ID: 39898 Updated by: [EMAIL PROTECTED] Reported By: soenke dot ruempler at northclick dot de -Status: Open +Status: Assigned Bug Type: Filter related Operating System: Linux PHP Version: 5.2.0 Assigned To: pajoye
Previous Comments: ------------------------------------------------------------------------ [2006-12-20 13:02:11] [EMAIL PROTECTED] it uses parse_url without concatenating back the result. If we make it work like parse_url, white spaces will be replaced by '_', which is not a good thing either. However, given the RFC, we should simply ignore them (See "E. Recommendations for Delimiting URI in Context" in URI or URL RFC). Fix will be commited once we agreed on the best choice. ------------------------------------------------------------------------ [2006-12-20 11:41:25] soenke dot ruempler at northclick dot de Description: ------------ FILTER_VALIDATE_URL does validate CR, LF and TAB. I don't know if some RFC does allow this theory but practically this makes the URL filter completely unusable. Additionally it would be nice if the filter was more restrictive by default. Requiring scheme and host part is essential in 99,999999% of use cases. More useful would be flags like FILTER_FLAG_SCHEME_NOT_REQUIRED, FILTER_FLAG_HOST_NOT_REQUIRED ... Reproduce code: --------------- $ php -r "var_dump(filter_var(\"blah\n\n\t\rblubäö\", FILTER_VALIDATE_URL));" Expected result: ---------------- bool(false) Actual result: -------------- string(14) "blah blubäö" ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=39898&edit=1
