Bug #54255 [Com]: FILTER_VALIDATE_URL does not allow - in domain name

Tue, 15 Mar 2011 15:01:15 -0700 

Edit report at http://bugs.php.net/bug.php?id=54255&edit=1

 ID:                 54255
 Comment by:         nm at web dot am
 Reported by:        nm at web dot am
 Summary:            FILTER_VALIDATE_URL does not allow - in domain name
 Status:             Bogus
 Type:               Bug
 Package:            Filter related
 Operating System:   Linux
 PHP Version:        5.3.5
 Block user comment: N
 Private report:     N

 New Comment:

What the f...bug!



changed http to hxxp to prevent spam detection :) change back while
testing.



Let's compare the results:



Ubuntu 10.10, Linux eniac 2.6.36-020636-generic #201010210905 SMP Thu
Oct 21 09:08:58 UTC 2010 x86_64 GNU/Linux, PHP 5.3.3-1ubuntu9.3 with
Suhosin-Patch (cli) (built: Jan 12 2011 16:07:38) ,  package: php5
5.3.3-1ubuntu9.3 



works as expected. 

@eniac ~> php -r 'var_dump(filter_var("hxxp://asd_asd.de",
FILTER_VALIDATE_URL));'

bool(false)

@eniac ~> php -r 'var_dump(filter_var("hxxp://asd-asd.de",
FILTER_VALIDATE_URL));'

string(17) "http://asd-asd.de";

@eniac ~> 





CentOS 5, 2.6.18-194.8.1.el5.028stab070.5 , PHP 5.2.9 



@www1 ~> php -r 'var_dump(filter_var("hxxp://asd_asd.de",
FILTER_VALIDATE_URL));'

string(17) "http://asd_asd.de";

@www1 ~> php -r 'var_dump(filter_var("hxxp://asd-asd.de",
FILTER_VALIDATE_URL));'

string(17) "http://asd-asd.de";



well, this is the bug, but fixed in upstream.





FreeBSD 8.0-RELEASE-p4,  PHP 5.3.5 with Suhosin-Patch (cli) (built: Mar
14 2011 17:47:34), package php5-5.3.5 (compiled from ports)



@www-backup ...db/pkg> php -r 'var_dump(filter_var("hxxp://asd_asd.de",
FILTER_VALIDATE_URL));'

string(17) "http://asd_asd.de";

@www-backup ...db/pkg> php -r 'var_dump(filter_var("hxxp://asd-asd.de",
FILTER_VALIDATE_URL));'

bool(false)

@www-backup ...db/pkg> 





What is wrong with it on FreeBSD ?????



Seems that it is more build or OS related problem, than php itself.


Previous Comments:
------------------------------------------------------------------------
[2011-03-15 15:39:25] ras...@php.net

Oh, and:



# php -r 'var_dump(filter_var("http://ea_sd.com";,
FILTER_VALIDATE_URL));'

bool(false)

------------------------------------------------------------------------
[2011-03-15 15:38:21] ras...@php.net

# php -v

PHP 5.3.5 (cli) (built: Mar 15 2011 07:36:59) 



# php -r 'var_dump(filter_var("http://ea-sd.com";,
FILTER_VALIDATE_URL));'

string(16) "http://ea-sd.com";

------------------------------------------------------------------------
[2011-03-15 09:56:49] nm at web dot am

Description:
------------
FILTER_VALIDATE_URL documentatin says that it does filtering according
to  rfc2396, but in fact filter_var fails to conform RFC.



Hostname definition in rfc is as follows:



hostport      = host [ ":" port ]

host          = hostname | IPv4address

hostname      = *( domainlabel "." ) toplabel [ "." ]

domainlabel   = alphanum | alphanum *( alphanum | "-" ) alphanum

toplabel      = alpha | alpha *( alphanum | "-" ) alphanum





so it should allow "-" dash symbol in domainnames (both domain name and
TLD name).



In other hand it SHOULD NOT allow "_" symbol in the domain name, as it
is against specification (right now it allows).

 

Test script:
---------------
first case also should validate successfully  



php -r 'var_dump(filter_var("http://ea-sd.com";, FILTER_VALIDATE_URL));'

bool(false)



php -r 'var_dump(filter_var("http://easd.com";, FILTER_VALIDATE_URL));'

string(15) "http://easd.com";







------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=54255&edit=1

Reply via email to