Edit report at https://bugs.php.net/bug.php?id=62159&edit=1
ID: 62159 User updated by: mfsole at hotmail dot com Reported by: mfsole at hotmail dot com Summary: All ports greater than 65535 in parse_url Status: Open Type: Feature/Change Request Package: URL related Operating System: Linux PHP Version: 5.3.13 Block user comment: N Private report: N New Comment: Well returning false would be a better behavior than returning an arbitrary number. However I was forced to switch to the Pear package Net_URL2 which does not have this behavior. Again, I need to stress that valid port numbers are only relavant when making TCP requests (ssh, http, https, etc) but URLs are used for other things, like the examples I gave. Previous Comments: ------------------------------------------------------------------------ [2012-05-29 02:51:55] kriss at krizalys dot com I have the same behavior with older PHP 5.3.5/Windows 7 x64 However, I noticed that PHP 5.3.13/Gentoo x86_64 is even more strict and returns FALSE (meaning "really bad-formed URL" according to the doc) for the given URL. The port is the reason of this failure because changing it to something in the range 0 - 65535 will return the expected information. ------------------------------------------------------------------------ [2012-05-25 19:29:31] riptide dot tempora at opinehub dot com https://en.wikipedia.org/wiki/Goatse_Security#Browser_vulnerabilities <-- relevant ------------------------------------------------------------------------ [2012-05-25 15:18:12] mfsole at hotmail dot com Description: ------------ Currently the parse_url function only recognizes ports from 0-65535. Firstly this isn't really documented on the site. Secondly, while it is true that valid port numbers for http requests are less than 65535 there are other types of URLs which have port numbers that can exceed that limit. This is very common in the SMS world as the port number is used to indicate short code. Here is an example: ctpp://ericsson:78325/?carrier=31003&address=2125551212 I don't see any real benefit to limiting the port number, more over the function appears to arbitrarily rewrite the port number. So the above example gets reported as 12789. Best case scenario would be to just allow numbers of any size. PHP is understood to be loosely type so enforcing type here is inconsistent. At the very least document the behavior on the site (I will add post to the function for others). Test script: --------------- <?php $url = 'ctpp://ericsson:78325/?carrier=31003&address=2125551212'; $parsedURL = parse_url($url); var_dump($parsedURL); Expected result: ---------------- array (size=5) 'scheme' => string 'ctpp' (length=4) 'host' => string 'ericsson' (length=8) 'port' => int 78325 'path' => string '/' (length=1) 'query' => string 'carrier=31003&address=2125551212' (length=32) Actual result: -------------- array (size=5) 'scheme' => string 'ctpp' (length=4) 'host' => string 'ericsson' (length=8) 'port' => int 12789 'path' => string '/' (length=1) 'query' => string 'carrier=31003&address=2125551212' (length=32) ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=62159&edit=1
