Bug #53924 [Com]: FILTER_VALIDATE_URL doesn't validate port numbers

aaz at althenia dot net Fri, 04 Feb 2011 06:34:45 -0800

Edit report at http://bugs.php.net/bug.php?id=53924&edit=1


 ID:                 53924
 Comment by:         aaz at althenia dot net
 Reported by:        ahar...@php.net
 Summary:            FILTER_VALIDATE_URL doesn't validate port numbers
 Status:             Open
 Type:               Bug
 Package:            Filter related
 Operating System:   Irrelevant
 PHP Version:        trunk-SVN-2011-02-04 (SVN)
 Block user comment: N
 Private report:     N

 New Comment:

Thanks.



Since this filter uses parse_url() internally, I suggest the easiest

fix would be to make parse_url() return FALSE here.



Note that parse_url() already does some validation of the port number:



   parse_url('http://example.com:12345');  // OK

   parse_url('http://example.com:123456'); // FALSE


Previous Comments:
------------------------------------------------------------------------
[2011-02-04 12:18:52] ahar...@php.net

Description:
------------
Non-integer port numbers are currently validated as OK by
FILTER_VALIDATE_URL, 

per a comment in bug #53901.

Test script:
---------------
<?php

var_dump(filter_var('http://example.com:qq', FILTER_VALIDATE_URL));

?>

Expected result:
----------------
bool(false)

Actual result:
--------------
string(21) "http://example.com:qq";


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=53924&edit=1

Bug #53924 [Com]: FILTER_VALIDATE_URL doesn't validate port numbers

Reply via email to