FILTER_VALIDATE_URL. (iliaa)
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 20??, PHP 5.3.2 RC 2
+- Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL.
+ (Ilia)
+
- Fixed bug #47409 (extract() problem with array containing word "this").
(Ilia, chrisstocktonaz at gmail dot com)
RETURN_VALIDATION_FAILED
}
+ if (url->scheme != NULL && (!strcasecmp(url->scheme, "http") || !strcasecmp(url->scheme, "https"))) {
+ char *e, *s;
+
+ if (url->host == NULL) {
+ goto bad_url;
+ }
+
+ e = url->host + strlen(url->host);
+ s = url->host;
+
+ while (s < e) {
+ if (!isalnum((int)*(unsigned char *)s) && *s != '_' && *s != '.') {
+ goto bad_url;
+ }
+ s++;
+ }
+
+ if (*(e - 1) == '.') {
+ goto bad_url;
+ }
+ }
+
if (
url->scheme == NULL ||
/* some schemas allow the host to be empty */
(url->host == NULL && (strcmp(url->scheme, "mailto") && strcmp(url->scheme, "news") && strcmp(url->scheme, "file"))) ||
((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || ((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
) {
+bad_url:
php_url_free(url);
RETURN_VALIDATION_FAILED
}
projects / php / commitdiff