diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-05-13 09:36:52 +0200 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2021-01-01 20:08:01 -0800 |
commit | 2d3d72412a6734e19a38ed10f385227a6238e4a6 (patch) | |
tree | 81578dce9403f80fc48d2589949b713e2e543667 /ext/standard/tests/url/bug77423.phpt | |
parent | 662083fc4f3a570f5b9180e80c2ddec86a8fded8 (diff) | |
download | php-git-2d3d72412a6734e19a38ed10f385227a6238e4a6.tar.gz |
Fix #77423: parse_url() will deliver a wrong host to userPHP-7.2
To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only userinfo which
is valid according to RFC 3986 is treated as such.
For consistency with the existing url parsing code, we use ctype
functions, although that is not necessarily correct.
Diffstat (limited to 'ext/standard/tests/url/bug77423.phpt')
-rw-r--r-- | ext/standard/tests/url/bug77423.phpt | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/ext/standard/tests/url/bug77423.phpt b/ext/standard/tests/url/bug77423.phpt new file mode 100644 index 0000000000..be03fe95e2 --- /dev/null +++ b/ext/standard/tests/url/bug77423.phpt @@ -0,0 +1,30 @@ +--TEST-- +Bug #77423 (parse_url() will deliver a wrong host to user) +--FILE-- +<?php +$urls = array( + "http://php.net\@aliyun.com/aaa.do", + "https://example.com\uFF03@bing.com", +); +foreach ($urls as $url) { + var_dump(filter_var($url, FILTER_VALIDATE_URL)); + var_dump(parse_url($url)); +} +?> +--EXPECT-- +bool(false) +array(3) { + ["scheme"]=> + string(4) "http" + ["host"]=> + string(19) "php.net\@aliyun.com" + ["path"]=> + string(7) "/aaa.do" +} +bool(false) +array(2) { + ["scheme"]=> + string(5) "https" + ["host"]=> + string(26) "example.com\uFF03@bing.com" +} |