Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL.

author: Ilia Alshanetsky <iliaa@php.net> 2009-12-24 18:47:15 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2009-12-24 18:47:15 +0000
commit: c2296af6a68d79ca07556c41e695989f905b7ec1 (patch)
tree: 656ad05e4ec5da262650880745db925b2b1b06cc /ext/filter
parent: 207d9133cac00720c06e1ba15b68e1b0e9b24f7f (diff)
download: php-git-c2296af6a68d79ca07556c41e695989f905b7ec1.tar.gz
1 files changed, 23 insertions, 0 deletions
diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
index 2b72de1c2c..4865cffa43 100644
--- a/ext/filter/logical_filters.c
+++ b/ext/filter/logical_filters.c
@@ -456,12 +456,35 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 		RETURN_VALIDATION_FAILED
 	}
 
+	if (url->scheme != NULL && (!strcasecmp(url->scheme, "http") || !strcasecmp(url->scheme, "https"))) {
+		char *e, *s;
+
+		if (url->host == NULL) {
+			goto bad_url;
+		}
+
+		e = url->host + strlen(url->host);
+		s = url->host;
+
+		while (s < e) {
+			if (!isalnum((int)*(unsigned char *)s) && *s != '_' && *s != '.') {
+				goto bad_url;
+			}
+			s++;
+		}
+
+		if (*(e - 1) == '.') {
+			goto bad_url;
+		}
+	}
+
 	if (
 		url->scheme == NULL || 
 		/* some schemas allow the host to be empty */
 		(url->host == NULL && (strcmp(url->scheme, "mailto") && strcmp(url->scheme, "news") && strcmp(url->scheme, "file"))) ||
 		((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || ((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
 	) {
+bad_url:
 		php_url_free(url);
 		RETURN_VALIDATION_FAILED
 	}
author	Ilia Alshanetsky <iliaa@php.net>	2009-12-24 18:47:15 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2009-12-24 18:47:15 +0000
commit	c2296af6a68d79ca07556c41e695989f905b7ec1 (patch)
tree	656ad05e4ec5da262650880745db925b2b1b06cc /ext/filter
parent	207d9133cac00720c06e1ba15b68e1b0e9b24f7f (diff)
download	php-git-c2296af6a68d79ca07556c41e695989f905b7ec1.tar.gz