Hostname::isValid() ip address detection is detecting false positive

[stevleibelt]

Hey,

I investigated an issue I had. An E-Mail-Address is recognized as invalid. To guard the real email address, I create something that is fitting to my detected issue. Lets use the email address 'foo@beba123.de'.

If I try to validate this host name, I get an error from Hostname::IP_ADDRESS_NOT_ALLOWED. Why? Because of the used regexp.

    public function isValid($value)
    {
        if (!is_string($value)) {
            $this->error(self::INVALID);
            return false;
        }

        $this->setValue($value);
        // Check input against IP address schema
        if (preg_match('/^[0-9a-f:.]*$/i', $value)
        //....

The regexp '/^[0-9a-f:.]*$/i' expressed as sentence would be something like: This matches if provided value contains only numbers from "0" to "9", characters from "a" to "f", ":" and ".". Since my example domain only exists out of numbers and characters from "a" to "f", this expression would match false positive. Is there a chance to fix this? Since my client is using php 5.4, I would need a new zend framework version also for that.

Thanks in advanced.

[stevleibelt]

Hey, I am wondering if this is not important or simple has gone down under without any recognition.

[weierophinney]

IIRC, #54 / #56 address this; however, we have not backported this to the 2.4 series.

One thing you can do until then is take the version from the latest zend-validator release, put it in your own namespace, and register it under the validator configuration as an override for the Hostname validator shipped by default. If you can, I'd like to see you do that anyways, to verify that they do in fact resolve your situation. We can then determine if it's something we want to backport to an LTS release.

[michalbundyra]

This repository has been closed and moved to laminas/laminas-validator; a new issue has been opened at https://github.com/laminas/laminas-validator/issues/44.