

$uri = '/path/by/path?query=124';
$uri = filter_var($uri, FILTER_SANITIZE_URL, FILTER_FLAG_HOST_REQUIRED);
var_dump($uri);

?>

Expected result:
----------------
Expected false value when no hostname provided and FILTER_FLAG_HOST_REQUIRED option set;

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-05-20 11:44 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Package: *General Issues +Package: Variables related -Assigned To: +Assigned To: cmb
 [2015-05-20 11:44 UTC] cmb@php.net 
The sanitize filters are not meant to do validation. Especially,
FILTER_SANITIZE_URL doesn't accept the FILTER_FLAG_*_REQUIRED
flags. Compare that to FILTER_VALIDATE_URL[1].
(FILTER_FLAG_SCHEME_REQUIRED and FILTER_FLAG_HOST_REQUIRED are not
listed there, but that has already been reported as bug #66938.)

See also <http://3v4l.org/jTcfW>.

[1] <http://php.net/manual/en/filter.filters.validate.php>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 11:01:30 2024 UTC