PHP网址验证误报
[英]PHP url validation false positives
问题描述
For some odd reason my if statement to check the urls using FILTER_VALIDATE_URL is returning unexpected results. 
出于某种奇怪的原因,我使用FILTER_VALIDATE_URL检查URL的if语句返回了意外结果。
Simple stuff like https://www.google.nl/ is being blocked but www.google.nl/ isn't? https://www.google.nl/之类的简单内容被阻止了,但是www.google.nl/不是吗? Its not like it blocks every single URL with http or https infront of it either. 它不喜欢用http或https阻止每个URL。 Some are allowed and others are not, I know there are a bunch of topics for this but most of them are using regex to filter urls. 有些是允许的,而有些则是不允许的,我知道有很多与此相关的主题,但是大多数主题都使用正则表达式来过滤网址。 Is this beter than using FILTER_VALIDATE_URL? 这比使用FILTER_VALIDATE_URL更好吗? Or Am I doing something wrong? 还是我做错了什么?
The code I use to check the URLS is this 我用来检查URL的代码是这样的
if (!filter_var($linkinput, FILTER_VALIDATE_URL) === FALSE) {
//error code
}
1 个解决方案
解决方案1
0 2015-05-11 23:29:09
You should filter it like this first. 您应该首先像这样过滤它。 (Just for good measure). (只是为了很好的措施)。
$url = filter_var($url, FILTER_SANITIZE_URL);
The FILTER_VALIDATE_URL only accepts ASCII URL's (ie, need to be encoded). FILTER_VALIDATE_URL仅接受ASCII URL(即,需要进行编码)。 If the above function does not work see PHP urlencode() to encode the URL. 如果上述功能不起作用,请参见PHP urlencode()对URL进行编码。
If THAT doesn't work, then you should manually strip the http: from the beginning like this ... 如果那不起作用,那么您应该像这样从头开始手动剥离http:...
$url = strpos($url, 'http://') === 0 ? substr($url, 7) : $url;
Here are some flags that might help. 这里有一些标志可能会有所帮助。 If all of your URL's will have http:// you can use FILTER_FLAG_SCHEME_REQUIRED 如果您所有的URL都带有http:// ,则可以使用FILTER_FLAG_SCHEME_REQUIRED
The FILTER_VALIDATE_URL filter validates a URL.
Possible flags:
- FILTER_FLAG_SCHEME_REQUIRED - URL must be RFC compliant (like http://example )
- FILTER_FLAG_HOST_REQUIRED - URL must include host name (like http://www.example.com )
- FILTER_FLAG_PATH_REQUIRED - URL must have a path after the domain name (like www.example.com/example1/)
- FILTER_FLAG_QUERY_REQUIRED - URL must have a query string (like "example.php?name=Peter&age=37")
The default behavior of FILTER_VALIDATE_URL
Validates value as URL (according to » http://www.faqs.org/rfcs/rfc2396 ), optionally with required components.
Beware a valid URL may not specify the HTTP protocol http:// so further validation may be required to determine the URL uses an expected protocol, eg ssh:// or mailto:.
Note that the function will only find ASCII URLs to be valid ;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.