Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL.

2025-08-18 06:58:55 +02:00 · 2009-12-24 18:47:15 +00:00 · 2009-12-24 18:47:15 +00:00 · c2296af6a6
commit c2296af6a6
parent 207d9133ca
2 changed files with 26 additions and 0 deletions
--- a/3
+++ b/3
@ -1,6 +1,9 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 20??, PHP 5.3.3
+- Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL.
+  (Ilia)
+
 - Fixed bug #47409 (extract() problem with array containing word "this").
  (Ilia, chrisstocktonaz at gmail dot com)

--- a/ext/filter/logical_filters.c
+++ b/ext/filter/logical_filters.c
@ -456,12 +456,35 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 		RETURN_VALIDATION_FAILED
 	}

+	if (url->scheme != NULL && (!strcasecmp(url->scheme, "http") || !strcasecmp(url->scheme, "https"))) {
+		char *e, *s;
+
+		if (url->host == NULL) {
+			goto bad_url;
+		}
+
+		e = url->host + strlen(url->host);
+		s = url->host;
+
+		while (s < e) {
+			if (!isalnum((int)*(unsigned char *)s) && *s != '_' && *s != '.') {
+				goto bad_url;
+			}
+			s++;
+		}
+
+		if (*(e - 1) == '.') {
+			goto bad_url;
+		}
+	}
+
 	if (
 		url->scheme == NULL || 
 		/* some schemas allow the host to be empty */
 		(url->host == NULL && (strcmp(url->scheme, "mailto") && strcmp(url->scheme, "news") && strcmp(url->scheme, "file"))) ||
 		((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || ((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
 	) {
+bad_url:
 		php_url_free(url);
 		RETURN_VALIDATION_FAILED
 	}