Edit report at https://bugs.php.net/bug.php?id=51642&edit=1
ID: 51642 Comment by: hairmare at purplehaze dot ch Reported by: graham at grahamweldon dot com Summary: FILTER_VALIDATE_URL should fail if an invalid IP address is used Status: Open Type: Feature/Change Request Package: Filter related Operating System: OSX 10.5.3 PHP Version: 5.2.13 Block user comment: N Private report: N New Comment: FILTER_VALIDATE_URL implements RFC2396 (which does not even mention ip validation). Have you considered ANDing FILTER_VALIDATE_URL with FILTER_VALIDATE_IP like so: <?php $url = 'http://999.123.999.123'; var_dump( filter_var($url, FILTER_VALIDATE_URL) && filter_var(parse_url($url, PHP_URL_HOST), FILTER_VALIDATE_IP) ); Previous Comments: ------------------------------------------------------------------------ [2010-04-26 03:08:50] graham at grahamweldon dot com Fixed OSX Veron number in report. ------------------------------------------------------------------------ [2010-04-23 09:48:52] graham at grahamweldon dot com Description: ------------ Tested using PHP 5.2.13 and PHP 5.3.1 Supply of an invalid IP address as the host part of a URL passes the filter_var validation. I propose that validation should fail if an invalid IP address is provided in URL validation. Test script: --------------- var_dump(filter_var('http://999.123.999.123', FILTER_VALIDATE_URL)); Expected result: ---------------- bool(false) Actual result: -------------- string(22) "http://999.123.999.123" ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=51642&edit=1