You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is more informative than a bugfix in case other people encounter the same issue. We're using elasticsearch-PHP version 6.5 and PHP 7.3.29 which was released on July 1st, 2021. That version changed how FILTER_VALIDATE_URL works, breaking the code for prependMissing() for a URL that is using basic authentication.
I also checked with the devs assigned to that bug if basic authentication is a valid URL, but it might be the password is causing the validation error.
Summary of problem or feature request
This is more informative than a bugfix in case other people encounter the same issue. We're using elasticsearch-PHP version 6.5 and PHP 7.3.29 which was released on July 1st, 2021. That version changed how FILTER_VALIDATE_URL works, breaking the code for prependMissing() for a URL that is using basic authentication.
Version 7.3.29 Changelog
I also checked with the devs assigned to that bug if basic authentication is a valid URL, but it might be the password is causing the validation error.
Sec Bug #81122 | SSRF bypass in FILTER_VALIDATE_URL
Code snippet of problem
Code Snippet Solution
The easiest solution is to not use a URL with ->setHosts() but use the array option instead.
System details
The text was updated successfully, but these errors were encountered: