Edit report at https://bugs.php.net/bug.php?id=51642&edit=1
ID: 51642
Comment by: hairmare at purplehaze dot ch
Reported by: graham at grahamweldon dot com
Summary: FILTER_VALIDATE_URL should fail if an invalid IP
address is used
Status: Open
Type: Feature/Change Request
Package: Filter related
Operating System: OSX 10.5.3
PHP Version: 5.2.13
Block user comment: N
Private report: N
New Comment:
FILTER_VALIDATE_URL implements RFC2396 (which does not even mention ip
validation). Have you considered ANDing FILTER_VALIDATE_URL with
FILTER_VALIDATE_IP like so:
<?php
$url = 'http://999.123.999.123';
var_dump(
filter_var($url, FILTER_VALIDATE_URL) &&
filter_var(parse_url($url, PHP_URL_HOST), FILTER_VALIDATE_IP)
);
Previous Comments:
------------------------------------------------------------------------
[2010-04-26 03:08:50] graham at grahamweldon dot com
Fixed OSX Veron number in report.
------------------------------------------------------------------------
[2010-04-23 09:48:52] graham at grahamweldon dot com
Description:
------------
Tested using PHP 5.2.13 and PHP 5.3.1
Supply of an invalid IP address as the host part of a URL passes the filter_var
validation.
I propose that validation should fail if an invalid IP address is provided in
URL
validation.
Test script:
---------------
var_dump(filter_var('http://999.123.999.123', FILTER_VALIDATE_URL));
Expected result:
----------------
bool(false)
Actual result:
--------------
string(22) "http://999.123.999.123";
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=51642&edit=1
