Edit report at http://bugs.php.net/bug.php?id=54759&edit=1
ID: 54759 User updated by: alexander_leroux at mcafee dot com Reported by: alexander_leroux at mcafee dot com Summary: parse_url function turns a tab character into an underscore Status: Bogus Type: Bug Package: HTTP related Operating System: Windows Server 2008 R2 PHP Version: 5.3.6 Block user comment: N Private report: N New Comment: filter_var($var, FILTER_VALIDATE_URL) doesn't handle IPv6 addresses so I can't use it. I've gotten around the problem. I just didn't realize _ was replacing invalid characters. Previous Comments: ------------------------------------------------------------------------ [2011-05-16 22:25:00] dtajchre...@php.net php.net/parse_url explains all of this: "This function is not meant to validate the given URL, it only breaks it up into the above listed parts. Partial URLs are also accepted, parse_url() tries its best to parse them correctly." "The URL to parse. Invalid characters are replaced by _." filter_var($var, FILTER_VALIDATE_URL) should do what you're looking for. [1] php.net/filter_var [2] http://codepad.viper-7.com/M2LQor ------------------------------------------------------------------------ [2011-05-16 22:07:21] alexander_leroux at mcafee dot com Description: ------------ The parse_url function turns the tab character into an underscore. This turns an invalid URL into a valid one. If you are attempting to validate user input with parse_url then it will pass validation even though tab is an invalid character in a host name or FQDN. It may be difficult to see in the example below but there is a tab. Test script: --------------- <?php $host = "http://test url"; var_dump(parse_url($host)); ?> Expected result: ---------------- array(2) { ["scheme"]=> string(4) "http" ["host"]=> string(8) "test url" } or array(2) { ["scheme"]=> string(4) "http" ["host"]=> string(8) "test\turl" } Actual result: -------------- array(2) { ["scheme"]=> string(4) "http" ["host"]=> string(8) "test_url" } ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=54759&edit=1