PHP :: Bug #44456 :: CURLOPT_URL error in parsing ftp url string given

Bug #44456

CURLOPT_URL error in parsing ftp url string given

Submitted:

2008-03-17 16:27 UTC

Modified:

2008-03-25 03:43 UTC

Votes:	2
Avg. Score:	4.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

sergiocrz at hotmail dot com

Assigned:

Status:

Not a bug

Package:

cURL related

PHP Version:

5.2.5

OS:

WinXP

Private report:

CVE-ID:

None

View Developer Edit

[2008-03-17 16:27 UTC] sergiocrz at hotmail dot com

Description:
------------
When an ftp username or password uses the character "#" and when I try to use it in 

curl_setopt($ch, CURLOPT_URL, "ftp://$ftp_user_name:$ftp_pass@$ftp_ip:$ftp_port$path");

cURL will not login with the correct user/pass combination nor the correct IP.


Reproduce code:
---------------
// using ex:  ftp://%e$U^&:!@#$5%@123.145.123.145:456

$ftp_user_name = "%e$U^&" ;
$ftp_pass = "!@#$5%" ;
$ftp_ip = "123.145.123.145";
$ftp_port = 456;
$path = "/";

 $ch = curl_init();

 curl_setopt($ch, CURLOPT_URL, "ftp://$ftp_user_name:$ftp_pass@$ftp_ip:$ftp_port$path");
 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 4);  
 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 curl_setopt($ch, CURLOPT_FTPLISTONLY, 0);

 $result['filelist'] = curl_exec($ch); // content
 $result['error'] = curl_error($ch);
 $result['errno'] = curl_errno($ch);



Expected result:
----------------
Loggin in with the correct 
$ftp_user_name = "%e$U^&" ;
$ftp_pass = "!@#$5%" ;
$ftp_ip = "123.145.123.145";
$ftp_port = 456;


Actual result:
--------------
cURL will connect to the IP: #$5%@123.145.123.145 as dysplayed by the error.

As you can see the part before the ip "#$5%" belongs to the ftp_pass, so I think when curl is parsing the url string and encounters "#" (char(35)) it returns the wrong ip.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-03-19 00:09 UTC] felipe@php.net

This seems expected.
Normally app. accepts the format obtained for:
http://docs.php.net/manual/en/function.rawurlencode.php

Try using this function on login and password.

[2008-03-19 02:28 UTC] sergiocrz at hotmail dot com

Why is it expected that curl returns false ip when the url contains '#'?
If I use rawurlencode() to username and password CURL will consider that encoded string as a new username and password, it will not be decoded on exec. The returning error is: Access denied: 530. Thats because the user and pass are incorrect...

By the results I have I still think there is a bug somewhere...

[2008-03-19 02:34 UTC] felipe@php.net

> Why is it expected that curl returns false 
> ip when the url contains '#'?

AFAIK, the problem isn't the '#', but the '@'.

[2008-03-23 23:40 UTC] daniel at haxx dot se

Those letters are not valid in a URL, described in RFC2396. (lib)curl expects and requires a valid URL.

[2008-03-24 00:58 UTC] felipe@php.net

Nice, thanks for information, Daniel.

[2008-03-25 03:43 UTC] sergiocrz at hotmail dot com

Those letters are not valid in a URL, described in RFC2396. (lib)curl
expects and requires a valid URL.

I didnt read that document, but I know that some clients' ftp servers use this kind of chars in the username and password and they are valid for login in wathever program, execpt CURL and php.
thats tricky

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Jun 30 21:01:37 2025 UTC