- CakePHP's email validation allows non-ASCII letter characters, e.g. รก,
in the local part of the email address (by the \p{L} unicode category
construct). This should not be allowed, see
https://en.wikipedia.org/wiki/Email_address#Local_part.
- It also allows non-ASCII letter characters in the domain part. This
allows Internationalized Domain Names (IDN). The problem here lies in the
fact that this is not supported by the SmtpTransport. An SMTP client should
convert them to so called punycode ASCII, according to
https://lists.exim.org/lurker/message/20140812.120609.bf764769.en.html.
MTA exim does not accept the SMTP sequence. By the way, conversion to
punycode can be done by PHP's idn_to_ascii().
This issues have been tested in the current 2.7 branch, but a quick code
inspection confirms that they are also present in the master branch. As a
workaround I have switched back to validation by PHP's filter_var(), used
in a wrapper validation method.
The first issue can be fixed easily, although the right RFCs have to be
consulted. For the second issue, we have to decide if we support IDN for
email and if we do, support it (maybe not only in the SmtpTransport).
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
