#43402 [Com]: FILTER_VALIDATE_EMAIL is not RFC2822 compliant

Tue, 16 Sep 2008 13:01:11 -0700 

 ID:               43402
 Comment by:       matt at mattfarina dot com
 Reported By:      nobody at example dot org
 Status:           Open
 Bug Type:         Filter related
 Operating System: *
 PHP Version:      5.2.5
 New Comment:

Please correct me if I'm wrong but isn't localhost an alias and RFC
2822 requires a fully qualified domain name or IP address. That would be
the issue with [EMAIL PROTECTED]


Previous Comments:
------------------------------------------------------------------------

[2008-09-16 19:37:41] drewish at katherinehouse dot com

The current code also bounces valid email addresses like
"[EMAIL PROTECTED]". I haven't been able to test out the suggested regex.

------------------------------------------------------------------------

[2007-11-26 14:23:55] nobody at example dot org

Updated test, php_filter_validate_email() returns string on success.
Surely bool would be a more appropriate return value for a logic filter?


Updated regex above fixes the specific issue I was having, I'm
uncertain about other edge cases ([EMAIL PROTECTED]@example.org)?

--TEST--
Bug 43402, RFC2822 allows chars (?, =) in dot-atoms
--SKIPIF--
<?php if (!extension_loaded("filter")) die("skip"); ?>
--FILE--
<?php

$var="!#$%&'*+-/=.?^_`{|[EMAIL PROTECTED]";
var_dump((bool)filter_var($var, FILTER_VALIDATE_EMAIL));
?>
--EXPECT--      
bool(true)

------------------------------------------------------------------------

[2007-11-26 11:34:19] nobody at example dot org

I may be missing something about the unit tests, following regex update
to php_filter_validate_email() will not pass my test case (after doing
rm ext/filter/tests/*.o ext/filter/tests/*.lo, clearing .out .log .exp
.diff from tests and doing make; make test).

const char regexp[] =
"/^((\\\"[^\\\"\\f\\n\\r\\t\\b]+\\\")|([\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}\\=\\?]+(\\.[\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}\\=\\?]+)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\\-])+\\.)+[A-Za-z\\-]+))$/D";

Yet the equivalent regex works as expected in both PHP and my patched
install.

<?php
error_reporting(E_ALL|E_STRICT);

function validate_email($_)
{
  /* Original from PEAR QuickForm Email.php rev: 1.4 */
  $r =
'/^((\"[^\"\f\n\r\t\v\b]+\")|([\w\!\#\$\%\&\'\*\+\-\~\/\^\`\|\{\}\=\?]+(\.[\w\!\#\$\%\&\'\*\+\-\~\/\^\`\|\{\}\=\?]+)*))@((\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\-])+\.)+[A-Za-z\-]+))$/D';

  return (bool) preg_match($r, $_);

}


$test = array('[EMAIL PROTECTED]'=>true,
              '[EMAIL PROTECTED]'=>false,
              "!#$%&'*+-/=.?^_`{|[EMAIL PROTECTED]"=>true,
              );

$failed = 0;
$fail = array();

foreach ($test as $k => $v){
  if (!(validate_email($k) === $v)){
    $failed++;
    $fail[].= $k;
  }
}

if ($failed > 0){
  echo "Failed $failed of ",count($test), " tests using PHP func\n";
  print_r($fail);
}
$failed = 0;
$fail = array();

foreach ($test as $k => $v){
  if (!((bool)filter_var($k, FILTER_VALIDATE_EMAIL) == (bool)$v)){
    $failed++;
    $fail[].= $k;
  }
}

if ($failed > 0){
  echo "Failed $failed of ",count($test), " tests using filter
func\n";
  print_r($fail);
}

------------------------------------------------------------------------

[2007-11-25 23:46:34] nobody at example dot org

--TEST--
RFC2822 conformance for local atoms
--SKIPIF--
<?php if (!extension_loaded("filter")) die("skip"); ?>
--FILE--
<?php
        $var = "!#$%&'*+-/=.?^_`{|[EMAIL PROTECTED]";
        var_dump(filter_var($var, FILTER_VALIDATE_EMAIL));
?>
--EXPECT--      
bool(true)


# Apologies for bug spam

------------------------------------------------------------------------

[2007-11-25 22:22:59] nobody at example dot org

Description:
------------
The regex used in php_filter_validate_email does not permit all valid
atom chars from RFC2822 (eg: ASCII 61, 63). 

Reproduce code:
---------------
<?php

$valid="!#$%&'*+-/=.?^_`{|[EMAIL PROTECTED]";

echo filter_var($valid, FILTER_VALIDATE_EMAIL)? 'Valid': 'Invalid',
"\n";


Expected result:
----------------
Valid

Actual result:
--------------
Invalid


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=43402&edit=1

Reply via email to