diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2021-01-19 11:23:25 +0100 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2021-01-26 22:54:58 -0800 |
commit | 4a89e726bd4d0571991dc22a9a1ad4509e8fe347 (patch) | |
tree | 6a765ee94c98576275a55e7d87501ed351656cae /ext/standard/tests/strings | |
parent | 491488d21707062fa8e9b9187db3585fb0d347da (diff) | |
download | php-git-4a89e726bd4d0571991dc22a9a1ad4509e8fe347.tar.gz |
Alternative fix for bug 77423
That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the changes to `parse_url_ex()` apparently affect userland code
which is relying on the sloppy URL parsing[1], this alternative
restores the old parsing behavior, but ensures that the userinfo is
checked for correctness for `FILTER_VALIDATE_URL`.
[1] <https://github.com/php/php-src/commit/5174de7cd33c3d4fa591c9c93859ff9989b07e8c#commitcomment-45967652>
Diffstat (limited to 'ext/standard/tests/strings')
-rw-r--r-- | ext/standard/tests/strings/url_t.phpt | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/ext/standard/tests/strings/url_t.phpt b/ext/standard/tests/strings/url_t.phpt index f564f59f06..79ff3bc4a8 100644 --- a/ext/standard/tests/strings/url_t.phpt +++ b/ext/standard/tests/strings/url_t.phpt @@ -575,13 +575,15 @@ $sample_urls = array ( string(16) "some_page_ref123" } ---> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(6) { +--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(7) { ["scheme"]=> string(4) "http" ["host"]=> - string(26) "secret@hideout@www.php.net" + string(11) "www.php.net" ["port"]=> int(80) + ["user"]=> + string(14) "secret@hideout" ["path"]=> string(10) "/index.php" ["query"]=> |