iliaa Wed Dec 20 19:20:22 2006 UTC Modified files: /php-src/ext/filter logical_filters.c /php-src/ext/filter/tests 015.phpt 033.phpt Log: MFB: Fixed bug #39898 (FILTER_VALIDATE_URL validates \r\n\t etc). http://cvs.php.net/viewvc.cgi/php-src/ext/filter/logical_filters.c?r1=1.19&r2=1.20&diff_format=u Index: php-src/ext/filter/logical_filters.c diff -u php-src/ext/filter/logical_filters.c:1.19 php-src/ext/filter/logical_filters.c:1.20 --- php-src/ext/filter/logical_filters.c:1.19 Wed Dec 20 14:37:24 2006 +++ php-src/ext/filter/logical_filters.c Wed Dec 20 19:20:22 2006 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: logical_filters.c,v 1.19 2006/12/20 14:37:24 derick Exp $ */ +/* $Id: logical_filters.c,v 1.20 2006/12/20 19:20:22 iliaa Exp $ */ #include "php_filter.h" #include "filter_private.h" @@ -481,6 +481,13 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ { php_url *url; + int old_len = Z_STRLEN_P(value); + + php_filter_url(value, flags, option_array, charset TSRMLS_DC); + + if (Z_TYPE_P(value) != IS_STRING || old_len != Z_STRLEN_P(value)) { + RETURN_VALIDATION_FAILED + } /* Use parse_url - if it returns false, we return NULL */ url = php_url_parse_ex(Z_STRVAL_P(value), Z_STRLEN_P(value)); @@ -490,10 +497,10 @@ } if ( - ((flags & FILTER_FLAG_SCHEME_REQUIRED) && url->scheme == NULL) || - ((flags & FILTER_FLAG_HOST_REQUIRED) && url->host == NULL) || - ((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || - ((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL) + url->scheme == NULL || + /* some schemas allow the host to be empty */ + (url->host == NULL && (strcmp(url->scheme, "mailto") && strcmp(url->scheme, "news") && strcmp(url->scheme, "file"))) || + ((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || ((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL) ) { php_url_free(url); RETURN_VALIDATION_FAILED http://cvs.php.net/viewvc.cgi/php-src/ext/filter/tests/015.phpt?r1=1.8&r2=1.9&diff_format=u Index: php-src/ext/filter/tests/015.phpt diff -u php-src/ext/filter/tests/015.phpt:1.8 php-src/ext/filter/tests/015.phpt:1.9 --- php-src/ext/filter/tests/015.phpt:1.8 Tue Dec 19 14:16:07 2006 +++ php-src/ext/filter/tests/015.phpt Wed Dec 20 19:20:22 2006 @@ -24,6 +24,10 @@ '', -1, array(), +'mailto:[EMAIL PROTECTED]', +'news:news.php.net', +'file://foo/bar', +"http://\r\n/bar", ); foreach ($values as $value) { var_dump(filter_var($value, FILTER_VALIDATE_URL)); @@ -48,18 +52,22 @@ string(31) "http://www.example/img/test.png" string(27) "http://www.example/img/dir/" string(26) "http://www.example/img/dir" -string(28) "http//www.example/wrong/url/" -string(17) "http:/www.example" +bool(false) +bool(false) string(18) "file:///tmp/test.c" string(26) "ftp://ftp.example.com/tmp/" -string(11) "/tmp/test.c" -string(1) "/" bool(false) -string(6) "http:/" -string(5) "http:" -string(4) "http" -string(0) "" -string(2) "-1" +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +string(18) "mailto:[EMAIL PROTECTED]" +string(17) "news:news.php.net" +string(14) "file://foo/bar" bool(false) bool(false) string(10) "http://qwe" @@ -70,4 +78,4 @@ string(42) "http://www.example.com/path/at/the/server/" bool(false) string(40) "http://www.example.com/index.php?a=b&c=d" -Done +Done \ No newline at end of file http://cvs.php.net/viewvc.cgi/php-src/ext/filter/tests/033.phpt?r1=1.7&r2=1.8&diff_format=u Index: php-src/ext/filter/tests/033.phpt diff -u php-src/ext/filter/tests/033.phpt:1.7 php-src/ext/filter/tests/033.phpt:1.8 --- php-src/ext/filter/tests/033.phpt:1.7 Tue Dec 19 14:16:08 2006 +++ php-src/ext/filter/tests/033.phpt Wed Dec 20 19:20:22 2006 @@ -11,7 +11,7 @@ boolean 1 float 1 123 validate_regexp O'Henry -validate_url PHP 1 [EMAIL PROTECTED] http://a.b.c 1.2.3.4 123 123abc<>() O'Henry íí¼ +validate_url http://a.b.c validate_email [EMAIL PROTECTED] validate_ip 1.2.3.4 string PHP 1 [EMAIL PROTECTED] http://a.b.c 1.2.3.4 123 123abc() O'Henry íí¼
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php