Issues

ZF-12035: Zend_Validate_Hostname fails for punycode of IDN that not contain unicode characters

Issue Type: Bug Created: 2012-01-31T15:38:00.000+0000 Last Updated: 2012-08-17T09:22:06.000+0000 Status: Open Fix version(s): Reporter: Eskender Ablyamitov (esk) Assignee: Thomas Weidner (thomas) Tags: - Zend_Validate

  • validating

Related issues: - ZF-12003

Attachments:

Description

Zend_Validate_Hostname always return CANNOT_DECODE_PUNYCODE for punycode of IDN that not contain unicode characters.

In protected function decodePunycode uses next code for validating punycode:

<pre class="highlight">
protected function decodePunycode($encoded)
{

// ...

$separator = strrpos($encoded, '-');
if ($separator > 0) {
    for ($x = 0; $x < $separator; ++$x) {
        // prepare decoding matrix
        $decoded[] = ord($encoded[$x]);
    }
} else {
    $this->_error(self::CANNOT_DECODE_PUNYCODE);
    return false;
}

// ...
}

As we know from procedure for Punycode encoding ASCII hyphen can be added to the encoded name after basic characters or if it is one of the basic characters. However hyphen may not be present in the Punycode(excluding xn--). For example, if the original name did not contain the basic characters:

пример.com (ACE: xn--e1afmkfd.com)

Thus function contains a bug that prevents the normal validation for multiple hostnames.

The proposed solution:

Fix incorrect part of function decodePunycode

<pre class="highlight">
protected function decodePunycode($encoded)
{

// ...

$decoded = array();
$separator = strrpos($encoded, '-');
if ($separator > 0) {
    for ($x = 0; $x < $separator; ++$x) {
        // prepare decoding matrix
        $decoded[] = ord($encoded[$x]);
    }
} else {
    $separator = 0;
}

// ...
}

Comments

No comments to display

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts