PHPのfilter_varのFILTER_VALIDATE_URLとLaravelのurlバリデーションを比較する
0
以前、phpのfilter_var($url, FILTER_VALIDATE_URL)を調査しましたが、Laravel5.5との比較を行ったのでまとめます。
もくじ
FILTER_VALIDATE_URLとLaravelのurlバリデーションを比較
比較するコードは下記。
$rules = ['parameter' => 'url'];
use Illuminate\Support\Facades\Validator;
$urls = [
1,
"ABC",
"www.aws.com",
"http://",
"http://w",
"http://ww'",
"http://www",
"http://www.aws",
"http://www.aws.com",
"https://www.aws.com"
];
foreach ($urls as $url) {
if (filter_var($url, FILTER_VALIDATE_URL)) {
echo("'$url' is OK URL\n");
} else {
echo("'$url' is NG URL\n");
}
if (!Validator::make(['parameter' => $url], $rules)->fails()){
echo("'$url' is OK URL\n");
} else {
echo("'$url' is NG URL\n");
}
}
比較結果
結果は下記でした。
'1' is NG URL
'1' is NG URL
'ABC' is NG URL
'ABC' is NG URL
'www.aws.com' is NG URL
'www.aws.com' is NG URL
'http://' is NG URL
'http://' is NG URL
'http://w' is OK URL
'http://w' is NG URL
'http://ww'' is NG URL
'http://ww'' is NG URL
'http://www' is OK URL
'http://www' is OK URL
'http://www.aws' is OK URL
'http://www.aws' is OK URL
'http://www.aws.com' is OK URL
'http://www.aws.com' is OK URL
'https://www.aws.com' is OK URL
'https://www.aws.com' is OK URL
'http://w' is OK URL
'http://w' is NG URLこの辺は結果が変わってしまうようです。
FILTER_VALIDATE_URLのソースコード
では、PHPのfilter_varのFILTER_VALIDATE_URLが実際にどんなコードで動いているのでしょうか?
void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
{
php_url *url;
size_t old_len = Z_STRLEN_P(value);
php_filter_url(value, flags, option_array, charset);
if (Z_TYPE_P(value) != IS_STRING || old_len != Z_STRLEN_P(value)) {
RETURN_VALIDATION_FAILED
}
/* Use parse_url - if it returns false, we return NULL */
url = php_url_parse_ex(Z_STRVAL_P(value), Z_STRLEN_P(value));
if (url == NULL) {
RETURN_VALIDATION_FAILED
}
if (url->scheme != NULL &&
(zend_string_equals_literal_ci(url->scheme, "http") || zend_string_equals_literal_ci(url->scheme, "https"))) {
char *e, *s, *t;
size_t l;
if (url->host == NULL) {
goto bad_url;
}
s = ZSTR_VAL(url->host);
l = ZSTR_LEN(url->host);
e = s + l;
t = e - 1;
/* An IPv6 enclosed by square brackets is a valid hostname */
if (*s == '[' && *t == ']' && _php_filter_validate_ipv6((s + 1), l - 2)) {
php_url_free(url);
return;
}
// Validate domain
if (!_php_filter_validate_domain(ZSTR_VAL(url->host), l, FILTER_FLAG_HOSTNAME)) {
php_url_free(url);
RETURN_VALIDATION_FAILED
}
}
if (
url->scheme == NULL ||
/* some schemas allow the host to be empty */
(url->host == NULL && (!zend_string_equals_literal(url->scheme, "mailto") && !zend_string_equals_literal(url->scheme, "news") && !zend_string_equals_literal(url->scheme, "file"))) ||
((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || ((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
) {
bad_url:
php_url_free(url);
RETURN_VALIDATION_FAILED
}
if ((url->user != NULL && !is_userinfo_valid(url->user))
|| (url->pass != NULL && !is_userinfo_valid(url->pass))
) {
php_url_free(url);
RETURN_VALIDATION_FAILED
}
php_url_free(url);
}まさかのC言語でした。
Laravelのurlバリデーション
次に、Laravelのurlバリデーションは以下。
/**
* Validate that an attribute is a valid URL.
*
* @param string $attribute
* @param mixed $value
* @return bool
*/
public function validateUrl($attribute, $value)
{
if (! is_string($value)) {
return false;
}
/*
* This pattern is derived from Symfony\Component\Validator\Constraints\UrlValidator (2.7.4).
*
* (c) Fabien Potencier <fabien@symfony.com> http://symfony.com
*/
$pattern = '~^
((aaa|aaas|about|acap|acct|acr|adiumxtra|afp|afs|aim|apt|attachment|aw|barion|beshare|bitcoin|blob|bolo|callto|cap|chrome|chrome-extension|cid|coap|coaps|com-eventbrite-attendee|content|crid|cvs|data|dav|dict|dlna-playcontainer|dlna-playsingle|dns|dntp|dtn|dvb|ed2k|example|facetime|fax|feed|feedready|file|filesystem|finger|fish|ftp|geo|gg|git|gizmoproject|go|gopher|gtalk|h323|ham|hcp|http|https|iax|icap|icon|im|imap|info|iotdisco|ipn|ipp|ipps|irc|irc6|ircs|iris|iris.beep|iris.lwz|iris.xpc|iris.xpcs|itms|jabber|jar|jms|keyparc|lastfm|ldap|ldaps|magnet|mailserver|mailto|maps|market|message|mid|mms|modem|ms-help|ms-settings|ms-settings-airplanemode|ms-settings-bluetooth|ms-settings-camera|ms-settings-cellular|ms-settings-cloudstorage|ms-settings-emailandaccounts|ms-settings-language|ms-settings-location|ms-settings-lock|ms-settings-nfctransactions|ms-settings-notifications|ms-settings-power|ms-settings-privacy|ms-settings-proximity|ms-settings-screenrotation|ms-settings-wifi|ms-settings-workplace|msnim|msrp|msrps|mtqp|mumble|mupdate|mvn|news|nfs|ni|nih|nntp|notes|oid|opaquelocktoken|pack|palm|paparazzi|pkcs11|platform|pop|pres|prospero|proxy|psyc|query|redis|rediss|reload|res|resource|rmi|rsync|rtmfp|rtmp|rtsp|rtsps|rtspu|secondlife|s3|service|session|sftp|sgn|shttp|sieve|sip|sips|skype|smb|sms|smtp|snews|snmp|soap.beep|soap.beeps|soldat|spotify|ssh|steam|stun|stuns|submit|svn|tag|teamspeak|tel|teliaeid|telnet|tftp|things|thismessage|tip|tn3270|turn|turns|tv|udp|unreal|urn|ut2004|vemmi|ventrilo|videotex|view-source|wais|webcal|ws|wss|wtai|wyciwyg|xcon|xcon-userid|xfire|xmlrpc\.beep|xmlrpc.beeps|xmpp|xri|ymsgr|z39\.50|z39\.50r|z39\.50s)):// # protocol
(([\pL\pN-]+:)?([\pL\pN-]+)@)? # basic auth
(
([\pL\pN\pS\-\.])+(\.?([\pL]|xn\-\-[\pL\pN-]+)+\.?) # a domain name
| # or
\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} # an IP address
| # or
\[
(?:(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){6})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:::(?:(?:(?:[0-9a-f]{1,4})):){5})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:[0-9a-f]{1,4})))?::(?:(?:(?:[0-9a-f]{1,4})):){4})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,1}(?:(?:[0-9a-f]{1,4})))?::(?:(?:(?:[0-9a-f]{1,4})):){3})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,2}(?:(?:[0-9a-f]{1,4})))?::(?:(?:(?:[0-9a-f]{1,4})):){2})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,3}(?:(?:[0-9a-f]{1,4})))?::(?:(?:[0-9a-f]{1,4})):)(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,4}(?:(?:[0-9a-f]{1,4})))?::)(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,5}(?:(?:[0-9a-f]{1,4})))?::)(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,6}(?:(?:[0-9a-f]{1,4})))?::))))
\] # an IPv6 address
)
(:[0-9]+)? # a port (optional)
(/?|/\S+|\?\S*|\#\S*) # a /, nothing, a / with something, a query or a fragment
$~ixu';
return preg_match($pattern, $value) > 0;
}preg_matchしているだけなんですね。
このコードをいちいち比較するのは次元が高すぎるので、今回はやめておきます。。。
0