summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/libraries/Form_validation.php7
-rw-r--r--tests/codeigniter/libraries/Form_validation_test.php3
-rw-r--r--user_guide_src/source/changelog.rst1
3 files changed, 11 insertions, 0 deletions
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 1bd55499a..fdf202010 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -1208,6 +1208,13 @@ class CI_Form_validation {
$str = $matches[2];
}
+ // Apparently, FILTER_VALIDATE_URL doesn't reject digit-only names for some reason ...
+ // See https://github.com/bcit-ci/CodeIgniter/issues/5755
+ if (ctype_digit($str))
+ {
+ return FALSE;
+ }
+
// PHP 7 accepts IPv6 addresses within square brackets as hostnames,
// but it appears that the PR that came in with https://bugs.php.net/bug.php?id=68039
// was never merged into a PHP 5 branch ... https://3v4l.org/8PsSN
diff --git a/tests/codeigniter/libraries/Form_validation_test.php b/tests/codeigniter/libraries/Form_validation_test.php
index 3280f5bd8..6872b3abd 100644
--- a/tests/codeigniter/libraries/Form_validation_test.php
+++ b/tests/codeigniter/libraries/Form_validation_test.php
@@ -262,6 +262,9 @@ class Form_validation_test extends CI_TestCase {
// URI scheme case-sensitivity: https://github.com/bcit-ci/CodeIgniter/pull/4758
$this->assertTrue($this->form_validation->valid_url('HtTp://127.0.0.1/'));
+ // https://github.com/bcit-ci/CodeIgniter/issues/5755
+ $this->assertFalse($this->form_validation->valid_url('1'));
+
$this->assertFalse($this->form_validation->valid_url('htt://www.codeIgniter.com'));
$this->assertFalse($this->form_validation->valid_url(''));
$this->assertFalse($this->form_validation->valid_url('code igniter'));
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 3ec908626..aeea47578 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -20,6 +20,7 @@ Bug fixes for 3.1.11
- Fixed a bug (#5708) - :doc:`Session Library <libraries/session>` 'redis' driver too often failed with locking-related errors that could've been avoided.
- Fixed a bug (#5703) - :doc:`Session Library <libraries/session>` triggered an ``E_WARNING`` message about changing ``session.save_path`` during an active session when it fails to obtain a lock.
- Fixed a bug where :doc:`Session Library <libraries/session>` 'database' driver didn't trigger a failure if it can't obtain a lock.
+- Fixed a bug (#5755) - :doc:`Form Validation Library <libraries/form_validation>` rule **valid_url** accepted digit-only domains due to a PHP bug.
Version 3.1.10
==============