Home Original page

PHP :: Bug #68129 :: parse_url()

Bug #68129 parse_url() - incomplete support for empty usernames and passwords
Submitted: 2014-10-02 00:58 UTC Modified: -
From: vort dot fu at gmail dot com Assigned:
Status: Closed Package: URL related
PHP Version: 5.6.0 OS: OS X 10.9.5
Private report: No CVE-ID: None

 [2014-10-02 00:58 UTC] vort dot fu at gmail dot com

Description:
------------
Section 3.1 "Common Internet Scheme Syntax" of RFC-1738 "Uniform Resource Locators (URL)" (https://www.ietf.org/rfc/rfc1738.txt) states the following:

   Note that an empty user name or password is different than no user
   name or password; there is no way to specify a password without
   specifying a user name. E.g., <URL:ftp://@host.com/> has an empty
   user name and no password, <URL:ftp://host.com/> has no user name,
   while <URL:ftp://foo:@host.com/> has a user name of "foo" and an
   empty password.


parse_url() currently only supports empty user names if a password component is not specified (including empty passwords, which aren't supported at all)

Test script:
---------------
<?php

   // correct (returns empty username)
   var_dump( parse_url( 'https://@example.com' ) );

   // incorrect (doesn't return empty username or password)
   var_dump( parse_url( 'https://:@example.com' ) );

   // incorrect (doesn't return empty username)
   var_dump( parse_url( 'https://:password@example.com' ) );

   // incorrect (doesn't return empty password)
   var_dump( parse_url( 'https://username:@example.com' ) );



Expected result:
----------------
array(3) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(0) ""
}
array(4) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(0) ""
  ["pass"]=>
  string(0) ""
}
array(4) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(0) ""
  ["pass"]=>
  string(8) "password"
}
array(4) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(8) "username"
  ["pass"]=>
  string(0) ""
}

Actual result:
--------------
array(3) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(0) ""
}
array(2) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
}
array(3) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["pass"]=>
  string(8) "password"
}
array(3) {
  ["scheme"]=>
  string(5) "https"
  ["host"]=>
  string(11) "example.com"
  ["user"]=>
  string(8) "username"
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports