|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #54629 FILTER_VALIDATE_URL rejects IPv6 URLs http://[::1]/
Submitted: 2011-04-29 02:17 UTC Modified: 2020-03-01 23:02 UTC
Avg. Score:4.3 ± 0.8
Reproduced:7 of 8 (87.5%)
Same Version:3 (42.9%)
Same OS:4 (57.1%)
From: xmilky+php at gmail dot com Assigned: cmb (profile)
Status: Duplicate Package: URL related
PHP Version: 5.3.6 OS: amd64 GNU/Linux 2.6.35
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: xmilky+php at gmail dot com
New email:
PHP Version: OS:


 [2011-04-29 02:17 UTC] xmilky+php at gmail dot com
I just came to wonder why the filter extension rejects my IPv6 URLs. For example this returns `false` even though it's a valid HTTP url:

    filter_var("http://[::1]:2000/push/thingy", FILTER_VALIDATE_URL);

I'm somewhat certain that FILTER_VALIDATE_URL actually used [`parse_url`]( behind the scenes to probe for URL correctness. But parse_url itself works perfectly fine on such addresses:

        [scheme] => http
        [host] => [::1]
        [port] => 2000
        [path] => /push/thingy

So there is some limitation in the filter_var wrapper for _VALIDATE_URL.


Note that this is a distinct issue to which was about FILTER_VALIDATE_IP addresses only.

Test script:

var_dump(filter_var("http://[::1]/path?qs", FILTER_VALIDATE_URL));


Expected result:
string(20) "http://[::1]/path?qs"

Actual result:


trunk (last revision 2011-05-07 19:26 UTC by
5_3 (last revision 2011-05-07 19:26 UTC by

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-29 04:13 UTC]
-Type: Bug +Type: Feature/Change Request
 [2011-04-29 04:13 UTC]
"Validates value as URL (according to ยป, optionally with required components. Note that the function will only find ASCII URLs to be 
valid; internationalized domain names (containing non-ASCII characters) will fail."

RFC 2396 doesn't support IPv6 addresses... would need to implement RFC 2732 checks... flipping to feature request. 

 [2011-05-07 21:26 UTC]
The following patch has been added/updated:

Patch Name: 5_3
Revision:   1304796392
 [2011-05-07 21:26 UTC]
The following patch has been added/updated:

Patch Name: trunk
Revision:   1304796415
 [2016-01-30 20:48 UTC] narf at devilix dot net
This has been resolved via

But only for PHP 7
 [2020-03-01 23:02 UTC]
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2020-03-01 23:02 UTC]
Closing as duplicate of feature request #68039.
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon May 25 09:01:25 2020 UTC