Blog of Daniel Ruf

Written by Daniel Ruf. You should follow him on Twitter

don't blindly trust FILTER_VALIDATE_URL


Valid URLs can use a wide range of different protocols. This requires strict validation of user supplied URLs combined with correct checks. Too lax or wrong checks can quickly lead to vulnerabilities.