bug #64441 fixed

[Syra]

Checkout please
https://bugs.php.net/bug.php?id=64441

[DaveRandom]

Do you have reference RFC that states this to be valid? An FQDN is not mandated to end with a dot in any URL specifications I can find, and neither does it appear to be legal - the only place that does allow this syntax that I am aware of is the DNS zone files as specified in RFC1035.

I could be wrong, but I suspect that it is parse_url() that is at "fault" here for accepting them, rather than the other way around - although I would say this is not a problem, a parser should be more forgiving than a validator.

[Syra]

Yes, it's caused by FQDN. In RFC 1738 "host" is "The fully qualified domain name of a network host".
So valid url may ended by a dot.

[Syra]

Updated RFC2396 still the same. RFC3986 supports the same strategy.

[DaveRandom]

After re-reading the relevant RFCs I now agree that this is probably correct behaviour, although it does look a little odd, but since the final empty label refers to the "root domain" this is probably technically valid. It certainly makes sense in terms of how the DNS resolver works.

I will try compiling this later and see if I can break your fix :-P (although at first glance it looks sensible). However, you should definitely add a test to the PR.

[lstrojny]

Yes, please don’t merge without a test.

[Syra]

I'm new on this project and I'm glad to get your responses.

[smalyshev]

This passes http://a./ as a correct URL. I don't think it is.

[smalyshev]

Reading RFC, I think I was wrong, trailing dot is valid. But some servers can't handle it properly as it seems: http://stackoverflow.com/questions/3314192/how-do-i-allow-trailing-dot-in-host-headers-in-iis/3483411#3483411
So I'm not sure what to do here...

[lt]

@smalyshev We should be server agnostic right? If a particular server has a bug that means it does not conform to the RFC, then the maintainers of that server should fix it.

My personal opinion is that we should allow the trailing dot as a valid hostname, as it is valid per the RFC.

Unrelated but interesting side note, Firefox will complain about hosts with a trailing dot over SSL, because the certificate does not match the hostname. Chrome is happy to accept the host with a trailing dot when the certificate does not match the hostname.

It seems "issues" related to this trailing dot are widespread. Again I think we should comply with the RFC

[dsp]

I agree we should comply with the RFC, particularly as it's backed by popular DNS software like bind and browsers. I've queued it for 5.4.21 unless there are objections.

[php-pulls]

Comment on behalf of mike at php.net:

Already merged.

[kaplanlior]

For future reference commit SHA1 is 18b54a2