Req #62159 [Com]: All ports greater than 65535 in parse_url

Fri, 25 May 2012 12:29:41 -0700 

Edit report at https://bugs.php.net/bug.php?id=62159&edit=1

 ID:                 62159
 Comment by:         riptide dot tempora at opinehub dot com
 Reported by:        mfsole at hotmail dot com
 Summary:            All ports greater than 65535 in parse_url
 Status:             Open
 Type:               Feature/Change Request
 Package:            URL related
 Operating System:   Linux
 PHP Version:        5.3.13
 Block user comment: N
 Private report:     N

 New Comment:

https://en.wikipedia.org/wiki/Goatse_Security#Browser_vulnerabilities <-- 
relevant


Previous Comments:
------------------------------------------------------------------------
[2012-05-25 15:18:12] mfsole at hotmail dot com

Description:
------------
Currently the parse_url function only recognizes ports from 0-65535. Firstly 
this 
isn't really documented on the site. Secondly, while it is true that valid port 
numbers for http requests are less than 65535 there are other types of URLs 
which 
have port numbers that can exceed that limit. This is very common in the SMS 
world 
as the port number is used to indicate short code. Here is an example:

ctpp://ericsson:78325/?carrier=31003&address=2125551212

I don't see any real benefit to limiting the port number, more over the 
function 
appears to arbitrarily rewrite the port number. So the above example gets 
reported 
as 12789.

Best case scenario would be to just allow numbers of any size. PHP is 
understood 
to be loosely type so enforcing type here is inconsistent. At the very least 
document the behavior on the site (I will add post to the function for others). 

Test script:
---------------
<?php
$url = 'ctpp://ericsson:78325/?carrier=31003&address=2125551212';
$parsedURL = parse_url($url);
var_dump($parsedURL);



Expected result:
----------------
array (size=5)
  'scheme' => string 'ctpp' (length=4)
  'host' => string 'ericsson' (length=8)
  'port' => int 78325
  'path' => string '/' (length=1)
  'query' => string 'carrier=31003&address=2125551212' (length=32)

Actual result:
--------------
array (size=5)
  'scheme' => string 'ctpp' (length=4)
  'host' => string 'ericsson' (length=8)
  'port' => int 12789
  'path' => string '/' (length=1)
  'query' => string 'carrier=31003&address=2125551212' (length=32)


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=62159&edit=1

Reply via email to