FILTER_VALIDATE_URL 的 FILTER_FLAG_SCHEME_REQUIRED 和 FILTER_FLAG_HOST_REQUIRED 标志有什么用? [英] What is use of FILTER_FLAG_SCHEME_REQUIRED and FILTER_FLAG_HOST_REQUIRED flags for FILTER_VALIDATE_URL?

问题描述

我们可以使用filter_vars() 带有 FILTER_VALIDATE_URL 和 标志:

FILTER_FLAG_SCHEME_REQUIRED
FILTER_FLAG_HOST_REQUIRED
FILTER_FLAG_PATH_REQUIRED
FILTER_FLAG_QUERY_REQUIRED

FILTER_VALIDATE_URL 根据 RFC 2396 并在内部使用 parse_url()并需要方案(协议)和主机部分.

FILTER_VALIDATE_URL validates value as URL according to RFC 2396 and internally use parse_url() and require scheme (protocol) and host parts.

如果我还想检查路径和查询部分，我可以像这样使用 filter_vars:

If I want check path and query parts aswell I can use filter_vars like this:

filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED | FILTER_FLAG_QUERY_REQUIRED);

但是 FILTER_FLAG_SCHEME_REQUIRED 和 FILTER_FLAG_HOST_REQUIRED 标志有什么用?似乎无论我们是否指定这些标志，方案和主机部分都会被检查.

But what is use of FILTER_FLAG_SCHEME_REQUIRED and FILTER_FLAG_HOST_REQUIRED flags? It seems like no matter whether we specify these flags or not scheme and host parts will be checked anyway.

例如，像这样过滤有效的相对 URL:

For example, filtering valid relative URL like this:

filter_var('test1/2.html', FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED);

返回假.

推荐答案

PHP 7.3.0

FILTER_FLAG_SCHEME_REQUIRED 和 FILTER_FLAG_HOST_REQUIRED 现在已在 PHP 7.3.0 中弃用，因为它们在 FILTER_VALIDATE_URL 中仍然使用.

FILTER_FLAG_SCHEME_REQUIRED and FILTER_FLAG_HOST_REQUIRED are now deprecated in PHP 7.3.0 as they were used in FILTER_VALIDATE_URL anyways.

你说得对.这两个标志在默认情况下是打开的，并且无法禁用它们，尽管官方文档中有说明(见下文).正如您在问题中所写，它们毫无用处.我认为这是一个错误.有一个与此相关的错误报告.

You are right. These two flags are turned on by default and there is no way to disable them, despite of what is said in the official documentation (see below). And as you wrote in the question, they are useless. I think it's a bug. There is a bugreport related to this.

来自 PHP 文档:

请注意，有效的 URL 可能未指定 HTTP 协议 http://，因此可能需要进一步验证以确定 URL 使用预期的协议，例如ssh://或 mailto:.

Beware a valid URL may not specify the HTTP protocol http:// so further validation may be required to determine the URL uses an expected protocol, e.g. ssh:// or mailto:.

来自 RFC2396:

  URI-reference = [ absoluteURI | relativeURI ] [ "#" fragment ]
  absoluteURI   = scheme ":" ( hier_part | opaque_part )
  relativeURI   = ( net_path | abs_path | rel_path ) [ "?" query ]

  hier_part     = ( net_path | abs_path ) [ "?" query ]
  opaque_part   = uric_no_slash *uric

  uric_no_slash = unreserved | escaped | ";" | "?" | ":" | "@" |
                  "&" | "=" | "+" | "$" | ","

  net_path      = "//" authority [ abs_path ]
  abs_path      = "/"  path_segments
  rel_path      = rel_segment [ abs_path ]

  rel_segment   = 1*( unreserved | escaped |
                      ";" | "@" | "&" | "=" | "+" | "$" | "," )

  scheme        = alpha *( alpha | digit | "+" | "-" | "." )

  authority     = server | reg_name

  reg_name      = 1*( unreserved | escaped | "$" | "," |
                      ";" | ":" | "@" | "&" | "=" | "+" )

  server        = [ [ userinfo "@" ] hostport ]
  userinfo      = *( unreserved | escaped |
                     ";" | ":" | "&" | "=" | "+" | "$" | "," )

  hostport      = host [ ":" port ]
  host          = hostname | IPv4address
  hostname      = *( domainlabel "." ) toplabel [ "." ]
  domainlabel   = alphanum | alphanum *( alphanum | "-" ) alphanum
  toplabel      = alpha | alpha *( alphanum | "-" ) alphanum
  IPv4address   = 1*digit "." 1*digit "." 1*digit "." 1*digit
  port          = *digit

  path          = [ abs_path | opaque_part ]
  path_segments = segment *( "/" segment )
  segment       = *pchar *( ";" param )
  param         = *pchar
  pchar         = unreserved | escaped |
                  ":" | "@" | "&" | "=" | "+" | "$" | ","

  query         = *uric

  fragment      = *uric

  uric          = reserved | unreserved | escaped
  reserved      = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" |
                  "$" | ","
  unreserved    = alphanum | mark
  mark          = "-" | "_" | "." | "!" | "~" | "*" | "'" |
                  "(" | ")"

  escaped       = "%" hex hex
  hex           = digit | "A" | "B" | "C" | "D" | "E" | "F" |
                          "a" | "b" | "c" | "d" | "e" | "f"

  alphanum      = alpha | digit
  alpha         = lowalpha | upalpha

  lowalpha = "a" | "b" | "c" | "d" | "e" | "f" | "g" | "h" | "i" |
             "j" | "k" | "l" | "m" | "n" | "o" | "p" | "q" | "r" |
             "s" | "t" | "u" | "v" | "w" | "x" | "y" | "z"
  upalpha  = "A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" |
             "J" | "K" | "L" | "M" | "N" | "O" | "P" | "Q" | "R" |
             "S" | "T" | "U" | "V" | "W" | "X" | "Y" | "Z"
  digit    = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" |
             "8" | "9"

如您所见，有效 URL 可能没有方案部分或主机名部分，如果它是相对的.可能 FILTER_FLAG_SCHEME_REQUIRED 和 FILTER_FLAG_HOST_REQUIRED 应该有助于通过设计检查它们的存在.但这永远不可能.

As you can see, a valid URL may not have a scheme part or a hostname part, if it's relative. Probably, FILTER_FLAG_SCHEME_REQUIRED and FILTER_FLAG_HOST_REQUIRED should help to check their existence by design. But it's never possible.

这篇关于FILTER_VALIDATE_URL 的 FILTER_FLAG_SCHEME_REQUIRED 和 FILTER_FLAG_HOST_REQUIRED 标志有什么用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！