Bug #54031 [Opn->Bgs]: parse_url failing for certain partial URLs

[iliaa]

Edit report at http://bugs.php.net/bug.php?id=54031&edit=1

 ID:                 54031
 Updated by:         il...@php.net
 Reported by:        andreas at blixt dot org
 Summary:            parse_url failing for certain partial URLs
-Status:             Open
+Status:             Bogus
 Type:               Bug
 Package:            URL related
 Operating System:   Mac OS X 10.6.6
 PHP Version:        5.3.5
 Block user comment: N
 Private report:     N

 New Comment:

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php




Previous Comments:
------------------------------------------------------------------------
[2011-02-16 17:24:32] andreas at blixt dot org

Description:
------------
The parse_url function fails to parse any partial URL with a colon
followed by a 

slash ":/" in it. It should have no problems parsing them though, since
it's 

easy to determine whether a URL is partial or not (any string that does
not 

start with a scheme [ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )] and
then an 

authority [which in the case of URLs starts with two slashes "//"]
cannot be a 

URL; see RFC 3986).



In the case of partial URLs, it would be expected that parse_url acts as
if 

"http://tld"; was prepended to the input string (without returning the
"scheme" 

or "host" parts, obviously).



The reason I'm filing this as a bug is because a script which uses a
trusted 

source of a partial URL (such as $_SERVER['REQUEST_URI'] in most
environments) 

and relies on parse_url will fail as soon as the visitor adds ":/"
somewhere in 

the path.



My current workaround is to check whether the URL is partial ($url{0} ==
'/' is 

sufficient in most cases) and if so, prepend a scheme and authority to
it before 

passing it to parse_url.

Test script:
---------------
$ php -r 'var_dump(parse_url("/?x=:/"));' # Fails

$ php -r 'var_dump(parse_url("/?x=:)"));' # Works

Expected result:
----------------
$ php -r 'var_dump(parse_url("/?x=:/"));'

array(2) {

  ["path"]=>

  string(1) "/"

  ["query"]=>

  string(4) "x=:/"

}

$ php -r 'var_dump(parse_url("/?x=:)"));'

array(2) {

  ["path"]=>

  string(1) "/"

  ["query"]=>

  string(4) "x=:)"

}

Actual result:
--------------
$ php -r 'var_dump(parse_url("/?x=:/"));'

bool(false)

$ php -r 'var_dump(parse_url("/?x=:)"));'

array(2) {

  ["path"]=>

  string(1) "/"

  ["query"]=>

  string(4) "x=:)"

}


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=54031&edit=1