Description: ------------ Validate::uri() validates a http URL even when the query string starts with an ampersand and not with a question mark. http://en.wikipedia.org/wiki/Query_string#RFC "As defined in RFC 1738, a URL of scheme http can contain a searchpart following the rest of the URL and separated from it by a ? character. RFC 3986 specifies that the query component of an URI is the part between the ? and the end of the URI or the character #. The term query string is of common usage for referring to this part for the case of HTTP URLs." Test script: --------------- //Proper URL would be http://www.example.com/index.php?p1=x&p2=y $url = 'http://www.example.com/index.php&p1=x&p2=y'; $options = array('allowed_schemes' => array('http')); if (Validate::uri($url, $options)) { echo 'Valid'; } else { echo 'Invalid'; } Expected result: ---------------- Invalid Actual result: -------------- Valid

Thank you for taking the time to write to us, but this is not a bug. There's nothing wrong with this behavior, RFC 3986 clearly says: "The *path* is terminated by the first question mark ("?") or number sign ("#") character, or by the end of the URI." So, the pasted URI doesn't get into the Query part, that's Path section.