Edit report at https://bugs.php.net/bug.php?id=49576&edit=1
ID: 49576 Comment by: le...@php.net Reported by: mparkin at de-facto dot com Summary: Filter var for validating email is not validating emails correctly Status: Wont fix Type: Feature/Change Request Package: *General Issues Operating System: * PHP Version: 5.* Assigned To: rasmus Block user comment: N Private report: N New Comment: Honestly, why can't we have an option to FILTER_VALIDATE_EMAIL to not require a TLD? I do write intranet applications and it would be useful. Adding an option does not break BC at all. Previous Comments: ------------------------------------------------------------------------ [2012-08-16 18:01:44] ras...@php.net I am not disagreeing that local domains are invalid per the RFC, but I do think that in most cases Web apps probably don't have a use for these cases since they don't resolve outside of the local environment. I suppose some Intranet web apps would find this useful, but the bulk of Internet apps would need to add a second check to make sure that it wasn't a non external SMTP-able address that validated. I would suggest that the few cases where you do want local single- domain addresses to validate you add a simple check in front of filter_var. They are easy to check for. ------------------------------------------------------------------------ [2012-08-16 16:48:28] damien dot regad at merckgroup dot com Going back to what grangeway posted 2 years ago, the filter still does not accept single-domain addresses: php > var_export( filter_var( 'user@localhost', FILTER_VALIDATE_EMAIL ) ); false I tested with PHP 5.3.10-1ubuntu3.2 with Suhosin-Patch (cli) on Ubuntu 12.04 However, if I understand well the ABNF[1] in the RFC specification [2], this should in fact be allowed (see sections 3.4.1 and 3.2.3 for details): addr-spec = local-part "@" domain domain = dot-atom / domain-literal / obs-domain dot-atom = [CFWS] dot-atom-text [CFWS] dot-atom-text = 1*atext *("." 1*atext) The last bit (dot-atom-text) says that there must be 1 or more chars followed by zero or more groups of ("." followed by 1 or more chars). It would be nice to have this fixed. Thanks in advance ! [1] http://en.wikipedia.org/wiki/Augmented_Backus%E2%80%93Naur_Form [2] http://tools.ietf.org/html/rfc5322 ------------------------------------------------------------------------ [2010-08-17 21:34:47] michael at squiloople dot com You might find this useful, taken directly from my article on E-mail address validation, in deciding whether or not to allow single-label domain names: "There is some confusion over whether or not single-label domain names are allowed â michael@squiloople, for example. People often cite the following section in RFC 5321 to argue that they are not allowed: "'Only resolvable, fully-qualified domain names (FQDNs) are permitted when domain names are used in SMTP. In other words, names that can be resolved to MX RRs or address (i.e., A or AAAA) RRs (as discussed in Section 5) are permitted, as are CNAME RRs whose targets can be resolved, in turn, to MX or address RRs. Local nicknames or unqualified names MUST NOT be used.' "The implicit premise here is that TLD-only domain names cannot be resolved to MX RRs. This is simply untrue: both checkdnsrr('ai', 'MX') and getmxrr('ai', $array) return true, showing that single-label domain names can, and do, resolve to MX RRs. Additionally, http://www.to/ is a valid, and active, domain. Therefore, michael@squiloople is valid (although in this example, âsquiloopleâ is not a TLD). "And as an extra note, hereâs another excerpt from RFC 5321: "'In the case of a top-level domain used by itself in an email address, a single string is used without any dots.'" ------------------------------------------------------------------------ [2010-08-15 02:09:23] paj...@php.net Have you tried with 5.2.14 or 5.3.3? ------------------------------------------------------------------------ [2010-08-14 21:10:33] grangeway at hotmail dot com Additionally: 1) at the moment, I believe the current regex does not allow fred@com as an email address. Albeit, it's going back almost 10 years now - I'm pretty sure I received an email from someone @tld, complaining that a regex did not allow their valid email address to sign up. 2) The issue the user hit is the phpmailer class contains the following code to validate email addresses against FILTER_VALIDATE_EMAIL regardless of whether SMTP or mail() is the sending method. 550 public static function ValidateAddress($address) { 551 if (function_exists('filter_var')) { //Introduced in PHP 5.2 ... else regex ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=49576 -- Edit this bug report at https://bugs.php.net/bug.php?id=49576&edit=1