ZF-6033: Zend_Validate_Hostname accepting invalid TLD

Issue Type: Bug Created: 2009-03-14T12:43:42.000+0000 Last Updated: 2009-03-30T12:41:39.000+0000 Status: Resolved Fix version(s): - 1.8.0 (30/Apr/09)

Reporter: Daniel Guerrero (danguer) Assignee: Thomas Weidner (thomas) Tags: - Zend_Validate

Related issues: Attachments:


Not sure if is a bug (not very informed about TLDs), but you will get invalid domains TLD accepted as long as end with a valid TLD and are separated with non alpha chars like numbers in Zend_Validate_Hostname

For example if you try to validate: <www.danguer1com> Zend_Validate_Hostname will set as valid.

I think the problem is on valid() function on this line: if (preg_match('/([a-z]{2,10})$/i', end($domainParts), $matches)) {

You are reading the last chars, but instead it should be: if (preg_match('/^([a-z]{2,10})$/i', end($domainParts), $matches)) {

To match all the chars instead last, this way danguercom will set as invalid

Example code: <?php require_once 'Zend/Validate/Hostname.php';

$tests = array( '<www.danguer1com>', '<www.danguercom>', '<www.danguer-com>', 'danguer1com', 'danguer1-com', '<www.danguer1de>', 'asd.danguer-it' );

$validator = new Zend_Validate_Hostname();

foreach($tests as $test) { print "Testing {$test}: ".$validator->isValid($test)."\n"; }

Results: Testing <www.danguer1com>: 1 Testing <www.danguercom>: Testing <www.danguer-com>: 1 Testing danguer1com: Testing danguer1-com: Testing <www.danguer1de>: 1 Testing asd.danguer-it: 1

Expected results: All being blank after domain name (false)


Posted by Thomas Weidner (thomas) on 2009-03-30T12:41:38.000+0000

Fixed with r14543

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.