Issues

ZF-2425: Hostnames with arbitrary characters such as space are valid when ALLOW_LOCAL is set

Issue Type: Bug Created: 2008-01-12T14:53:00.000+0000 Last Updated: 2008-03-21T16:25:39.000+0000 Status: Resolved Fix version(s): - 1.5.0 (17/Mar/08)

Reporter: Shahar Evron (shahar) Assignee: Thomas Weidner (thomas) Tags: - Zend_Validate

Related issues: Attachments: - Zend_Validate_Hostname.patch

Description

When validating a hostname with ALLOW_LOCAL, like in the following code, host names containing invalid characters such as space, '!' and so on are valid:

<pre class="highlight">
$v = new Zend_Validate_Hostname(Zend_Validate_Hostname::ALLOW_LOCAL);
var_dump($v->isValid('www foo com'));

This is because of a mistake in the $regexLocal regular expression, which uses \x2e to mark '.' but this sequence is being resolved by PHP before preg compilation - so it behaves like an unescaped '.' in a regex - meaning any character is allowed instead of the dot separator.

The fix is easy - replace the double quotes encapsulating the regex with single quotes.

BTW this really makes our unit tests look poor.

Comments

Posted by Shahar Evron (shahar) on 2008-01-12T14:53:36.000+0000

A simple patch to fix the bug

Posted by Shahar Evron (shahar) on 2008-01-12T14:54:02.000+0000

A simple test case added to the unit tests

Posted by Thomas Weidner (thomas) on 2008-03-09T14:57:32.000+0000

Fixed with SVN-8713

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts