Edit report at http://bugs.php.net/bug.php?id=54255&edit=1
ID: 54255
Comment by: nm at web dot am
Reported by: nm at web dot am
Summary: FILTER_VALIDATE_URL does not allow - in domain name
Status: Bogus
Type: Bug
Package: Filter related
Operating System: Linux
PHP Version: 5.3.5
Block user comment: N
Private report: N
New Comment:
What the f...bug!
changed http to hxxp to prevent spam detection :) change back while
testing.
Let's compare the results:
Ubuntu 10.10, Linux eniac 2.6.36-020636-generic #201010210905 SMP Thu
Oct 21 09:08:58 UTC 2010 x86_64 GNU/Linux, PHP 5.3.3-1ubuntu9.3 with
Suhosin-Patch (cli) (built: Jan 12 2011 16:07:38) , package: php5
5.3.3-1ubuntu9.3
works as expected.
@eniac ~> php -r 'var_dump(filter_var("hxxp://asd_asd.de",
FILTER_VALIDATE_URL));'
bool(false)
@eniac ~> php -r 'var_dump(filter_var("hxxp://asd-asd.de",
FILTER_VALIDATE_URL));'
string(17) "http://asd-asd.de";
@eniac ~>
CentOS 5, 2.6.18-194.8.1.el5.028stab070.5 , PHP 5.2.9
@www1 ~> php -r 'var_dump(filter_var("hxxp://asd_asd.de",
FILTER_VALIDATE_URL));'
string(17) "http://asd_asd.de";
@www1 ~> php -r 'var_dump(filter_var("hxxp://asd-asd.de",
FILTER_VALIDATE_URL));'
string(17) "http://asd-asd.de";
well, this is the bug, but fixed in upstream.
FreeBSD 8.0-RELEASE-p4, PHP 5.3.5 with Suhosin-Patch (cli) (built: Mar
14 2011 17:47:34), package php5-5.3.5 (compiled from ports)
@www-backup ...db/pkg> php -r 'var_dump(filter_var("hxxp://asd_asd.de",
FILTER_VALIDATE_URL));'
string(17) "http://asd_asd.de";
@www-backup ...db/pkg> php -r 'var_dump(filter_var("hxxp://asd-asd.de",
FILTER_VALIDATE_URL));'
bool(false)
@www-backup ...db/pkg>
What is wrong with it on FreeBSD ?????
Seems that it is more build or OS related problem, than php itself.
Previous Comments:
------------------------------------------------------------------------
[2011-03-15 15:39:25] [email protected]
Oh, and:
# php -r 'var_dump(filter_var("http://ea_sd.com";,
FILTER_VALIDATE_URL));'
bool(false)
------------------------------------------------------------------------
[2011-03-15 15:38:21] [email protected]
# php -v
PHP 5.3.5 (cli) (built: Mar 15 2011 07:36:59)
# php -r 'var_dump(filter_var("http://ea-sd.com";,
FILTER_VALIDATE_URL));'
string(16) "http://ea-sd.com";
------------------------------------------------------------------------
[2011-03-15 09:56:49] nm at web dot am
Description:
------------
FILTER_VALIDATE_URL documentatin says that it does filtering according
to rfc2396, but in fact filter_var fails to conform RFC.
Hostname definition in rfc is as follows:
hostport = host [ ":" port ]
host = hostname | IPv4address
hostname = *( domainlabel "." ) toplabel [ "." ]
domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
toplabel = alpha | alpha *( alphanum | "-" ) alphanum
so it should allow "-" dash symbol in domainnames (both domain name and
TLD name).
In other hand it SHOULD NOT allow "_" symbol in the domain name, as it
is against specification (right now it allows).
Test script:
---------------
first case also should validate successfully
php -r 'var_dump(filter_var("http://ea-sd.com";, FILTER_VALIDATE_URL));'
bool(false)
php -r 'var_dump(filter_var("http://easd.com";, FILTER_VALIDATE_URL));'
string(15) "http://easd.com";
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=54255&edit=1
