php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #54629 FILTER_VALIDATE_URL rejects IPv6 URLs http://[::1]/
Submitted: 2011-04-29 02:17 UTC Modified: 2020-03-01 23:02 UTC
Votes:9
Avg. Score:4.3 ± 0.8
Reproduced:7 of 8 (87.5%)
Same Version:3 (42.9%)
Same OS:4 (57.1%)
From: xmilky+php at gmail dot com Assigned: cmb (profile)
Status: Duplicate Package: URL related
PHP Version: 5.3.6 OS: amd64 GNU/Linux 2.6.35
Private report: No CVE-ID: None
View Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
35 + 19 = ?
Subscribe to this entry?

 
 [2011-04-29 02:17 UTC] xmilky+php at gmail dot com 
Description:
------------
I just came to wonder why the filter extension rejects my IPv6 URLs. For example this returns `false` even though it's a valid HTTP url:

    filter_var("http://[::1]:2000/push/thingy", FILTER_VALIDATE_URL);


I'm somewhat certain that FILTER_VALIDATE_URL actually used [`parse_url`](http://php.net/parse_url) behind the scenes to probe for URL correctness. But parse_url itself works perfectly fine on such addresses:

    Array(
        [scheme] => http
        [host] => [::1]
        [port] => 2000
        [path] => /push/thingy

So there is some limitation in the filter_var wrapper for _VALIDATE_URL.

---

Note that this is a distinct issue to http://bugs.php.net/bug.php?id=48762&edit=2 which was about FILTER_VALIDATE_IP addresses only.


Test script:
---------------
<?php

var_dump(filter_var("http://[::1]/path?qs", FILTER_VALIDATE_URL));

?>

Expected result:
----------------
string(20) "http://[::1]/path?qs"

Actual result:
--------------
bool(false)

Patches

trunk (last revision 2011-05-07 19:26 UTC by dtajchreber@php.net)
5_3 (last revision 2011-05-07 19:26 UTC by dtajchreber@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-29 04:13 UTC] dtajchreber@php.net
-Type: Bug +Type: Feature/Change Request
 [2011-04-29 04:13 UTC] dtajchreber@php.net 
"Validates value as URL (according to ยป http://www.faqs.org/rfcs/rfc2396), optionally with required components. Note that the function will only find ASCII URLs to be 
valid; internationalized domain names (containing non-ASCII characters) will fail."

RFC 2396 doesn't support IPv6 addresses... would need to implement RFC 2732 checks... flipping to feature request. 

[1] http://www.php.net/manual/en/filter.filters.validate.php
[2] http://www.faqs.org/rfcs/rfc2396.html
[3] http://en.wikipedia.org/wiki/Uniform_Resource_Identifier#Refinement_of_specifications
[4] http://tools.ietf.org/html/rfc2732
 [2011-05-07 21:26 UTC] dtajchreber@php.net 
The following patch has been added/updated:

Patch Name: 5_3
Revision:   1304796392
URL:        http://bugs.php.net/patch-display.php?bug=54629&patch=5_3&revision=1304796392
 [2011-05-07 21:26 UTC] dtajchreber@php.net 
The following patch has been added/updated:

Patch Name: trunk
Revision:   1304796415
URL:        http://bugs.php.net/patch-display.php?bug=54629&patch=trunk&revision=1304796415
 [2016-01-30 20:48 UTC] narf at devilix dot net 
This has been resolved via https://bugs.php.net/bug.php?id=68039

But only for PHP 7
 [2020-03-01 23:02 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2020-03-01 23:02 UTC] cmb@php.net 
Closing as duplicate of feature request #68039.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Oct 23 21:00:01 2025 UTC