[英]PHP url validation false positives
For some odd reason my if statement to check the urls using FILTER_VALIDATE_URL is returning unexpected results. 出于某种奇怪的原因,我使用FILTER_VALIDATE_URL检查URL的if语句返回了意外结果。
Simple stuff like https://www.google.nl/ is being blocked but www.google.nl/ isn't? https://www.google.nl/之类的简单内容被阻止了,但是www.google.nl/不是吗? Its not like it blocks every single URL with http or https infront of it either.
它不喜欢用http或https阻止每个URL。 Some are allowed and others are not, I know there are a bunch of topics for this but most of them are using regex to filter urls.
有些是允许的,而有些则是不允许的,我知道有很多与此相关的主题,但是大多数主题都使用正则表达式来过滤网址。 Is this beter than using FILTER_VALIDATE_URL?
这比使用FILTER_VALIDATE_URL更好吗? Or Am I doing something wrong?
还是我做错了什么?
The code I use to check the URLS is this 我用来检查URL的代码是这样的
if (!filter_var($linkinput, FILTER_VALIDATE_URL) === FALSE) {
//error code
}
You should filter it like this first. 您应该首先像这样过滤它。 (Just for good measure).
(只是为了很好的措施)。
$url = filter_var($url, FILTER_SANITIZE_URL);
The FILTER_VALIDATE_URL only accepts ASCII URL's (ie, need to be encoded). FILTER_VALIDATE_URL仅接受ASCII URL(即,需要进行编码)。 If the above function does not work see PHP urlencode() to encode the URL.
如果上述功能不起作用,请参见PHP urlencode()对URL进行编码。
If THAT doesn't work, then you should manually strip the http: from the beginning like this ... 如果那不起作用,那么您应该像这样从头开始手动剥离http:...
$url = strpos($url, 'http://') === 0 ? substr($url, 7) : $url;
Here are some flags that might help. 这里有一些标志可能会有所帮助。 If all of your URL's will have
http://
you can use FILTER_FLAG_SCHEME_REQUIRED 如果您所有的URL都带有
http://
,则可以使用FILTER_FLAG_SCHEME_REQUIRED
The FILTER_VALIDATE_URL filter validates a URL.
FILTER_VALIDATE_URL过滤器验证URL。
Possible flags:
可能的标志:
- FILTER_FLAG_SCHEME_REQUIRED - URL must be RFC compliant (like http://example )
FILTER_FLAG_SCHEME_REQUIRED-URL必须符合RFC(例如http:// example )
- FILTER_FLAG_HOST_REQUIRED - URL must include host name (like http://www.example.com )
FILTER_FLAG_HOST_REQUIRED-URL必须包含主机名(例如http://www.example.com )
- FILTER_FLAG_PATH_REQUIRED - URL must have a path after the domain name (like www.example.com/example1/)
FILTER_FLAG_PATH_REQUIRED-URL必须在域名之后具有路径(例如www.example.com/example1/)
- FILTER_FLAG_QUERY_REQUIRED - URL must have a query string (like "example.php?name=Peter&age=37")
FILTER_FLAG_QUERY_REQUIRED-URL必须具有查询字符串(例如“ example.php?name = Peter&age = 37”)
The default behavior of FILTER_VALIDATE_URL
FILTER_VALIDATE_URL的默认行为
Validates value as URL (according to » http://www.faqs.org/rfcs/rfc2396 ), optionally with required components.
验证值是否为URL(根据» http://www.faqs.org/rfcs/rfc2396 ),并可选地使用必需的组件。
Beware a valid URL may not specify the HTTP protocol http:// so further validation may be required to determine the URL uses an expected protocol, eg ssh:// or mailto:.
当心有效的URL可能未指定HTTP协议http://,因此可能需要进一步的验证才能确定URL使用预期的协议,例如ssh://或mailto:。
Note that the function will only find ASCII URLs to be valid ;
请注意,该函数只会找到有效的ASCII URL 。 internationalized domain names (containing non-ASCII characters) will fail.
国际化域名(包含非ASCII字符)将失败。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.