Edit report at http://bugs.php.net/bug.php?id=53924&edit=1
ID: 53924 Updated by: il...@php.net Reported by: ahar...@php.net Summary: FILTER_VALIDATE_URL doesn't validate port numbers -Status: Open +Status: Closed Type: Bug Package: Filter related Operating System: Irrelevant PHP Version: trunk-SVN-2011-02-04 (SVN) -Assigned To: +Assigned To: iliaa Block user comment: N Private report: N New Comment: This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2011-02-04 22:41:17] il...@php.net Automatic comment from SVN on behalf of iliaa Revision: http://svn.php.net/viewvc/?view=revision&revision=308035 Log: Fixed bug #53924 (FILTER_VALIDATE_URL doesn't validate port number). ------------------------------------------------------------------------ [2011-02-04 15:34:31] aaz at althenia dot net Thanks. Since this filter uses parse_url() internally, I suggest the easiest fix would be to make parse_url() return FALSE here. Note that parse_url() already does some validation of the port number: parse_url('http://example.com:12345'); // OK parse_url('http://example.com:123456'); // FALSE ------------------------------------------------------------------------ [2011-02-04 12:18:52] ahar...@php.net Description: ------------ Non-integer port numbers are currently validated as OK by FILTER_VALIDATE_URL, per a comment in bug #53901. Test script: --------------- <?php var_dump(filter_var('http://example.com:qq', FILTER_VALIDATE_URL)); ?> Expected result: ---------------- bool(false) Actual result: -------------- string(21) "http://example.com:qq"; ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=53924&edit=1
