Edit report at https://bugs.php.net/bug.php?id=65141&edit=1
ID: 65141
Comment by: cmbecker69 at gmx dot de
Reported by: demtheman at yahoo dot com
Summary: filter_var() validates URL with two http:// as valid
Status: Open
Type: Bug
Package: URL related
Operating System: Windows 7 64-bit
PHP Version: 5.3.26
Block user comment: N
Private report: N
New Comment:
As Thomas Lahn pointed out in comp.lang.php
(<7348494.gbytuhr...@pointedears.de>)
the mentioned URI (there was used a slightly different URI,
but that doesn't matter in this case, as the productions can be adapted)
is actually valid according to RFC 2396.
Previous Comments:
------------------------------------------------------------------------
[2013-06-27 20:56:48] cmbecker69 at gmx dot de
According to RFC 2396 Appendix A the example URI doesn't seem to be valid,
even if it passes the regular expression given in Appendix B.
However, filter_var($var, FILTER_VALIDATE_URL) is based on parse_url().
parse_url('http://http://example.com') evaluates to:
Array
(
[scheme] => http
[host] => http
[path] => //example.com
)
This is apparently wrong in this case according to RFC 2396; neither an
abs_path
nor a rel_path must start with a double slash.
------------------------------------------------------------------------
[2013-06-27 03:39:05] demtheman at yahoo dot com
Description:
------------
I used filter_var() to validate the URL http://http://www.google.com (as test
URL), however it seems to see it as valid which in fact is wrong. Refer to my
SO
question http://stackoverflow.com/questions/17333612/filter-var-accepts-invalid-
url
Test script:
---------------
$website = "http://http://www.google.com";;
echo filter_var($website, FILTER_VALIDATE_URL);
Expected result:
----------------
The filter_var() should return FALSE.
Actual result:
--------------
The filter_var() returns the filtered data.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=65141&edit=1
