You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When checking a bunch of URLs, I came past an odd example of an 'URL' which passed the $sanitizer->url() method. Basically I'm only checking a random word like 'processwire' with the extra option to disallow relative-URLs and the need of scheme 'http' or 'https'.
Example: $sanitizer->url('processwire', array('allowRelative' => false,'allowSchemes' => array('http', 'https')));
I tried to narrow it down: $scheme = parse_url($value, PHP_URL_SCHEME); if($scheme !== false && strlen($scheme)) {...}
which didn't pass (correct, returns null)
Further on it checks for incorrect $scheme: if(!$scheme) {...}
and checks the option 'allowRelative': if($options['allowRelative']) {...}
since the value is 'processwire' we move to the else which says: // relative urls aren't allowed, so add the scheme/protocol and validate $value = $this->filterValidateURL("http://$value", $options);
...which somehow passes
It would be nice if somebody can clear this up for me. Thanks in advance.
The text was updated successfully, but these errors were encountered:
When checking a bunch of URLs, I came past an odd example of an 'URL' which passed the $sanitizer->url() method. Basically I'm only checking a random word like 'processwire' with the extra option to disallow relative-URLs and the need of scheme 'http' or 'https'.
Example:
$sanitizer->url('processwire', array('allowRelative' => false,'allowSchemes' => array('http', 'https')));I tried to narrow it down:
$scheme = parse_url($value, PHP_URL_SCHEME); if($scheme !== false && strlen($scheme)) {...}which didn't pass (correct, returns null)
Further on it checks for incorrect $scheme:
if(!$scheme) {...}and checks the option 'allowRelative':
if($options['allowRelative']) {...}since the value is 'processwire' we move to the else which says:
// relative urls aren't allowed, so add the scheme/protocol and validate $value = $this->filterValidateURL("http://$value", $options);...which somehow passes
It would be nice if somebody can clear this up for me. Thanks in advance.
The text was updated successfully, but these errors were encountered: