validator icon indicating copy to clipboard operation
validator copied to clipboard
verified publisher icon yiisoft

http://localhost/ is not valid url for UrlValidator

Open amincheloh opened this issue 9 years ago • 14 comments

Not sure it is by design or bug if bug i can create a PR.

What steps will reproduce the problem?

$val = new UrlValidator;
$result = $val->validate('http://localhost/');

What is the expected result?

true

What do you get instead?

false

amincheloh avatar Dec 11 '16 08:12 amincheloh

Both ::1 and 127.0.0.1 must also be kept in mind.

resurtm avatar Dec 11 '16 09:12 resurtm

I would say this is a feature rather than a bug :) localhost will point to different host for every user of the system so if you allow adding such URLs it could introduce flaws with leaking information from internal network. That is true for all non-fqdn domain names. Why do you want to allow this?

cebe avatar Dec 11 '16 14:12 cebe

@resurtm 127.0.0.1 pass the tests but ::1 not

@cebe I need to communicate with other services on same host but different ports

amincheloh avatar Dec 11 '16 14:12 amincheloh

@amincheloh you can adjust the $pattern property of the validator to make it work in your case.

In general I think the validator could be based on parse_url() function instead of a regex and allow further options like forcing https urls only for example. Or a switch to enable/disable fqdn names. I suggest to rewrite it for 2.1.0.

cebe avatar Dec 11 '16 14:12 cebe

I ran into the same issue during functional testing with codeception where one of the params for a model was the referal Url and codeception runs everything on http://localhost.

VirtualRJ avatar Jan 29 '17 14:01 VirtualRJ

What steps will reproduce the problem?

$urlValid = new \yii\validators\UrlValidator();
var_dump($urlValid->validate("http://www.google.com/uncheck/orderPay/ejbPaySucess.do\\"));
exit;

What is the expected result?

bool(true)

What do you get instead?

bool(false)

Additional info

Q A
Yii version 2.0.11.2
PHP version 7.0.1
Operating system windows

pgyf avatar May 12 '17 07:05 pgyf

@phpyii what's the purpose of the backslash at the end of the URL?

cebe avatar May 12 '17 07:05 cebe

@cebe Today I found the URL stored in the database. I added URL validation

pgyf avatar May 12 '17 07:05 pgyf

As @cebe said, that's a special case and there's a way to make it work by adjusting regular expression. Not going to change it.

samdark avatar Dec 26 '19 13:12 samdark

As @cebe said, that's a special case and there's a way to make it work by adjusting regular expression. Not going to change it.

It seems that this effects not only localhost. For me it seems the every local domain name (without a dot) seems to be declared as invalid.

Radon8472 avatar Jul 13 '23 09:07 Radon8472

@Radon8472 correct.

samdark avatar Jul 14 '23 03:07 samdark

In fact, Url rule is now Regex rule with IDN support. We can improve rule so:

  1. Rule always check by internal regex that string is correct URL according to the RFC.

  2. Allow to user set constrains (optional) for host, port, path, etc.

vjik avatar Jul 17 '23 10:07 vjik

I thin for some people, it would be good to allow local do mains for others not.

You alredy have a PR yiisoft/yii2#17965 what enables support for local domains. I would say, you yust should add a config option (e.g. allowLocalDomains) to switch this on / off.

And having this option, each user could choose his/her desired behavior

Radon8472 avatar Jul 22 '23 07:07 Radon8472

Adding it as an option disabled by default is fine.

samdark avatar Jul 24 '23 05:07 samdark