php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44456 CURLOPT_URL error in parsing ftp url string given
Submitted: 2008-03-17 16:27 UTC Modified: 2008-03-25 03:43 UTC
Votes:2
Avg. Score:4.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: sergiocrz at hotmail dot com Assigned:
Status: Not a bug Package: cURL related
PHP Version: 5.2.5 OS: WinXP
Private report: No CVE-ID: None
 [2008-03-17 16:27 UTC] sergiocrz at hotmail dot com
Description:
------------
When an ftp username or password uses the character "#" and when I try to use it in 

curl_setopt($ch, CURLOPT_URL, "ftp://$ftp_user_name:$ftp_pass@$ftp_ip:$ftp_port$path");

cURL will not login with the correct user/pass combination nor the correct IP.


Reproduce code:
---------------
// using ex:  ftp://%e$U^&:!@#$5%@123.145.123.145:456

$ftp_user_name = "%e$U^&" ;
$ftp_pass = "!@#$5%" ;
$ftp_ip = "123.145.123.145";
$ftp_port = 456;
$path = "/";

 $ch = curl_init();

 curl_setopt($ch, CURLOPT_URL, "ftp://$ftp_user_name:$ftp_pass@$ftp_ip:$ftp_port$path");
 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 4);  
 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 curl_setopt($ch, CURLOPT_FTPLISTONLY, 0);

 $result['filelist'] = curl_exec($ch); // content
 $result['error'] = curl_error($ch);
 $result['errno'] = curl_errno($ch);



Expected result:
----------------
Loggin in with the correct 
$ftp_user_name = "%e$U^&" ;
$ftp_pass = "!@#$5%" ;
$ftp_ip = "123.145.123.145";
$ftp_port = 456;


Actual result:
--------------
cURL will connect to the IP: #$5%@123.145.123.145 as dysplayed by the error.

As you can see the part before the ip "#$5%" belongs to the ftp_pass, so I think when curl is parsing the url string and encounters "#" (char(35)) it returns the wrong ip.



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-03-19 00:09 UTC] felipe@php.net
This seems expected.
Normally app. accepts the format obtained for:
http://docs.php.net/manual/en/function.rawurlencode.php

Try using this function on login and password.
 [2008-03-19 02:28 UTC] sergiocrz at hotmail dot com
Why is it expected that curl returns false ip when the url contains '#'?
If I use rawurlencode() to username and password CURL will consider that encoded string as a new username and password, it will not be decoded on exec. The returning error is: Access denied: 530. Thats because the user and pass are incorrect...

By the results I have I still think there is a bug somewhere...
 [2008-03-19 02:34 UTC] felipe@php.net
> Why is it expected that curl returns false 
> ip when the url contains '#'?

AFAIK, the problem isn't the '#', but the '@'.
 [2008-03-23 23:40 UTC] daniel at haxx dot se
Those letters are not valid in a URL, described in RFC2396. (lib)curl expects and requires a valid URL.
 [2008-03-24 00:58 UTC] felipe@php.net
Nice, thanks for information, Daniel.
 [2008-03-25 03:43 UTC] sergiocrz at hotmail dot com
Those letters are not valid in a URL, described in RFC2396. (lib)curl
expects and requires a valid URL.

I didnt read that document, but I know that some clients' ftp servers use this kind of chars in the username and password and they are valid for login in wathever program, execpt CURL and php.
thats tricky
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 11:01:30 2024 UTC