duangu4943 2013-04-30 07:19
浏览 85

filter_var对于URL不正确

i'm trying to use filter_var to validate URLs that have been entered by a user, but it seems not to work in all cases. I've requested a fix for this some time ago on PHP.net, but to no avail.

Besides regexes (yes, a few have been posted on stackoverflow), is there a PHP version that does work or any other method?

The problem I'm facing is that the following string get's validated, which should not:

http://http://www.google.com

Test script:

$url = $_REQUEST['url'];

if (filter_var("http://" . $url, FILTER_VALIDATE_URL)) 

   $filter="true"; 

else 

   $filter="false";

echo "Filter var result of concat with http is:" . $filter . "<br>";

Expected result:

I expect it to return false when i run the script with http://www.google.com and true when i run it with www.google.com

Actual result:

It returns true in both cases

  • 写回答

2条回答 默认 最新

  • duanfan1965 2013-05-02 12:19
    关注

    If the bug you reported is anything to go by, filter_var() validates a url by parsing it parse_url() and checking whether the resulting array is sane.

    Therefor, glue it back together and validate that they're equal if you want something more strict.

    Here's a reasonable glue_url function:

    http://doc.habariproject.org/inputfilter_8php_source.html#l00324

    Then:

    $valid_url = ($url == glue_url(parse_url($url)));

    Optionally, also check for "http://$url" if no protocol is supplied.

    评论

报告相同问题?

悬赏问题

  • ¥15 关于#目标检测#的问题:大概就是类似后台自动检测某下架商品的库存,在他监测到该商品上架并且可以购买的瞬间点击立即购买下单
  • ¥15 神经网络怎么把隐含层变量融合到损失函数中?
  • ¥30 自适应 LMS 算法实现 FIR 最佳维纳滤波器matlab方案
  • ¥15 lingo18勾选global solver求解使用的算法
  • ¥15 全部备份安卓app数据包括密码,可以复制到另一手机上运行
  • ¥20 测距传感器数据手册i2c
  • ¥15 RPA正常跑,cmd输入cookies跑不出来
  • ¥15 求帮我调试一下freefem代码
  • ¥15 matlab代码解决,怎么运行
  • ¥15 R语言Rstudio突然无法启动