Doc->Req #51642 [Opn]: FILTER_VALIDATE_URL should fail if an invalid IP address is used

Tue, 14 Feb 2012 20:04:52 -0800 

Edit report at https://bugs.php.net/bug.php?id=51642&edit=1

 ID:                 51642
 Updated by:         ras...@php.net
 Reported by:        graham at grahamweldon dot com
 Summary:            FILTER_VALIDATE_URL should fail if an invalid IP
                     address is used
 Status:             Open
-Type:               Documentation Problem
+Type:               Feature/Change Request
 Package:            Filter related
 Operating System:   OSX 10.5.3
 PHP Version:        5.2.13
 Block user comment: N
 Private report:     N

 New Comment:

I'll put it back to a feature request. I do agree it would be useful to have an 
RFC3986 validator. This code was written prior to that RFC. RFC2396 doesn't 
specify validating the dotted-decimal IPv4 syntax, but RFC3986 does along with 
introducing IPv6-support, of course.


Previous Comments:
------------------------------------------------------------------------
[2012-02-15 01:26:14] graham at grahamweldon dot com

I think it becomes a documentation issue, if the request to add IP validation 
as 
part of the FILTER_VALIDATE_URL is declined.

------------------------------------------------------------------------
[2012-02-15 00:07:41] ras...@php.net

This is more of a documentation issue than an actual feature request.

------------------------------------------------------------------------
[2012-02-14 22:22:10] hairmare at purplehaze dot ch

FILTER_VALIDATE_URL implements RFC2396 (which does not even mention ip 
validation). Have you considered ANDing FILTER_VALIDATE_URL with 
FILTER_VALIDATE_IP like so:

<?php
$url = 'http://999.123.999.123';
var_dump(
    filter_var($url, FILTER_VALIDATE_URL) && 
    filter_var(parse_url($url, PHP_URL_HOST), FILTER_VALIDATE_IP)
);

------------------------------------------------------------------------
[2010-04-26 03:08:50] graham at grahamweldon dot com

Fixed OSX Veron number in report.

------------------------------------------------------------------------
[2010-04-23 09:48:52] graham at grahamweldon dot com

Description:
------------
Tested using PHP 5.2.13 and PHP 5.3.1
Supply of an invalid IP address as the host part of a URL passes the filter_var 
validation.

I propose that validation should fail if an invalid IP address is provided in 
URL 
validation.

Test script:
---------------
var_dump(filter_var('http://999.123.999.123', FILTER_VALIDATE_URL));


Expected result:
----------------
bool(false)

Actual result:
--------------
string(22) "http://999.123.999.123";


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=51642&edit=1

Reply via email to