PHP :: Bug #71822 :: parse_url on 7.1.0-dev returns false where password contains a `-` character

Bug #71822

parse_url on 7.1.0-dev returns false where password contains a `-` character

Submitted:

2016-03-14 13:40 UTC

Modified:

2018-12-18 08:13 UTC

Votes:	8
Avg. Score:	4.0 ± 0.9
Reproduced:	6 of 6 (100.0%)
Same Version:	3 (50.0%)
Same OS:	1 (16.7%)

From:

nigel dot greenway at futurepixels dot co dot uk

Assigned:

stas (profile)

Status:

Closed

Package:

*URL Functions

PHP Version:

Next Major Version

OS:

Linux - BunsenLabs

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	nigel dot greenway at futurepixels dot co dot uk
New email:
PHP Version:		OS:

New Comment:

[2016-03-14 13:40 UTC] nigel dot greenway at futurepixels dot co dot uk

Description:
------------
Passing hyphenated username and passwords as part of a url to `url_parse` returns false.

Test script:
---------------
<?php

var_dump(
	parse_url('http://some:password@ex-ample.co.uk'),
	parse_url('http://so-me:password@192.168.0.123'),
	parse_url('http://some:pass-word@192.168.0.123')
);

Expected result:
----------------
array(4) {
  ["scheme"]=>
  string(4) "http"
  ["host"]=>
  string(14) "ex-ample.co.uk"
  ["user"]=>
  string(4) "some"
  ["pass"]=>
  string(8) "password"
}
array(4) {
  ["scheme"]=>
  string(4) "http"
  ["host"]=>
  string(14) "192.168.0.123"
  ["user"]=>
  string(4) "so-me"
  ["pass"]=>
  string(8) "password"
}
array(4) {
  ["scheme"]=>
  string(4) "http"
  ["host"]=>
  string(14) "192.168.0.123"
  ["user"]=>
  string(4) "some"
  ["pass"]=>
  string(8) "pass-word"
}

Actual result:
--------------
array(4) {
  ["scheme"]=>
  string(4) "http"
  ["host"]=>
  string(14) "ex-ample.co.uk"
  ["user"]=>
  string(4) "some"
  ["pass"]=>
  string(8) "password"
}
bool(false)
bool(false)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-03-14 13:52 UTC] derick@php.net

I've tried this and can reproduce this. It's changed from PHP 7.0.3 where having a - works fine.

[2016-03-15 07:09 UTC] yohgaki@php.net

https://3v4l.org/UusRf
It seems released versions are fine.

 unreserved  = ALPHA / DIGIT / "-" / "." / "_" / "~"
 pct-encoded = "%" HEXDIG HEXDIG
 sub-delims  = "!" / "$" / "&" / "'" / "(" / ")"
                  / "*" / "+" / "," / ";" / "="
 userinfo    = *( unreserved / pct-encoded / sub-delims / ":" )
https://www.ietf.org/rfc/rfc3986.txt

"so-me:pass-word" should be valid username and password.

According to the RFC, "Use of the format "user:password" in the userinfo field is deprecated.", but we need to support this format anyway.

[2016-09-07 14:51 UTC] andi at splitbrain dot org

The same problem occurs with a space in the password. I am aware that this might not be a valid URL as is (space should be escaped) however this used to work on PHP 7.0

<?php                                                                                                                   
$x = parse_url('http://foo:foo bar@example.com/');                                                                      
var_dump($x);
?>

[2016-10-07 20:16 UTC] cilefen at gmail dot com

This is causing test failures in Drupal 8 HEAD, https://www.drupal.org/node/2813981.

[2016-10-07 20:39 UTC] cilefen at gmail dot com

Underscores "_" also cause a return of false.

[2016-10-12 14:35 UTC] cilefen at gmail dot com

It looks like the commit that caused this was reverted: https://github.com/php/php-src/commit/1c468ee044289661c8c4118a0653222596668432

[2018-12-18 08:13 UTC] stas@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: stas

[2018-12-18 08:13 UTC] stas@php.net

The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Oct 25 14:01:29 2024 UTC