Last modified: 2011-10-26 03:57:32 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T29854, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 27854 - Http::isValidURI is too lax
Http::isValidURI is too lax
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
General/Unknown (Other open bugs)
1.18.x
All All
: Normal enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
: need-unittest
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-03-04 22:18 UTC by Bawolff (Brian Wolff)
Modified: 2011-10-26 03:57 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Bawolff (Brian Wolff) 2011-03-04 22:18:11 UTC 
mostly stashing this here so i don't forget.

Http::isValidURI is very lax. For example:

Http::isValidURI('afsddfa fdsa fda fda dehttp://example.com fdfad This is not a url!') == true

even thought thats clearly not a valid uri.
Comment 1 Antoine "hashar" Musso (WMF) 2011-03-05 16:18:14 UTC 
I have added some tests in r83296
Since we only want to support http,https and ftp protocols; this bug is about implementing the generic syntax of RFC 3986

http://tools.ietf.org/html/rfc3986
Comment 2 Bawolff (Brian Wolff) 2011-03-06 02:49:18 UTC 
I made a much improved regex in r83360. It doesn't catch everything you made tests for, but at least acts as a sane sanity check. Making a regex for generic url syntax that checks everything precisely starts to get icky rather fast, especially when considering in what places a colon can appear (seperating username password, the host/port, not to mention ipv6, etc).


I personally think the check in r83360 is sufficient, thoughts?
Comment 3 Chad H. 2011-06-16 02:53:07 UTC 
This all looks good to me now.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links