PHP parse_url bad practice

PHP parse_url bad practice

HashFlare

today I identified an issue when install OneBase.org php framework( which is based on Thinkphp 5.0)

the root cause is callling of php internal function parse_url, when your password includes special character like #, the parse_url function wrongly split the string,

work around is by adding a / at the tail of $url

small issue, but may waste plenty of time investigating it because of layering and encapsulation

parse_url
友荐云推荐