Read Time:24 Second
Posted by Jordy Zomer on Mar 28
Hello!
When the filter_var function is used in conjunction with the flags FILTER_VALIDATE_DOMAIN and FILTER_FLAG_HOSTNAME,
there is a vulnerability in PHP that allows the filter to be bypassed. This vulnerability could be used to introduce
vulnerabilities into code that would otherwise be safe to use.
Due to the lack of response from the PHP security team, I have decided to make this vulnerability publicly available
instead. Especially…