Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL.

2 files changed, 26 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index cbc022391c..30a498f42a 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 20??, PHP 5.3.3
+- Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL.
+  (Ilia)
+
 - Fixed bug #47409 (extract() problem with array containing word "this").
   (Ilia, chrisstocktonaz at gmail dot com)
 
diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
index 2b72de1c2c..4865cffa43 100644
--- a/ext/filter/logical_filters.c
+++ b/ext/filter/logical_filters.c
@@ -456,12 +456,35 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 		RETURN_VALIDATION_FAILED
 	}
 
+	if (url->scheme != NULL && (!strcasecmp(url->scheme, "http") || !strcasecmp(url->scheme, "https"))) {
+		char *e, *s;
+
+		if (url->host == NULL) {
+			goto bad_url;
+		}
+
+		e = url->host + strlen(url->host);
+		s = url->host;
+
+		while (s < e) {
+			if (!isalnum((int)*(unsigned char *)s) && *s != '_' && *s != '.') {
+				goto bad_url;
+			}
+			s++;
+		}
+
+		if (*(e - 1) == '.') {
+			goto bad_url;
+		}
+	}
+
 	if (
 		url->scheme == NULL || 
 		/* some schemas allow the host to be empty */
 		(url->host == NULL && (strcmp(url->scheme, "mailto") && strcmp(url->scheme, "news") && strcmp(url->scheme, "file"))) ||
 		((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || ((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
 	) {
+bad_url:
 		php_url_free(url);
 		RETURN_VALIDATION_FAILED
 	}