Edit report at http://bugs.php.net/bug.php?id=54255&edit=1
ID: 54255 Comment by: nm at web dot am Reported by: nm at web dot am Summary: FILTER_VALIDATE_URL does not allow - in domain name Status: Bogus Type: Bug Package: Filter related Operating System: Linux PHP Version: 5.3.5 Block user comment: N Private report: N New Comment: What the f...bug! changed http to hxxp to prevent spam detection :) change back while testing. Let's compare the results: Ubuntu 10.10, Linux eniac 2.6.36-020636-generic #201010210905 SMP Thu Oct 21 09:08:58 UTC 2010 x86_64 GNU/Linux, PHP 5.3.3-1ubuntu9.3 with Suhosin-Patch (cli) (built: Jan 12 2011 16:07:38) , package: php5 5.3.3-1ubuntu9.3 works as expected. @eniac ~> php -r 'var_dump(filter_var("hxxp://asd_asd.de", FILTER_VALIDATE_URL));' bool(false) @eniac ~> php -r 'var_dump(filter_var("hxxp://asd-asd.de", FILTER_VALIDATE_URL));' string(17) "http://asd-asd.de" @eniac ~> CentOS 5, 2.6.18-194.8.1.el5.028stab070.5 , PHP 5.2.9 @www1 ~> php -r 'var_dump(filter_var("hxxp://asd_asd.de", FILTER_VALIDATE_URL));' string(17) "http://asd_asd.de" @www1 ~> php -r 'var_dump(filter_var("hxxp://asd-asd.de", FILTER_VALIDATE_URL));' string(17) "http://asd-asd.de" well, this is the bug, but fixed in upstream. FreeBSD 8.0-RELEASE-p4, PHP 5.3.5 with Suhosin-Patch (cli) (built: Mar 14 2011 17:47:34), package php5-5.3.5 (compiled from ports) @www-backup ...db/pkg> php -r 'var_dump(filter_var("hxxp://asd_asd.de", FILTER_VALIDATE_URL));' string(17) "http://asd_asd.de" @www-backup ...db/pkg> php -r 'var_dump(filter_var("hxxp://asd-asd.de", FILTER_VALIDATE_URL));' bool(false) @www-backup ...db/pkg> What is wrong with it on FreeBSD ????? Seems that it is more build or OS related problem, than php itself. Previous Comments: ------------------------------------------------------------------------ [2011-03-15 15:39:25] ras...@php.net Oh, and: # php -r 'var_dump(filter_var("http://ea_sd.com", FILTER_VALIDATE_URL));' bool(false) ------------------------------------------------------------------------ [2011-03-15 15:38:21] ras...@php.net # php -v PHP 5.3.5 (cli) (built: Mar 15 2011 07:36:59) # php -r 'var_dump(filter_var("http://ea-sd.com", FILTER_VALIDATE_URL));' string(16) "http://ea-sd.com" ------------------------------------------------------------------------ [2011-03-15 09:56:49] nm at web dot am Description: ------------ FILTER_VALIDATE_URL documentatin says that it does filtering according to rfc2396, but in fact filter_var fails to conform RFC. Hostname definition in rfc is as follows: hostport = host [ ":" port ] host = hostname | IPv4address hostname = *( domainlabel "." ) toplabel [ "." ] domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum toplabel = alpha | alpha *( alphanum | "-" ) alphanum so it should allow "-" dash symbol in domainnames (both domain name and TLD name). In other hand it SHOULD NOT allow "_" symbol in the domain name, as it is against specification (right now it allows). Test script: --------------- first case also should validate successfully php -r 'var_dump(filter_var("http://ea-sd.com", FILTER_VALIDATE_URL));' bool(false) php -r 'var_dump(filter_var("http://easd.com", FILTER_VALIDATE_URL));' string(15) "http://easd.com" ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=54255&edit=1