#39898 [NEW]: FILTER_VALIDATE_URL validates \r\n\t etc.

Wed, 20 Dec 2006 03:42:44 -0800 

From:             soenke dot ruempler at northclick dot de
Operating system: Linux
PHP version:      5.2.0
PHP Bug Type:     Filter related
Bug description:  FILTER_VALIDATE_URL validates \r\n\t etc.

Description:
------------
FILTER_VALIDATE_URL does validate CR, LF and TAB. I don't know if some RFC
does allow this theory but practically this makes the URL filter completely
unusable.

Additionally it would be nice if the filter was more restrictive by
default. Requiring scheme and host part is essential in 99,999999% of use
cases. More useful would be flags like FILTER_FLAG_SCHEME_NOT_REQUIRED,
FILTER_FLAG_HOST_NOT_REQUIRED ... 

Reproduce code:
---------------
$ php -r "var_dump(filter_var(\"blah\n\n\t\rblubäö\",
FILTER_VALIDATE_URL));"



Expected result:
----------------
bool(false)


Actual result:
--------------
string(14) "blah

blubäö"

-- 
Edit bug report at http://bugs.php.net/?id=39898&edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=39898&r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=39898&r=trysnapshot52
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=39898&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=39898&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=39898&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=39898&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=39898&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=39898&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=39898&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=39898&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=39898&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=39898&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=39898&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=39898&r=php3
Daylight Savings:             http://bugs.php.net/fix.php?id=39898&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=39898&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=39898&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=39898&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=39898&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=39898&r=mysqlcfg

Reply via email to