|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25778 parse_url is not RFC 2396 compliant
Submitted: 2003-10-07 10:02 UTC Modified: 2003-10-08 08:01 UTC
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: gmirchev at usa dot net Assigned:
Status: Wont fix Package: URL related
PHP Version: 4.3.3 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2003-10-07 10:02 UTC] gmirchev at usa dot net
parse_url does not correctly handle these relative URLs:


In the reproduce code is correct PHP implementation.

Reproduce code:
	function url_parse($url)
		$parts = array(
			'scheme' => '',
			'host' => '',
			'port' => '',
			'user' => '',
			'pass' => '',
			'path' => '',
			'query' => '',
			'fragment' => ''

		# Regular Expression from RFC 2396 (appendix B)
		preg_match('"^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?"', $url, $matches);
		if (array_key_exists(2, $matches)) $parts['scheme'] = $matches[2];
		if (array_key_exists(4, $matches)) $authority = $matches[4];
		if (array_key_exists(5, $matches)) $parts['path'] = $matches[5];
		if (array_key_exists(7, $matches)) $parts['query'] = $matches[7];
		if (array_key_exists(9, $matches)) $parts['fragment'] = $matches[9];
		# Extract username, password, host and port from authority
		preg_match('"(([^:@]*)(:([^:@]*))?@)?([^:]*)(:(.*))?"', $authority, $matches);

		if (array_key_exists(2, $matches)) $parts['user'] = $matches[2];
		if (array_key_exists(4, $matches)) $parts['pass'] = $matches[4];
		if (array_key_exists(5, $matches)) $parts['host'] = $matches[5];
		if (array_key_exists(7, $matches)) $parts['port'] = $matches[7];
		return $parts;


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-10-08 07:32 UTC] gmirchev at usa dot net
No! Those are URLs. Please read the RFC.

RFC 2396 part 4:

URI-reference = [ absoluteURI | relativeURI ] [ "#" fragment ]

also RFC 2396:

1.2. URI, URL, and URN

   A URI can be further classified as a locator, a name, or both.  The
   term "Uniform Resource Locator" (URL) refers to the subset of URI
   that identify resources via a representation of their primary access
   mechanism (e.g., their network "location"), rather than identifying
   the resource by name or by some other attribute(s) of that resource.
   The term "Uniform Resource Name" (URN) refers to the subset of URI
   that are required to remain globally unique and persistent even when
   the resource ceases to exist or becomes unavailable.
 [2003-10-08 08:01 UTC]
parse_url() is only intended to be used with fully qualified URLs.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Jun 18 00:01:32 2024 UTC