Edit report at https://bugs.php.net/bug.php?id=53395&edit=1
ID: 53395 Comment by: al at hosteurope dot de Reported by: edanpr at gmail dot com Summary: FILTER_VALIDATE_EMAIL return false on valid emails Status: Not a bug Type: Bug Package: Filter related Operating System: debian PHP Version: 5.3.3 Block user comment: N Private report: N New Comment: According to the DENIC Guidelines a hyphen is allowed on very position except on the third and fourth position: See: http://www.denic.de/en/denic-domain-guidelines.html V. In addition to the TLD ending ".de", a domain may only be comprised of digits (0â9), hyphens, the letters A-Z of the Latin alphabet and the other letters listed in the Annex. It may neither begin nor end with a hyphen, nor may it have a hyphen as both its third and fourth characters. No distinction is made between upper and lower case. The minimum length of a domain is one character and its maximum length is 63 characters; if the domain includes characters listed in the Annex, the decisive criterion for determining the maximum length is the so- called ACE-encoded form of the domain as defined in Request for Comments 5890. So please fix this asap, or the filter_vars function is very useless. Previous Comments: ------------------------------------------------------------------------ [2010-11-25 09:47:33] edanpr at gmail dot com I think it's very easy to answer this question. Filter according to real-world cases, otherwise, you are making this function useless. People expect to use this function to validate email, if this function return false on valid emails, we got a problem and this function becomes useless. I already had to add a secondary check in my email validation function to support multiple dashes domains. ------------------------------------------------------------------------ [2010-11-25 06:41:31] ras...@php.net This comes back to whether we filter according to spec or we filter according to real-world cases that go against the spec. The problem with the latter is that it is not a finite problem. If we go by the spec we can simply follow the spec and we are done. But yes, you are right, there are domains out there that are not legal according to the RFCs but have still been issued for whatever reason. 2 hyphens is definitely not valid in non-IDN domain names. ------------------------------------------------------------------------ [2010-11-25 04:39:27] edanpr at gmail dot com Ok, 2 dots is wrong, but double dash is still a valid domain which means users can have email there. a--b.com - real domain h--t.com - real domain ------------------------------------------------------------------------ [2010-11-25 04:06:44] ahar...@php.net filter_var() is right in both cases here: domain names can only include consecutive hyphens when being used for internationalised domains (which implies that the name is of the form xn--XXX), and the local part of an e-mail address can't include consecutive dots, per the grammar in RFC 5322. ------------------------------------------------------------------------ [2010-11-24 12:58:10] edanpr at gmail dot com Description: ------------ In php 5.3.3 using filter_var to validate email (FILTER_VALIDATE_EMAIL) that got more than one period (.) or dash (-) results in error while in 5.3.2 it didn't. t...@h--t.com will return false on 5.3.3 and true on 5.3.2 t.....@test.com will return false on 5.3.3 and true on 5.3.2 Test script: --------------- <? $adr1 = 't.....@test.com'; $adr2 = 't...@h--t.com'; var_dump(filter_var($adr1, FILTER_VALIDATE_EMAIL)); var_dump(filter_var($adr2, FILTER_VALIDATE_EMAIL)); Expected result: ---------------- string(15) "t.....@test.com" string(13) "t...@h--t.com" Actual result: -------------- bool(false) bool(false) ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=53395&edit=1