Add some doc comments on Cookie::validateCookieDomain() and Http::isValidUri(), which both have some failing test cases and are incomplete

2 files changed, 6 insertions, 0 deletions

diff --git a/includes/Cookie.php b/includes/Cookie.php
index 10d95a7883a5..95a4599fd9c4 100644
--- a/includes/Cookie.php
+++ b/includes/Cookie.php
@@ -62,6 +62,9 @@ class Cookie {
 	 * A better method might be to use a blacklist like
 	 * http://publicsuffix.org/
 	 *
+	 * @fixme fails to detect 3-letter top-level domains
+	 * @fixme fails to detect 2-letter top-level domains for single-domain use (probably not a big problem in practice, but there are test cases)
+	 *
 	 * @param $domain String: the domain to validate
 	 * @param $originDomain String: (optional) the domain the cookie originates from
 	 * @return Boolean
diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php
index b36011e94c15..75dbbdf37c9c 100644
--- a/includes/HttpFunctions.php
+++ b/includes/HttpFunctions.php
@@ -125,6 +125,9 @@ class Http {
 	 * protocols, because we only want protocols that both cURL
 	 * and php support.
 	 *
+	 * @fixme this is wildly inaccurate and fails to actually check most stuff
+	 * @fixme do we actually intend to have FTP support here? Does it work consistently?
+	 *
 	 * @param $uri Mixed: URI to check for validity
 	 * @returns Boolean
 	 */