Home Original page

PHP :: Sec Bug #73192 :: parse_url return wrong hostname

Sec Bug #73192 parse_url return wrong hostname
Submitted: 2016-09-28 08:01 UTC Modified: 2019-02-22 22:19 UTC
From: mala at ma dot la Assigned: stas (profile)
Status: Closed Package: URL related
PHP Version: 5.6.26 OS:
Private report: No CVE-ID:

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2016-10-05 04:58 UTC] stas@php.net

-Status: Open +Status: Closed -PHP Version: 7.0.11 +PHP Version: 5.6.26 -Assigned To: +Assigned To: stas

 [2016-10-05 04:58 UTC] stas@php.net

The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Merged pull 1607 back to 5.6.

 [2016-10-05 07:10 UTC] mala at ma dot la

Hi, 

I wrote 
```
Expected result:
----------------
parse_url("http://example.com:80#@google.com/")["host"];

example.com or parse error
```

but, recognized # as end of authority component and 
same as http://example.com:80/#@google.com/ is more correct.

   The authority component is preceded by a double slash ("//") and is
   terminated by the next slash ("/"), question mark ("?"), or number
   sign ("#") character, or by the end of the URI.


in PHP 7.1.0RC3, can't parse these url.

php > $result = parse_url("http://example.com:80#@google.com/"); echo $result == null;
1

please review again.

 [2016-10-05 07:34 UTC] stas@php.net

I'm not sure I understand you comment. If you have better fix, please suggest it here or make pull request. If you have scenario which should be handled better, please provide:
1. Reproducing script
2. Expected output
3. Actual output

 [2016-10-05 08:05 UTC] mala at ma dot la

1. Reproducing script
php > var_dump(parse_url("http://example.com:80#@google.com/"));

2. Expected output

array(4) {
  ["scheme"]=>
  string(4) "http"
  ["host"]=>
  string(11) "example.com"
  ["port"]=>
  int(80)
  ["fragment"]=>
  string(12) "@google.com/"
}

3. Actual output

in PHP 7.1
bool(false)

in PHP 5.5
php > var_dump(parse_url("http://example.com:80#@google.com/"));
array(5) {
  ["scheme"]=>
  string(4) "http"
  ["host"]=>
  string(10) "google.com"
  ["user"]=>
  string(11) "example.com"
  ["pass"]=>
  string(3) "80#"
  ["path"]=>
  string(1) "/"
}

 [2016-11-09 20:10 UTC] ab@php.net

@mala thanks for checking, the revision b061fa909de77085d3822a89ab901b934d0362c4 is in the upcoming releases, merely it's missing in the NEWS. The final changelog will contain the entry.

Thanks.

 [2018-02-27 04:07 UTC] zhihua dot yao at dbappsecurity dot com dot cn

Related To: Bug #76015