|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64173 filter_var filter_validate_url incorrect
Submitted: 2013-02-08 09:03 UTC Modified: 2018-08-15 16:13 UTC
Avg. Score:3.0 ± 2.0
Reproduced:1 of 2 (50.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: retze dot faber at gmail dot com Assigned:
Status: Verified Package: Filter related
PHP Version: Irrelevant OS: debian squeeze
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2013-02-08 09:03 UTC] retze dot faber at gmail dot com
From manual page:

http:// passes filter_var with FILTER_VALIDATE_URL

Test script:
$url = $_REQUEST['url'];

if (filter_var("http://" . $url, FILTER_VALIDATE_URL)) $filter="true"; else $filter="false";

echo "Filter var result of concat with http is:" . $filter . "<br>";

Expected result:
I expect it to return false when i run the script with and true when i run it with

Actual result:
It returns true in both cases

Patches (last revision 2019-10-09 08:09 UTC by franko-or at relojerias dot site)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2013-03-02 14:30 UTC]
I don't see this as a documentation bug.  This filter effectively just calls 
parse_url() on the value and looks to see if the resulting array makes some 
sense. Running "http://" through parse_url() gives an array 
like array('scheme' => 'http', 'host' => 'http', 'path' => '//').

If you feel this is a bug in the filter, please change the Bug Type to "bug". If 
you feel this is not a bug in the implementation, rather still a documentation 
problem then could you elaborate on what details you would like to be added or 
changed?  A final option is to close off this report if you decide that this 
behaviour is now to be expected and there is no issue.

Let us know what you think.
 [2013-03-02 14:30 UTC]
-Status: Open +Status: Feedback
 [2013-03-02 17:51 UTC] retze dot faber at gmail dot com
Changed to bug, cause I feel it should return false when I call it with http://
 [2013-03-02 17:51 UTC] retze dot faber at gmail dot com
-Status: Feedback +Status: Open -Type: Documentation Problem +Type: Bug
 [2014-04-04 04:30 UTC] f21 dot groups at gmail dot com
Just ran into this as well. I think there some further checking should be done in filter_var as http:// is not valid.
 [2018-08-15 16:13 UTC]
-Status: Open +Status: Verified
 [2018-08-15 16:13 UTC]
For reference: <>.
 [2019-10-09 08:09 UTC] franko-or at relojerias dot site
The following patch has been added/updated:

Patch Name:
Revision:   1570608543
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri Oct 30 17:01:24 2020 UTC