php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54031 parse_url failing for certain partial URLs
Submitted: 2011-02-16 17:24 UTC Modified: 2011-02-22 14:41 UTC
From: andreas at blixt dot org Assigned:
Status: Not a bug Package: URL related
PHP Version: 5.3.5 OS: Mac OS X 10.6.6
Private report: No CVE-ID: None
 [2011-02-16 17:24 UTC] andreas at blixt dot org
Description:
------------
The parse_url function fails to parse any partial URL with a colon followed by a 
slash ":/" in it. It should have no problems parsing them though, since it's 
easy to determine whether a URL is partial or not (any string that does not 
start with a scheme [ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )] and then an 
authority [which in the case of URLs starts with two slashes "//"] cannot be a 
URL; see RFC 3986).

In the case of partial URLs, it would be expected that parse_url acts as if 
"http://tld" was prepended to the input string (without returning the "scheme" 
or "host" parts, obviously).

The reason I'm filing this as a bug is because a script which uses a trusted 
source of a partial URL (such as $_SERVER['REQUEST_URI'] in most environments) 
and relies on parse_url will fail as soon as the visitor adds ":/" somewhere in 
the path.

My current workaround is to check whether the URL is partial ($url{0} == '/' is 
sufficient in most cases) and if so, prepend a scheme and authority to it before 
passing it to parse_url.

Test script:
---------------
$ php -r 'var_dump(parse_url("/?x=:/"));' # Fails
$ php -r 'var_dump(parse_url("/?x=:)"));' # Works

Expected result:
----------------
$ php -r 'var_dump(parse_url("/?x=:/"));'
array(2) {
  ["path"]=>
  string(1) "/"
  ["query"]=>
  string(4) "x=:/"
}
$ php -r 'var_dump(parse_url("/?x=:)"));'
array(2) {
  ["path"]=>
  string(1) "/"
  ["query"]=>
  string(4) "x=:)"
}

Actual result:
--------------
$ php -r 'var_dump(parse_url("/?x=:/"));'
bool(false)
$ php -r 'var_dump(parse_url("/?x=:)"));'
array(2) {
  ["path"]=>
  string(1) "/"
  ["query"]=>
  string(4) "x=:)"
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-22 14:41 UTC] iliaa@php.net
-Status: Open +Status: Bogus
 [2011-02-22 14:41 UTC] iliaa@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 16:01:31 2024 UTC