Page MenuHomePhabricator

Http::isValidURI is too lax
Closed, ResolvedPublic


mostly stashing this here so i don't forget.

Http::isValidURI is very lax. For example:

Http::isValidURI('afsddfa fdsa fda fda de fdfad This is not a url!') == true

even thought thats clearly not a valid uri.

Version: 1.18.x
Severity: enhancement



Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:33 PM
bzimport set Reference to bz27854.
bzimport added a subscriber: Unknown Object (MLST).

I have added some tests in r83296
Since we only want to support http,https and ftp protocols; this bug is about implementing the generic syntax of RFC 3986

I made a much improved regex in r83360. It doesn't catch everything you made tests for, but at least acts as a sane sanity check. Making a regex for generic url syntax that checks everything precisely starts to get icky rather fast, especially when considering in what places a colon can appear (seperating username password, the host/port, not to mention ipv6, etc).

I personally think the check in r83360 is sufficient, thoughts?