php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77331 FILTER_VALIDATE_DOMAIN fail on example.org/wat
Submitted: 2018-12-20 22:22 UTC Modified: 2021-04-06 15:23 UTC
Votes:8
Avg. Score:3.4 ± 1.6
Reproduced:6 of 6 (100.0%)
Same Version:5 (83.3%)
Same OS:4 (66.7%)
From: divinity76 at gmail dot com Assigned: cmb (profile)
Status: Not a bug Package: Unknown/Other Function
PHP Version: 7.2 OS: Win7 x64 & Ubuntu 18.04
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: divinity76 at gmail dot com
New email:
PHP Version: OS:

 

 [2018-12-20 22:22 UTC] divinity76 at gmail dot com
Description:
------------
FILTER_VALIDATE_DOMAIN fail to realize that "example.org/wat" is not a domain (URL? guess you can say that. domain? don't think so.) - interestingly, FILTER_VALIDATE_DOMAIN works fine if FILTER_FLAG_HOSTNAME is provided, the bug is only present when FILTER_FLAG_HOSTNAME is not provided.

Test script:
---------------
<?php

var_dump(
    filter_var('example.org/wat',FILTER_VALIDATE_DOMAIN),
    filter_var('example.org/wat',FILTER_VALIDATE_DOMAIN,FILTER_FLAG_HOSTNAME)
    );


Expected result:
----------------
bool(false)
bool(false)

Actual result:
--------------
string(15) "example.org/wat"
bool(false)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-12-20 23:28 UTC] cmb@php.net
-Status: Open +Status: Verified -PHP Version: 7.3.0 +PHP Version: 7.2
 [2018-12-20 23:29 UTC] cmb@php.net
See <https://3v4l.org/QRW3K>.
 [2018-12-22 03:36 UTC] a at b dot c dot de
FILTER_VALIDATE_DOMAIN is only looking at the lengths of the domain string and those of the bits between '.' characters (this is documented but doesn't seem hugely useful).

var_dump(
 filter_var('***.****',FILTER_VALIDATE_DOMAIN),
 filter_var('!',FILTER_VALIDATE_DOMAIN),
 filter_var('*******',FILTER_VALIDATE_DOMAIN),
 filter_var(str_repeat('*', 63),FILTER_VALIDATE_DOMAIN),
 filter_var(str_repeat('*', 64),FILTER_VALIDATE_DOMAIN) // Too long
);

Meanwhile, FILTER_FLAG_HOSTNAME rejects domains with legal hyphens:

var_dump(
 // A hyphen with a well-known story behind it
 filter_var('experts-exchange.com',
            FILTER_VALIDATE_DOMAIN | FILTER_FLAG_HOSTNAME),
 // Punycode (Greek test TLD)
 filter_var('xn--jxalpdlp',
            FILTER_VALIDATE_DOMAIN | FILTER_FLAG_HOSTNAME)
);
 [2018-12-22 09:09 UTC] divinity76 at gmail dot com
@ a at b dot c dot de , 

this is not a comment on the validity of your claim, but you are using filter_var wrong, FILTER_FLAG_HOSTNAME goes as the third parameter, it is not supposed to be bitwise-or'ed into the 2nd parameter. (filter_var is weird, check the docs)
 [2018-12-22 14:22 UTC] php at bitm dot sg
I want to add here that a whitespace and empty string should probably pass in the future. Empty string refers to the DNS Root: https://en.wikipedia.org/wiki/Fully_qualified_domain_name#Syntax
 [2019-01-24 19:21 UTC] divinity76 at gmail dot com
@ a at b dot c dot de

quote > Meanwhile, FILTER_FLAG_HOSTNAME rejects domains with legal hyphens:

- actually, when filter_var is user properly, it allows those domains (FILTER_FLAG_HOSTNAME goes as the third argument, don't xor it into the 2nd argument)

var_dump(
 // A hyphen with a well-known story behind it
 filter_var('experts-exchange.com',
            FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME),
 // Punycode (Greek test TLD)
 filter_var('xn--jxalpdlp',
            FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)
);



returns bool(true) bool(true)
 [2021-04-06 15:23 UTC] cmb@php.net
-Status: Verified +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2021-04-06 15:23 UTC] cmb@php.net
FILTER_VALIDATE_DOMAIN without FILTER_FLAG_HOSTNAME works as
documented[1]; the fact that it's most useless, doesn't make it a
bug.

If you want the behavior to change, please pursue the RFC
process[2].

[1] <https://www.php.net/manual/en/filter.filters.validate.php>
[2] <https://wiki.php.net/rfc/howto>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 00:01:28 2024 UTC