php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68129 parse_url() - incomplete support for empty usernames and passwords
Submitted: 2014-10-02 00:58 UTC Modified: -
From: vort dot fu at gmail dot com Assigned:
Status: Closed Package: URL related
PHP Version: 5.6.0 OS: OS X 10.9.5
Private report: No CVE-ID:
 [2014-10-02 00:58 UTC] vort dot fu at gmail dot com
Description:
------------
Section 3.1 "Common Internet Scheme Syntax" of RFC-1738 "Uniform Resource Locators (URL)" (https://www.ietf.org/rfc/rfc1738.txt) states the following:

   Note that an empty user name or password is different than no user
   name or password; there is no way to specify a password without
   specifying a user name. E.g., <URL:ftp://@host.com/> has an empty
   user name and no password, <URL:ftp://host.com/> has no user name,
   while <URL:ftp://foo:@host.com/> has a user name of "foo" and an
   empty password.


parse_url() currently only supports empty user names if a password component is not specified (including empty passwords, which aren't supported at all)

Test script:
---------------
<?php

   // correct (returns empty username)
   var_dump( parse_url( 'https://@example.com' ) );

   // incorrect (doesn't return empty username or password)
   var_dump( parse_url( 'https://:@example.com' ) );

   // incorrect (doesn't return empty username)
   var_dump( parse_url( 'https://:password@example.com' ) );

   // incorrect (doesn't return empty password)
   var_dump( parse_url( 'https://username:@example.com' ) );



Expected result:
----------------
array(3) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(0) ""
}
array(4) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(0) ""
  ["pass"]=>
  string(0) ""
}
array(4) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(0) ""
  ["pass"]=>
  string(8) "password"
}
array(4) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(8) "username"
  ["pass"]=>
  string(0) ""
}

Actual result:
--------------
array(3) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(0) ""
}
array(2) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
}
array(3) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["pass"]=>
  string(8) "password"
}
array(3) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(8) "username"
}

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-10-09 00:27 UTC] datibbaw@php.net
Automatic comment on behalf of datibbaw
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d0e51f5ce992ab5fc90c4d962a5d4e8c24b74823
Log: Fixed bug #68129
 [2014-10-09 00:27 UTC] datibbaw@php.net
-Status: Open +Status: Closed
 [2014-10-10 20:59 UTC] ab@php.net
Automatic comment on behalf of datibbaw
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d0e51f5ce992ab5fc90c4d962a5d4e8c24b74823
Log: Fixed bug #68129
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC