PHP :: Bug #64173 :: filter_var filter_validate

Bug #64173

filter_var filter_validate_url incorrect

Submitted:

2013-02-08 09:03 UTC

Modified:

2018-08-15 16:13 UTC

Votes:	4
Avg. Score:	3.5 ± 1.7
Reproduced:	3 of 4 (75.0%)
Same Version:	3 (100.0%)
Same OS:	1 (33.3%)

From:

retze dot faber at gmail dot com

Assigned:

Status:

Verified

Package:

Filter related

PHP Version:

Irrelevant

OS:

debian squeeze

Private report:

CVE-ID:

None

View Developer Edit

[2013-02-08 09:03 UTC] retze dot faber at gmail dot com

Description:
------------
---
From manual page: http://www.php.net/function.filter-var
---

http://http://www.google.com passes filter_var with FILTER_VALIDATE_URL

Test script:
---------------
$url = $_REQUEST['url'];

if (filter_var("http://" . $url, FILTER_VALIDATE_URL)) $filter="true"; else $filter="false";

echo "Filter var result of concat with http is:" . $filter . "<br>";

Expected result:
----------------
I expect it to return false when i run the script with http://www.google.com and true when i run it with www.google.com

Actual result:
--------------
It returns true in both cases

Patches

www.labqurzor.net (last revision 2019-10-09 08:09 UTC by franko-or at relojerias dot site)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-03-02 14:30 UTC] salathe@php.net

I don't see this as a documentation bug.  This filter effectively just calls 
parse_url() on the value and looks to see if the resulting array makes some 
sense. Running "http://http://www.google.com" through parse_url() gives an array 
like array('scheme' => 'http', 'host' => 'http', 'path' => '//www.google.com').

If you feel this is a bug in the filter, please change the Bug Type to "bug". If 
you feel this is not a bug in the implementation, rather still a documentation 
problem then could you elaborate on what details you would like to be added or 
changed?  A final option is to close off this report if you decide that this 
behaviour is now to be expected and there is no issue.

Let us know what you think.

[2013-03-02 14:30 UTC] salathe@php.net

-Status: Open +Status: Feedback

[2013-03-02 17:51 UTC] retze dot faber at gmail dot com

Changed to bug, cause I feel it should return false when I call it with http://http://www.google.com

[2013-03-02 17:51 UTC] retze dot faber at gmail dot com

-Status: Feedback +Status: Open -Type: Documentation Problem +Type: Bug

[2014-04-04 04:30 UTC] f21 dot groups at gmail dot com

Just ran into this as well. I think there some further checking should be done in filter_var as http://http://www.google.com is not valid.

[2018-08-15 16:13 UTC] cmb@php.net

-Status: Open +Status: Verified

[2018-08-15 16:13 UTC] cmb@php.net

For reference: <https://3v4l.org/MIRZR>.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Dec 04 08:01:29 2024 UTC