Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 2.2.0

Bug #20013 getNormalizedURL() adds leading "@" chars in the Authority
Submitted: 2013-07-18 17:13 UTC
From: ross Assigned: tkli
Status: Closed Package: Net_URL2 (version 2.0.0)
PHP Version: Irrelevant OS:
Roadmaps: (Not assigned)    

 [2013-07-18 17:13 UTC] ross (Ross Perkins)
Description: ------------ This bug report refers to github's pear/Net_URL2 #f4864b005a 5339bc26e4d7268ad7d5b7 $url->getNormalizedURL() fails to return a valid URL if there is no user:password in the URL. It erroneously adds an "@" symbol in the normalized URL. Test script: --------------- This test method will fail until the bug is fixed: public function testNormalizeDoesNotAddErroneousAts() { $expectedResults = array( '', '', '', ); foreach($expectedResults as $expected) { $url = new Net_Url2($expected); $this->assertSame($expected, $url->getNormalizedURL(), "getNormalizedURL must return the expected result"); } } Expected result: ---------------- The test should pass. Instead, it fails. For example when normalizing this URL: getNormalizedURL() returns: This is obviously broken.


 [2013-07-18 17:24 UTC] ross (Ross Perkins)
I forked Net_URL2 on Github, here is a patch that adds the phpunit test showing the bug, and also the fix: Net_URL2/commit/9a2daa17270e1c6a81645d193052e4f871b2e987
 [2013-07-19 02:26 UTC] tkli (Tom Klingenberg)
As an empty userinfo part is technically possible (zero-length-string) and in a normalization it should be dropped ("The user information, if present, is followed by a commercial at-sign ("@") that delimits it from the host." 3.2.1. User Information). Therefore I would suggest to allow the zero-length userinfo (as it happens here to trigger the flaw) and check with strlen() instead of !== FALSE in getAuthority(). if (strlen($this->_userinfo)) { $authority .= $this->_userinfo . '@'; }
 [2013-07-19 09:36 UTC] tkli (Tom Klingenberg)
Ross, can you please review if Bug and Fix in do the work for you? My conclusion is that setting an empty string as user information (userinfo in short) shouldn't result in the commercial at-sign ("@") in the first place. This also addresses the problem adding that @ sign in URL normalization (Net_URL2::getNormalizedURL()).
 [2013-07-19 15:30 UTC] ross (Ross Perkins)
Hi Tom, that fix looks good. It also covers more cases where the bug would have been affected. Nice work. :)
 [2013-07-21 20:09 UTC] tkli (Tom Klingenberg)
 [2013-07-27 04:54 UTC] doconnor (Daniel O'Connor)
-Status: Open +Status: Closed -Assigned To: +Assigned To: tkli