Skip Menu |

This queue is for tickets about the Data-Validate-URI CPAN distribution.

Report information
The Basics
Id: 30848
Status: open
Priority: 0/
Queue: Data-Validate-URI
People
Owner: sonnen [...] richardsonnen.com
Requestors: kindlund [...] mitre.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Mon Nov 19 16:49:15 2007 kindlund [...] mitre.org - Ticket created
CC: <sonnen [...] richardsonnen.com>
Subject: Data::Validate::URI (v0.03) - Numerical IP address URIs incorrectly fail validation
Date: Mon, 19 Nov 2007 16:48:22 -0500
To: <bug-Data-Validate-URI [...] rt.cpan.org>
From: "Kindlund, Darien F." <kindlund [...] mitre.org>
Using: Data::Validate::URI v0.03 For example: is_web_uri("http://192.168.0.1") fails is_http_uri("http://192.168.0.1") fails These URLs should not fail validation. They are valid URLs and simply correspond with IP addresses (not domain names). Specifically, I do not understand why the following code exists in URI.pm:is_http_uri() (line 277): return unless Data::Validate::Domain::is_domain($authority); Why do you check if the URL has a valid domain? At the least, please update the is_http_uri() to do the right thing with proper URLs that have IP addresses. Thanks, -- Darien Kindlund The MITRE Corporation InfoSec Engineer / Scientist, Sr.
  Sun Nov 25 16:08:38 2007 sonnen [...] richardsonnen.com - Taken
  Sun Nov 25 16:13:14 2007 sonnen [...] richardsonnen.com - Correspondence added
I've loosened the restrictions to allow IPs in the authority section of http/https URIs as of version 0.04 (released today) since the RFC (2616) only states that they SHOULD be avoided, but does not ban them. Thanks, Richard
  Sun Nov 25 16:13:15 2007 The RT System itself - Status changed from 'new' to 'open'
  Sun Nov 25 16:13:16 2007 sonnen [...] richardsonnen.com - Status changed from 'open' to 'resolved'
  Sun Nov 25 17:53:12 2007 kindlund [...] mitre.org - Correspondence added
Subject: RE: [rt.cpan.org #30848] Data::Validate::URI (v0.03) - Numerical IP address URIs incorrectly fail validation
Date: Sun, 25 Nov 2007 17:52:47 -0500
To: <bug-Data-Validate-URI [...] rt.cpan.org>
From: "Kindlund, Darien F." <kindlund [...] mitre.org>
Okay, thanks for your help! -- Darien Show quoted text
>-----Original Message----- >From: Richard Sonnen via RT [mailto:bug-Data-Validate- >URI@rt.cpan.org] >Sent: Sunday, November 25, 2007 4:13 PM >To: Kindlund, Darien F. >Subject: [rt.cpan.org #30848] Data::Validate::URI (v0.03) - >Numerical IP address URIs incorrectly fail validation > > ><URL: http://rt.cpan.org/Ticket/Display.html?id=30848 > > >I've loosened the restrictions to allow IPs in the authority section >of http/https URIs as of >version 0.04 (released today) since the RFC (2616) only states that >they SHOULD be avoided, >but does not ban them. > >Thanks, >Richard
  Sun Nov 25 17:53:14 2007 The RT System itself - Status changed from 'resolved' to 'open'