|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64173 filter_var filter_validate_url incorrect
Submitted: 2013-02-08 09:03 UTC Modified: 2013-03-02 17:51 UTC
Avg. Score:1.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: retze dot faber at gmail dot com Assigned:
Status: Open Package: Filter related
PHP Version: Irrelevant OS: debian squeeze
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2013-02-08 09:03 UTC] retze dot faber at gmail dot com
From manual page:

http:// passes filter_var with FILTER_VALIDATE_URL

Test script:
$url = $_REQUEST['url'];

if (filter_var("http://" . $url, FILTER_VALIDATE_URL)) $filter="true"; else $filter="false";

echo "Filter var result of concat with http is:" . $filter . "<br>";

Expected result:
I expect it to return false when i run the script with and true when i run it with

Actual result:
It returns true in both cases


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2013-03-02 14:30 UTC]
I don't see this as a documentation bug.  This filter effectively just calls 
parse_url() on the value and looks to see if the resulting array makes some 
sense. Running "http://" through parse_url() gives an array 
like array('scheme' => 'http', 'host' => 'http', 'path' => '//').

If you feel this is a bug in the filter, please change the Bug Type to "bug". If 
you feel this is not a bug in the implementation, rather still a documentation 
problem then could you elaborate on what details you would like to be added or 
changed?  A final option is to close off this report if you decide that this 
behaviour is now to be expected and there is no issue.

Let us know what you think.
 [2013-03-02 14:30 UTC]
-Status: Open +Status: Feedback
 [2013-03-02 17:51 UTC] retze dot faber at gmail dot com
Changed to bug, cause I feel it should return false when I call it with http://
 [2013-03-02 17:51 UTC] retze dot faber at gmail dot com
-Status: Feedback +Status: Open -Type: Documentation Problem +Type: Bug
 [2014-04-04 04:30 UTC] f21 dot groups at gmail dot com
Just ran into this as well. I think there some further checking should be done in filter_var as http:// is not valid.
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sun Nov 29 14:01:30 2015 UTC