ID: 43402
Comment by: nobody at example dot org
Reported By: nobody at example dot org
Status: Open
Bug Type: Filter related
Operating System: *
PHP Version: 5.2.5
New Comment:
I see no reason support for hostnames can't be added.
filter_var ($addr, FILTER_VALIDATE_EMAIL, FILTER_PERMIT_NON_FQDNS);
That's fine on a LAN and the additional flag stops web miscreants doing
what would, if this were the default behaviour, otherwise be
inevitable.
Back on topic, FILTER_VALIDATE_EMAIL validates nothing. It fails to
ensure an address is syntactically valid.
<?php
function _ ($_, $inv = false) {
$bool = (filter_var ($_, FILTER_VALIDATE_EMAIL) === $_);
echo (($inv)? !$bool: $bool)? 'OK ': 'ERR ', "$_\n";
}
// RFC2821
// 4.1.2
// Should pass
_ ('escaped\"[EMAIL PROTECTED]');
// 4.5.3.1
// should both fail
_ ('this-local-part-is-over-64-chars-in-length-'
.'[EMAIL PROTECTED]', true);
_ ('test@'.str_repeat('d', 256).'.com', true);
// RFC2822 ('=' and '?' still fail as of PHP 5.3.0alpha3-dev)
_ ("!#$%&'*+-/=.?^_`{|[EMAIL PROTECTED]");
Previous Comments:
------------------------------------------------------------------------
[2008-09-17 12:41:05] matt at mattfarina dot com
RFC 2822 allows for email addresses like [EMAIL PROTECTED] or
[EMAIL PROTECTED] But, RFC 2821 (SMTP Standard) does not allow for those.
See sections 4.1.2 and 4.13 for more detail.
The question with email addresses is should we support RFC 2822 or
2821? For routing FILTER_VALIDATE_EMAIL currently follows RFC 2821.
------------------------------------------------------------------------
[2008-09-16 20:00:59] matt at mattfarina dot com
Please correct me if I'm wrong but isn't localhost an alias and RFC
2822 requires a fully qualified domain name or IP address. That would be
the issue with [EMAIL PROTECTED]
------------------------------------------------------------------------
[2008-09-16 19:37:41] drewish at katherinehouse dot com
The current code also bounces valid email addresses like
"[EMAIL PROTECTED]". I haven't been able to test out the suggested regex.
------------------------------------------------------------------------
[2007-11-26 14:23:55] nobody at example dot org
Updated test, php_filter_validate_email() returns string on success.
Surely bool would be a more appropriate return value for a logic filter?
Updated regex above fixes the specific issue I was having, I'm
uncertain about other edge cases ([EMAIL PROTECTED]@example.org)?
--TEST--
Bug 43402, RFC2822 allows chars (?, =) in dot-atoms
--SKIPIF--
<?php if (!extension_loaded("filter")) die("skip"); ?>
--FILE--
<?php
$var="!#$%&'*+-/=.?^_`{|[EMAIL PROTECTED]";
var_dump((bool)filter_var($var, FILTER_VALIDATE_EMAIL));
?>
--EXPECT--
bool(true)
------------------------------------------------------------------------
[2007-11-26 11:34:19] nobody at example dot org
I may be missing something about the unit tests, following regex update
to php_filter_validate_email() will not pass my test case (after doing
rm ext/filter/tests/*.o ext/filter/tests/*.lo, clearing .out .log .exp
.diff from tests and doing make; make test).
const char regexp[] =
"/^((\\\"[^\\\"\\f\\n\\r\\t\\b]+\\\")|([\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}\\=\\?]+(\\.[\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}\\=\\?]+)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\\-])+\\.)+[A-Za-z\\-]+))$/D";
Yet the equivalent regex works as expected in both PHP and my patched
install.
<?php
error_reporting(E_ALL|E_STRICT);
function validate_email($_)
{
/* Original from PEAR QuickForm Email.php rev: 1.4 */
$r =
'/^((\"[^\"\f\n\r\t\v\b]+\")|([\w\!\#\$\%\&\'\*\+\-\~\/\^\`\|\{\}\=\?]+(\.[\w\!\#\$\%\&\'\*\+\-\~\/\^\`\|\{\}\=\?]+)*))@((\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\-])+\.)+[A-Za-z\-]+))$/D';
return (bool) preg_match($r, $_);
}
$test = array('[EMAIL PROTECTED]'=>true,
'[EMAIL PROTECTED]'=>false,
"!#$%&'*+-/=.?^_`{|[EMAIL PROTECTED]"=>true,
);
$failed = 0;
$fail = array();
foreach ($test as $k => $v){
if (!(validate_email($k) === $v)){
$failed++;
$fail[].= $k;
}
}
if ($failed > 0){
echo "Failed $failed of ",count($test), " tests using PHP func\n";
print_r($fail);
}
$failed = 0;
$fail = array();
foreach ($test as $k => $v){
if (!((bool)filter_var($k, FILTER_VALIDATE_EMAIL) == (bool)$v)){
$failed++;
$fail[].= $k;
}
}
if ($failed > 0){
echo "Failed $failed of ",count($test), " tests using filter
func\n";
print_r($fail);
}
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/43402
--
Edit this bug report at http://bugs.php.net/?id=43402&edit=1
