From 61e72d1a40937a7624c5721c108cae5fb9c8ecd3 Mon Sep 17 00:00:00 2001
From: Rasmus Lerdorf <rasmus@php.net>
Date: Wed, 31 Mar 2010 23:56:30 +0000
Subject: [PATCH] Fix FILTER_VALIDATE_URL - Host names can't start with '.' or
 '-'

---
 ext/filter/logical_filters.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
index 28fae50226..008b0780c0 100644
--- a/ext/filter/logical_filters.c
+++ b/ext/filter/logical_filters.c
@@ -465,6 +465,11 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 		e = url->host + strlen(url->host);
 		s = url->host;
 
+		/* First char of hostname must be alphanumeric */
+		if(!isalnum((int)*(unsigned char *)s)) { 
+			goto bad_url;
+		}
+
 		while (s < e) {
 			if (!isalnum((int)*(unsigned char *)s) && *s != '-' && *s != '.') {
 				goto bad_url;
-- 
2.40.0