ID: 43402 Comment by: nobody at example dot org Reported By: nobody at example dot org Status: Open Bug Type: Filter related Operating System: * PHP Version: 5.2.5 New Comment:
I see no reason support for hostnames can't be added. filter_var ($addr, FILTER_VALIDATE_EMAIL, FILTER_PERMIT_NON_FQDNS); That's fine on a LAN and the additional flag stops web miscreants doing what would, if this were the default behaviour, otherwise be inevitable. Back on topic, FILTER_VALIDATE_EMAIL validates nothing. It fails to ensure an address is syntactically valid. <?php function _ ($_, $inv = false) { $bool = (filter_var ($_, FILTER_VALIDATE_EMAIL) === $_); echo (($inv)? !$bool: $bool)? 'OK ': 'ERR ', "$_\n"; } // RFC2821 // 4.1.2 // Should pass _ ('escaped\"[EMAIL PROTECTED]'); // 4.5.3.1 // should both fail _ ('this-local-part-is-over-64-chars-in-length-' .'[EMAIL PROTECTED]', true); _ ('test@'.str_repeat('d', 256).'.com', true); // RFC2822 ('=' and '?' still fail as of PHP 5.3.0alpha3-dev) _ ("!#$%&'*+-/=.?^_`{|[EMAIL PROTECTED]"); Previous Comments: ------------------------------------------------------------------------ [2008-09-17 12:41:05] matt at mattfarina dot com RFC 2822 allows for email addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] But, RFC 2821 (SMTP Standard) does not allow for those. See sections 4.1.2 and 4.13 for more detail. The question with email addresses is should we support RFC 2822 or 2821? For routing FILTER_VALIDATE_EMAIL currently follows RFC 2821. ------------------------------------------------------------------------ [2008-09-16 20:00:59] matt at mattfarina dot com Please correct me if I'm wrong but isn't localhost an alias and RFC 2822 requires a fully qualified domain name or IP address. That would be the issue with [EMAIL PROTECTED] ------------------------------------------------------------------------ [2008-09-16 19:37:41] drewish at katherinehouse dot com The current code also bounces valid email addresses like "[EMAIL PROTECTED]". I haven't been able to test out the suggested regex. ------------------------------------------------------------------------ [2007-11-26 14:23:55] nobody at example dot org Updated test, php_filter_validate_email() returns string on success. Surely bool would be a more appropriate return value for a logic filter? Updated regex above fixes the specific issue I was having, I'm uncertain about other edge cases ([EMAIL PROTECTED]@example.org)? --TEST-- Bug 43402, RFC2822 allows chars (?, =) in dot-atoms --SKIPIF-- <?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php $var="!#$%&'*+-/=.?^_`{|[EMAIL PROTECTED]"; var_dump((bool)filter_var($var, FILTER_VALIDATE_EMAIL)); ?> --EXPECT-- bool(true) ------------------------------------------------------------------------ [2007-11-26 11:34:19] nobody at example dot org I may be missing something about the unit tests, following regex update to php_filter_validate_email() will not pass my test case (after doing rm ext/filter/tests/*.o ext/filter/tests/*.lo, clearing .out .log .exp .diff from tests and doing make; make test). const char regexp[] = "/^((\\\"[^\\\"\\f\\n\\r\\t\\b]+\\\")|([\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}\\=\\?]+(\\.[\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}\\=\\?]+)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\\-])+\\.)+[A-Za-z\\-]+))$/D"; Yet the equivalent regex works as expected in both PHP and my patched install. <?php error_reporting(E_ALL|E_STRICT); function validate_email($_) { /* Original from PEAR QuickForm Email.php rev: 1.4 */ $r = '/^((\"[^\"\f\n\r\t\v\b]+\")|([\w\!\#\$\%\&\'\*\+\-\~\/\^\`\|\{\}\=\?]+(\.[\w\!\#\$\%\&\'\*\+\-\~\/\^\`\|\{\}\=\?]+)*))@((\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\-])+\.)+[A-Za-z\-]+))$/D'; return (bool) preg_match($r, $_); } $test = array('[EMAIL PROTECTED]'=>true, '[EMAIL PROTECTED]'=>false, "!#$%&'*+-/=.?^_`{|[EMAIL PROTECTED]"=>true, ); $failed = 0; $fail = array(); foreach ($test as $k => $v){ if (!(validate_email($k) === $v)){ $failed++; $fail[].= $k; } } if ($failed > 0){ echo "Failed $failed of ",count($test), " tests using PHP func\n"; print_r($fail); } $failed = 0; $fail = array(); foreach ($test as $k => $v){ if (!((bool)filter_var($k, FILTER_VALIDATE_EMAIL) == (bool)$v)){ $failed++; $fail[].= $k; } } if ($failed > 0){ echo "Failed $failed of ",count($test), " tests using filter func\n"; print_r($fail); } ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/43402 -- Edit this bug report at http://bugs.php.net/?id=43402&edit=1