From 80c20dcfded0df95457acf5cd9b437d2a268bc85 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 10 May 2019 20:29:48 +0300 Subject: [ci skip] Fix #5755 --- system/libraries/Form_validation.php | 7 +++++++ tests/codeigniter/libraries/Form_validation_test.php | 3 +++ user_guide_src/source/changelog.rst | 1 + 3 files changed, 11 insertions(+) diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 1bd55499a..fdf202010 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -1208,6 +1208,13 @@ class CI_Form_validation { $str = $matches[2]; } + // Apparently, FILTER_VALIDATE_URL doesn't reject digit-only names for some reason ... + // See https://github.com/bcit-ci/CodeIgniter/issues/5755 + if (ctype_digit($str)) + { + return FALSE; + } + // PHP 7 accepts IPv6 addresses within square brackets as hostnames, // but it appears that the PR that came in with https://bugs.php.net/bug.php?id=68039 // was never merged into a PHP 5 branch ... https://3v4l.org/8PsSN diff --git a/tests/codeigniter/libraries/Form_validation_test.php b/tests/codeigniter/libraries/Form_validation_test.php index 3280f5bd8..6872b3abd 100644 --- a/tests/codeigniter/libraries/Form_validation_test.php +++ b/tests/codeigniter/libraries/Form_validation_test.php @@ -262,6 +262,9 @@ class Form_validation_test extends CI_TestCase { // URI scheme case-sensitivity: https://github.com/bcit-ci/CodeIgniter/pull/4758 $this->assertTrue($this->form_validation->valid_url('HtTp://127.0.0.1/')); + // https://github.com/bcit-ci/CodeIgniter/issues/5755 + $this->assertFalse($this->form_validation->valid_url('1')); + $this->assertFalse($this->form_validation->valid_url('htt://www.codeIgniter.com')); $this->assertFalse($this->form_validation->valid_url('')); $this->assertFalse($this->form_validation->valid_url('code igniter')); diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 3ec908626..aeea47578 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -20,6 +20,7 @@ Bug fixes for 3.1.11 - Fixed a bug (#5708) - :doc:`Session Library ` 'redis' driver too often failed with locking-related errors that could've been avoided. - Fixed a bug (#5703) - :doc:`Session Library ` triggered an ``E_WARNING`` message about changing ``session.save_path`` during an active session when it fails to obtain a lock. - Fixed a bug where :doc:`Session Library ` 'database' driver didn't trigger a failure if it can't obtain a lock. +- Fixed a bug (#5755) - :doc:`Form Validation Library ` rule **valid_url** accepted digit-only domains due to a PHP bug. Version 3.1.10 ============== -- cgit v1.2.3-24-g4f1b