ID: 43402 Comment by: dominic dot sayers at gmail dot com Reported By: nobody at example dot org Status: Open Bug Type: Feature/Change Request Operating System: * PHP Version: 5.2.5 New Comment:
The 228 test cases I collated might help determine which approach to follow in resolving this. They can also be found at http://www.dominicsayers.com/isemail Both the test cases and the validation code are now GPL licensed at Damien's request. Previous Comments: ------------------------------------------------------------------------ [2009-04-06 15:59:53] damien at mc-kenna dot com An extremely detailed analysis of the various RFC requirements and errata has been compiled, along with CPAL 1.0-licensed code: http://www.dominicsayers.com/isemail/ If PHP is going to bother having any support for email validation it needs to be authoritative rather than "well this should work for most uses". ------------------------------------------------------------------------ [2008-10-01 10:16:49] alexanderpas at yahoo dot co dot uk RFC5322 is out, which obsoletes RFC2822 http://tools.ietf.org/html/rfc5322 ------------------------------------------------------------------------ [2008-09-22 16:01:39] nobody at example dot org I see no reason support for hostnames can't be added. filter_var ($addr, FILTER_VALIDATE_EMAIL, FILTER_PERMIT_NON_FQDNS); That's fine on a LAN and the additional flag stops web miscreants doing what would, if this were the default behaviour, otherwise be inevitable. Back on topic, FILTER_VALIDATE_EMAIL validates nothing. It fails to ensure an address is syntactically valid. <?php function _ ($_, $inv = false) { $bool = (filter_var ($_, FILTER_VALIDATE_EMAIL) === $_); echo (($inv)? !$bool: $bool)? 'OK ': 'ERR ', "$_\n"; } // RFC2821 // 4.1.2 // Should pass _ ('escaped\"qu...@example.org'); // 4.5.3.1 // should both fail _ ('this-local-part-is-over-64-chars-in-length-' .'and-therefore-not-va...@na.tld', true); _ ('test@'.str_repeat('d', 256).'.com', true); // RFC2822 ('=' and '?' still fail as of PHP 5.3.0alpha3-dev) _ ("!#$%&'*+-/=.?^_`{|}...@[1.0.0.127]"); ------------------------------------------------------------------------ [2008-09-17 12:41:05] matt at mattfarina dot com RFC 2822 allows for email addresses like u...@localhost or u...@example. But, RFC 2821 (SMTP Standard) does not allow for those. See sections 4.1.2 and 4.13 for more detail. The question with email addresses is should we support RFC 2822 or 2821? For routing FILTER_VALIDATE_EMAIL currently follows RFC 2821. ------------------------------------------------------------------------ [2008-09-16 20:00:59] matt at mattfarina dot com Please correct me if I'm wrong but isn't localhost an alias and RFC 2822 requires a fully qualified domain name or IP address. That would be the issue with f...@localhost. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/43402 -- Edit this bug report at http://bugs.php.net/?id=43402&edit=1
