php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53924 FILTER_VALIDATE_URL doesn't validate port numbers
Submitted: 2011-02-04 12:18 UTC Modified: 2011-02-04 22:41 UTC
From: aharvey@php.net Assigned: iliaa (profile)
Status: Closed Package: Filter related
PHP Version: trunk-SVN-2011-02-04 (SVN) OS: Irrelevant
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: aharvey@php.net
New email:
PHP Version: OS:

 

 [2011-02-04 12:18 UTC] aharvey@php.net
Description:
------------
Non-integer port numbers are currently validated as OK by FILTER_VALIDATE_URL, 
per a comment in bug #53901.

Test script:
---------------
<?php
var_dump(filter_var('http://example.com:qq', FILTER_VALIDATE_URL));
?>

Expected result:
----------------
bool(false)

Actual result:
--------------
string(21) "http://example.com:qq"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-04 15:34 UTC] aaz at althenia dot net
Thanks.

Since this filter uses parse_url() internally, I suggest the easiest
fix would be to make parse_url() return FALSE here.

Note that parse_url() already does some validation of the port number:

   parse_url('http://example.com:12345');  // OK
   parse_url('http://example.com:123456'); // FALSE
 [2011-02-04 22:41 UTC] iliaa@php.net
Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=308035
Log: Fixed bug #53924 (FILTER_VALIDATE_URL doesn't validate port number).
 [2011-02-04 22:41 UTC] iliaa@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: iliaa
 [2011-02-04 22:41 UTC] iliaa@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Oct 12 23:01:27 2024 UTC