PHP :: Request #54629 :: FILTER_VALIDATE_URL rejects IPv6 URLs http://[::1]/

FILTER_VALIDATE_URL rejects IPv6 URLs http://[::1]/

Submitted:

2011-04-29 02:17 UTC

Modified:

2020-03-01 23:02 UTC

Votes:	9
Avg. Score:	4.3 ± 0.8
Reproduced:	7 of 8 (87.5%)
Same Version:	3 (42.9%)
Same OS:	4 (57.1%)

From:

xmilky+php at gmail dot com

Assigned:

cmb (profile)

Status:

Duplicate

Package:

URL related

PHP Version:

5.3.6

OS:

amd64 GNU/Linux 2.6.35

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	xmilky+php at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2011-04-29 02:17 UTC] xmilky+php at gmail dot com

Description:
------------
I just came to wonder why the filter extension rejects my IPv6 URLs. For example this returns `false` even though it's a valid HTTP url:

    filter_var("http://[::1]:2000/push/thingy", FILTER_VALIDATE_URL);


I'm somewhat certain that FILTER_VALIDATE_URL actually used [`parse_url`](http://php.net/parse_url) behind the scenes to probe for URL correctness. But parse_url itself works perfectly fine on such addresses:

    Array(
        [scheme] => http
        [host] => [::1]
        [port] => 2000
        [path] => /push/thingy

So there is some limitation in the filter_var wrapper for _VALIDATE_URL.

---

Note that this is a distinct issue to http://bugs.php.net/bug.php?id=48762&edit=2 which was about FILTER_VALIDATE_IP addresses only.


Test script:
---------------
<?php

var_dump(filter_var("http://[::1]/path?qs", FILTER_VALIDATE_URL));

?>

Expected result:
----------------
string(20) "http://[::1]/path?qs"

Actual result:
--------------
bool(false)

Patches

trunk (last revision 2011-05-07 19:26 UTC by dtajchreber@php.net)
5_3 (last revision 2011-05-07 19:26 UTC by dtajchreber@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-04-29 04:13 UTC] dtajchreber@php.net

-Type: Bug +Type: Feature/Change Request

[2011-04-29 04:13 UTC] dtajchreber@php.net

"Validates value as URL (according to » http://www.faqs.org/rfcs/rfc2396), optionally with required components. Note that the function will only find ASCII URLs to be 
valid; internationalized domain names (containing non-ASCII characters) will fail."

RFC 2396 doesn't support IPv6 addresses... would need to implement RFC 2732 checks... flipping to feature request. 

[1] http://www.php.net/manual/en/filter.filters.validate.php
[2] http://www.faqs.org/rfcs/rfc2396.html
[3] http://en.wikipedia.org/wiki/Uniform_Resource_Identifier#Refinement_of_specifications
[4] http://tools.ietf.org/html/rfc2732

[2011-05-07 21:26 UTC] dtajchreber@php.net

The following patch has been added/updated:

Patch Name: 5_3
Revision:   1304796392
URL:        http://bugs.php.net/patch-display.php?bug=54629&patch=5_3&revision=1304796392

[2011-05-07 21:26 UTC] dtajchreber@php.net

The following patch has been added/updated:

Patch Name: trunk
Revision:   1304796415
URL:        http://bugs.php.net/patch-display.php?bug=54629&patch=trunk&revision=1304796415

[2016-01-30 20:48 UTC] narf at devilix dot net

This has been resolved via https://bugs.php.net/bug.php?id=68039

But only for PHP 7

[2020-03-01 23:02 UTC] cmb@php.net

-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb

[2020-03-01 23:02 UTC] cmb@php.net

Closing as duplicate of feature request #68039.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 18:01:34 2024 UTC