| #
4a89e726 |
| 19-Jan-2021 |
Christoph M. Becker |
Alternative fix for bug 77423
That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the cha
Alternative fix for bug 77423
That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the changes to `parse_url_ex()` apparently affect userland code
which is relying on the sloppy URL parsing[1], this alternative
restores the old parsing behavior, but ensures that the userinfo is
checked for correctness for `FILTER_VALIDATE_URL`.
[1] <https://github.com/php/php-src/commit/5174de7cd33c3d4fa591c9c93859ff9989b07e8c#commitcomment-45967652>
show more ...
|
| #
5174de7c |
| 13-May-2020 |
Christoph M. Becker |
Fix #77423: parse_url() will deliver a wrong host to user
To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only us
Fix #77423: parse_url() will deliver a wrong host to user
To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only userinfo which
is valid according to RFC 3986 is treated as such.
For consistency with the existing url parsing code, we use ctype
functions, although that is not necessarily correct.
show more ...
|
| #
b132da7f |
| 13-May-2020 |
Christoph M. Becker |
Fix #77423: parse_url() will deliver a wrong host to user
To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only us
Fix #77423: parse_url() will deliver a wrong host to user
To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only userinfo which
is valid according to RFC 3986 is treated as such.
For consistency with the existing url parsing code, we use ctype
functions, although that is not necessarily correct.
show more ...
|
| #
2d3d7241 |
| 13-May-2020 |
Christoph M. Becker |
Fix #77423: parse_url() will deliver a wrong host to user
To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only us
Fix #77423: parse_url() will deliver a wrong host to user
To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only userinfo which
is valid according to RFC 3986 is treated as such.
For consistency with the existing url parsing code, we use ctype
functions, although that is not necessarily correct.
show more ...
|
| #
81b2f3e5 |
| 20-Sep-2020 |
Christoph M. Becker |
Fix #80114: parse_url does not accept URLs with port 0
URIs with a 0 port are generally valid, so `parse_url()` should
recognize such URIs, but still report the port as missing.
Fix #80114: parse_url does not accept URLs with port 0
URIs with a 0 port are generally valid, so `parse_url()` should
recognize such URIs, but still report the port as missing.
Co-authored-by: twosee <twose@qq.com>
Closes GH-6152.
show more ...
|
| #
54dbd3ec |
| 02-Sep-2020 |
Nikita Popov |
Fix binary-safety of parse_url
php_parse_url() is intended to support strings that are not zero
terminated. We can't use strcspn in the implementation.
As we have two uses of st
Fix binary-safety of parse_url
php_parse_url() is intended to support strings that are not zero
terminated. We can't use strcspn in the implementation.
As we have two uses of strcspn, add a helper.
show more ...
|
| #
b5c7a83d |
| 24-Jun-2020 |
Máté Kocsis |
Remove unnecessary PHPDoc-alike blocks from tests
Closes GH-5759
|
| #
f8d79582 |
| 03-Feb-2020 |
Nikita Popov |
Reindent phpt files
|
|
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1 |
|
| #
26dfce7f |
| 15-Mar-2019 |
Fabien Villepinte |
Replace dirname(__FILE__) by __DIR__ in tests
|
|
Revision tags: php-7.1.27, php-7.3.3, php-7.2.16, php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2, php-7.2.15RC1, php-7.3.2RC1, php-5.6.40, php-7.1.26, php-7.3.1, php-7.2.14, php-7.2.14RC1, php-7.3.1RC1, php-5.6.39, php-7.1.25, php-7.2.13, php-7.0.33, php-7.3.0, php-7.1.25RC1, php-7.2.13RC1, php-7.3.0RC6, php-7.1.24, php-7.2.12, php-7.3.0RC5, php-7.1.24RC1, php-7.2.12RC1, php-7.3.0RC4 |
|
| #
d7a3edd4 |
| 14-Oct-2018 |
Peter Kokot |
Trim trailing whitespace in *.phpt
|
| #
782352c5 |
| 14-Oct-2018 |
Peter Kokot |
Trim trailing whitespace in *.phpt
|
| #
17ccbeec |
| 14-Oct-2018 |
Peter Kokot |
Trim trailing whitespace in *.phpt
|
| #
7af945e2 |
| 14-Oct-2018 |
Peter Kokot |
Trim trailing whitespace in *.phpt
|
|
Revision tags: php-7.1.23, php-7.2.11, php-7.3.0RC3, php-7.1.23RC1, php-7.2.11RC1, php-7.3.0RC2 |
|
| #
9c144e0d |
| 16-Sep-2018 |
Gabriel Caruso |
Trim trailing whitespace in tests
|
|
Revision tags: php-5.6.38, php-7.1.22, php-7.3.0RC1, php-7.2.10, php-7.0.32, php-7.1.22RC1, php-7.3.0beta3, php-7.2.10RC1, php-7.1.21, php-7.2.9, php-7.3.0beta2, php-7.1.21RC1, php-7.3.0beta1, php-7.2.9RC1, php-5.6.37, php-7.1.20, php-7.3.0alpha4, php-7.0.31, php-7.2.8, php-7.1.20RC1, php-7.2.8RC1, php-7.3.0alpha3, php-7.3.0alpha2, php-7.1.19, php-7.2.7, php-7.1.19RC1, php-7.3.0alpha1, php-7.2.7RC1, php-7.1.18, php-7.2.6, php-7.2.6RC1, php-7.1.18RC1, php-5.6.36, php-7.2.5, php-7.1.17, php-7.0.30, php-7.1.17RC1, php-7.2.5RC1, php-5.6.35, php-7.0.29, php-7.2.4, php-7.1.16, php-7.1.16RC1, php-7.2.4RC1, php-7.1.15, php-5.6.34, php-7.2.3, php-7.0.28 |
|
| #
ded3d984 |
| 19-Feb-2018 |
Gabriel Caruso |
Use EXPECT instead of EXPECTF when possible
EXPECTF logic in run-tests.php is considerable, so let's avoid it.
|
|
Revision tags: php-7.2.3RC1, php-7.1.15RC1, php-7.1.14, php-7.2.2, php-7.1.14RC1, php-7.2.2RC1, php-7.1.13, php-5.6.33, php-7.2.1, php-7.0.27, php-7.2.1RC1, php-7.1.13RC1, php-7.0.27RC1, php-7.2.0, php-7.1.12, php-7.0.26, php-7.1.12RC1, php-7.2.0RC6, php-7.0.26RC1, php-7.1.11, php-5.6.32, php-7.2.0RC5, php-7.0.25, php-7.1.11RC1, php-7.2.0RC4, php-7.0.25RC1, php-7.1.10, php-7.2.0RC3, php-7.0.24, php-7.2.0RC2, php-7.1.10RC1, php-7.0.24RC1, php-7.1.9, php-7.2.0RC1, php-7.0.23, php-7.1.9RC1, php-7.2.0beta3, php-7.0.23RC1, php-7.1.8, php-7.2.0beta2, php-7.0.22, php-7.1.8RC1, php-7.2.0beta1, php-7.0.22RC1, php-5.6.31, php-7.0.21, php-7.1.7, php-7.2.0alpha3, php-7.1.7RC1, php-7.0.21RC1, php-7.2.0alpha2, php-7.1.6, php-7.2.0alpha1, php-7.0.20, php-7.1.6RC1, php-7.0.20RC1, php-7.1.5, php-7.0.19, php-7.0.19RC1, php-7.1.5RC1, php-7.1.4, php-7.0.18, php-7.1.4RC1, php-7.0.18RC1, php-7.1.3, php-7.0.17, php-7.1.3RC1, php-7.0.17RC1, php-7.1.2, php-7.0.16, php-7.0.16RC1, php-7.1.2RC1, php-5.6.30, php-7.0.15, php-5.6.30RC1, php-7.1.1RC1, php-7.0.15RC1, php-7.1.1, php-5.6.29, php-7.0.14, php-7.1.0, php-5.6.29RC1, php-7.0.14RC1, php-7.1.0RC6, php-5.6.28, php-7.0.13, php-5.6.28RC1, php-7.1.0RC5, php-7.0.13RC1, php-7.1.0RC4, php-5.6.27, php-7.0.12 |
|
| #
b061fa90 |
| 07-Oct-2016 |
Nikita Popov |
Fix bug #73192
|
| #
1c468ee0 |
| 07-Oct-2016 |
Nikita Popov |
Revert "Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986"
This reverts commit 085dfca02b64588317a233eb191d07a75511fff2.
|
|
Revision tags: php-7.1.0RC3, php-5.6.27RC1, php-7.0.12RC1, php-5.6.26, php-7.1.0RC2, php-7.0.11, php-5.6.26RC1, php-7.1.0RC1, php-7.0.11RC1, php-7.1.0beta3, php-5.6.25, php-7.0.10, php-7.1.0beta2, php-5.6.25RC1, php-7.0.10RC1, php-7.1.0beta1, php-5.6.24, php-7.0.9, php-5.5.38, php-5.6.24RC1, php-7.1.0alpha3, php-7.0.9RC1, php-7.1.0alpha2, php-7.0.8, php-5.6.23, php-5.5.37, php-5.6.23RC1, php-7.0.8RC1, php-7.1.0alpha1, php-5.6.22, php-5.5.36, php-7.0.7, php-5.6.22RC1, php-7.0.7RC1, php-7.0.6, php-5.6.21, php-5.5.35, php-5.6.21RC1, php-7.0.6RC1, php-5.6.20, php-5.5.34, php-7.0.5, php-5.6.20RC1, php-7.0.5RC1, php-5.6.19, php-5.5.33, php-7.0.4, php-5.6.19RC1, php-7.0.4RC1, php-5.6.18, php-7.0.3, php-5.5.32, php-5.6.18RC1, php-7.0.3RC1, php-5.6.17, php-5.5.31, php-7.0.2, php-7.0.2RC1, php-5.6.17RC1, php-7.0.1RC1, php-7.0.0, php-5.6.16, php-7.0.0RC8, php-7.0.0RC7, php-5.6.16RC1, php-5.6.15 |
|
| #
085dfca0 |
| 27-Oct-2015 |
Ilia Alshanetsky |
Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986
|
| #
e2add3ed |
| 21-Jun-2016 |
Julien Pauli |
Fixed parse_url() for better compliance with RFC3986
|
| #
f705063e |
| 27-Oct-2015 |
Ilia Alshanetsky |
Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986
|
|
Revision tags: php-7.0.0RC6, php-7.0.1, php-5.6.15RC1, php-7.0.0RC5, php-5.5.30, php-5.6.14, php-7.0.0RC4, php-5.6.14RC1, php-7.0.0RC3, php-5.6.13, php-7.0.0RC2, php-5.5.29, php-5.4.45, php-5.6.13RC1, php-7.0.0RC1, php-5.6.12, php-5.5.28, php-7.0.0beta3, php-5.4.44, php-5.6.12RC1, php-7.0.0beta2, php-7.0.0beta1, php-5.6.11, php-5.5.27, php-5.4.43, php-5.6.11RC1, php-5.5.27RC1, php-7.0.0alpha2, php-5.5.26, php-7.0.0alpha1, php-5.6.10, php-5.4.42, POST_PHP7_NSAPI_REMOVAL, PRE_PHP7_NSAPI_REMOVAL, php-5.6.10RC1, php-5.5.26RC1, php-5.5.25, php-5.6.9, php-5.4.41, php-5.6.9RC1, php-5.5.25RC1, php-5.6.8, php-5.5.24, php-5.4.40, php-5.6.8RC1, php-5.5.24RC1, php-5.6.7, php-5.5.23, php-5.4.39, php-5.6.7RC1, php-5.5.23RC1, POST_PHP7_EREG_MYSQL_REMOVALS, PRE_PHP7_EREG_MYSQL_REMOVALS, php-5.6.6, php-5.5.22, php-5.4.38, POST_PHP7_REMOVALS, PRE_PHP7_REMOVALS, php-5.6.6RC1, php-5.5.22RC1, php-5.5.21, php-5.6.5, php-5.4.37, php-5.5.21RC1, php-5.6.5RC1, POST_NATIVE_TLS_MERGE, PRE_NATIVE_TLS_MERGE, php-5.5.20, php-5.4.36, php-5.6.4, php-5.6.4RC1, php-5.5.20RC1, php-5.6.3, php-5.5.19, php-5.4.35, php-5.6.3RC1, php-5.5.19RC1, php-5.5.18, php-5.4.34 |
|
| #
d0e51f5c |
| 05-Oct-2014 |
Tjerk Meesters |
Fixed bug #68129
Empty usernames and passwords are now treated differently from no username or password
For example, empty password:
ftp://user:@example.org
Em
Fixed bug #68129
Empty usernames and passwords are now treated differently from no username or password
For example, empty password:
ftp://user:@example.org
Empty username:
ftp://:password@example.org
Empty username and empty password
ftp://:@example.org
show more ...
|
|
Revision tags: php-5.5.18RC1, php-5.6.1, php-5.6.2, php-5.4.33, php-5.5.17, php-5.6.1RC1, php-5.5.17RC1, php-5.4.33RC1, php-5.6.0, POST_AST_MERGE, PRE_AST_MERGE, POST_64BIT_BRANCH_MERGE, PRE_64BIT_BRANCH_MERGE, php-5.5.16, php-5.4.32, POST_PHPNG_MERGE, PRE_PHPNG_MERGE, php-5.6.0RC4, php-5.3.29, php-5.5.16RC1, php-5.4.32RC1, php-5.3.29RC1, php-5.6.0RC3, php-5.5.15, php-5.4.31, php-5.4.31RC1, php-5.5.15RC1, php-5.6.0RC2, php-5.4.30, php-5.5.14, php-5.6.0RC1, php-5.5.14RC1, php-5.4.30RC1, php-5.6.0beta4, php-5.4.29, php-5.5.13, php-5.5.13RC1, php-5.6.0beta3, php-5.4.29RC1, php-5.6.0beta2, php-5.5.12, php-5.4.28 |
|
| #
03c703b8 |
| 25-Apr-2014 |
Stanislav Malyshev |
add a test case previously broken by a bad fix
|
|
Revision tags: php-5.4.28RC1, php-5.5.12RC1, php-5.6.0beta1, php-5.4.27, php-5.5.11, php-5.5.11RC1, php-5.4.27RC1, php-5.5.10, php-5.4.26, php-5.6.0alpha3, php-5.4.26RC1, php-5.5.10RC1, php-5.6.0alpha2, php-5.5.9, php-5.4.25, php-5.5.9RC1, php-5.4.25RC1, php-5.6.0alpha1, php-5.5.8, php-5.4.24, php-5.4.24RC1, php-5.5.8RC1, php-5.5.7, php-5.4.23, php-5.3.28, php-5.5.7RC1, php-5.4.23RC1, php-5.4.22, php-5.5.6, php-5.4.22RC1, php-5.5.6RC1, php-5.4.21, php-5.5.5, php-5.4.21RC1, php-5.5.5RC1, php-5.5.4, php-5.4.20, php-5.5.4RC1, php-5.4.20RC1, php-5.5.3, php-5.4.19, php-5.5.2, php-5.4.18, php-5.5.2RC1, php-5.4.18RC2, php-5.5.1, php-5.4.18RC1, php-5.3.27 |
|
| #
8b6b39fd |
| 10-Jul-2013 |
Sara Golemon |
Add a couple more test cases to parse_url() tests
http://::# (valid but silly)
http://# (invalid)
|
| #
95017c05 |
| 10-Jul-2013 |
Sara Golemon |
Add a couple more test cases to parse_url() tests
http://::# (valid but silly)
http://# (invalid)
|
|
Revision tags: php-5.4.17, php-5.5.0, php-5.3.27RC1, php-5.4.17RC1, php-5.5.0RC3, php-5.3.26, php-5.4.16, php-5.5.0RC2, php-5.3.26RC1, php-5.4.16RC1, php-5.5.0RC1, php-5.3.25, php-5.4.15, php-5.3.25RC1, php-5.5.0beta4, php-5.4.15RC1, php-5.4.14, php-5.3.24, php-5.5.0beta3, php-5.3.24RC1, php-5.4.14RC1, php-5.5.0beta2, php-5.5.0beta1, php-5.3.23, php-5.4.13, php-5.5.0alpha6, php-5.3.23RC1, php-5.4.13RC1, php-5.3.22, php-5.5.0alpha5, php-5.4.12, php-5.3.22RC2, php-5.4.12RC2, php-5.3.22RC1, php-5.4.12RC1, php-5.5.0alpha4, php-5.3.21, php-5.4.11, php-5.5.0alpha3, php-5.3.21RC1, php-5.4.11RC1, php-5.3.20, php-5.4.10, php-5.5.0alpha2, php-5.3.20RC1, php-5.4.10RC1, php-5.3.19, php-5.4.9, php-5.5.0alpha1, php-5.3.19RC1, php-5.4.9RC1, php-5.3.18, php-5.4.8, php-5.3.18RC1, php-5.4.8RC1, php-5.3.17, php-5.4.7, php-5.4.7RC1, php-5.3.16, php-5.4.6, php-5.4.6RC1, php-5.4.5, php-5.3.15, php-5.3.15RC1, php-5.4.5RC1, php-5.3.14, php-5.4.4, php-5.3.14RC2, php-5.4.4RC2, php-5.3.14RC1, php-5.4.4RC1, php-5.3.13, php-5.4.3, php-5.4.2, php-5.3.12, php-5.3.11, php-5.4.1, php-5.3.11RC2, php-5.4.1RC2, php-5.3.11RC1, php-5.4.1RC1, PHP-5.4.1-RC1, php-5.4.0, php-5.4.0RC8, php-5.3.10, php-5.4.0RC7, php-5.4.0RC6, php-5.3.9, php-5.4.0RC5, php-5.3.9RC4, php-5.4.0RC4, php-5.3.9RC3, php-5.4.0RC3, php-5.3.9RC2, php-5.4.0RC2, php-5.4.0RC1, php-5.3.9RC1, php-5.4.0beta2, php-5.4.0beta1, yaf-2.1.0, php-5.3.8, php-5.3.7, php-5.3.7RC5, php-5.4.0alpha3, php-5.3.7RC4, php-5.3.7RC3, php-5.4.0alpha2, php-5.3.7RC2, php-5.4.0alpha1, php-5.3.7RC1, php-5.3.6, php-5.3.6RC3, php-5.3.6RC2, php-5.3.6RC1 |
|
| #
145c4cbc |
| 06-Feb-2011 |
Ilia Alshanetsky |
Fixed parse_url() tests to account for port validation
|
