|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64173 filter_var filter_validate_url incorrect
Submitted: 2013-02-08 09:03 UTC Modified: 2018-08-15 16:13 UTC
Avg. Score:3.5 ± 1.7
Reproduced:3 of 4 (75.0%)
Same Version:3 (100.0%)
Same OS:1 (33.3%)
From: retze dot faber at gmail dot com Assigned:
Status: Verified Package: Filter related
PHP Version: Irrelevant OS: debian squeeze
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
14 - 5 = ?
Subscribe to this entry?

 [2013-02-08 09:03 UTC] retze dot faber at gmail dot com
From manual page:

http:// passes filter_var with FILTER_VALIDATE_URL

Test script:
$url = $_REQUEST['url'];

if (filter_var("http://" . $url, FILTER_VALIDATE_URL)) $filter="true"; else $filter="false";

echo "Filter var result of concat with http is:" . $filter . "<br>";

Expected result:
I expect it to return false when i run the script with and true when i run it with

Actual result:
It returns true in both cases

Patches (last revision 2019-10-09 08:09 UTC by franko-or at relojerias dot site)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2013-03-02 14:30 UTC]
I don't see this as a documentation bug.  This filter effectively just calls 
parse_url() on the value and looks to see if the resulting array makes some 
sense. Running "http://" through parse_url() gives an array 
like array('scheme' => 'http', 'host' => 'http', 'path' => '//').

If you feel this is a bug in the filter, please change the Bug Type to "bug". If 
you feel this is not a bug in the implementation, rather still a documentation 
problem then could you elaborate on what details you would like to be added or 
changed?  A final option is to close off this report if you decide that this 
behaviour is now to be expected and there is no issue.

Let us know what you think.
 [2013-03-02 14:30 UTC]
-Status: Open +Status: Feedback
 [2013-03-02 17:51 UTC] retze dot faber at gmail dot com
Changed to bug, cause I feel it should return false when I call it with http://
 [2013-03-02 17:51 UTC] retze dot faber at gmail dot com
-Status: Feedback +Status: Open -Type: Documentation Problem +Type: Bug
 [2014-04-04 04:30 UTC] f21 dot groups at gmail dot com
Just ran into this as well. I think there some further checking should be done in filter_var as http:// is not valid.
 [2018-08-15 16:13 UTC]
-Status: Open +Status: Verified
 [2018-08-15 16:13 UTC]
For reference: <>.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Apr 21 01:01:27 2024 UTC