Req #49576 [Com]: Filter var for validating email is not validating emails correctly

[alexsander dot rosa at gmail dot com]

Edit report at http://bugs.php.net/bug.php?id=49576&edit=1

 ID:                 49576
 Comment by:         alexsander dot rosa at gmail dot com
 Reported by:        mparkin at de-facto dot com
 Summary:            Filter var for validating email is not validating
                     emails correctly
 Status:             Closed
 Type:               Feature/Change Request
 Package:            *General Issues
 Operating System:   *
 PHP Version:        5.*, 6
 Assigned To:        rasmus
 Block user comment: N

 New Comment:

The format "usern...@box" for local networks IS allowed when the mail()
method is used. I quote RFC 5321: "local aliases MUST NOT appear in any
SMTP transaction." They say NOTHING about mail() method in the RFC.


Previous Comments:
------------------------------------------------------------------------
[2010-04-02 19:57:45] ras...@php.net

A much better RFC-compliant regex has been committed now.

------------------------------------------------------------------------
[2010-04-02 19:56:39] ras...@php.net

Automatic comment from SVN on behalf of rasmus
Revision: http://svn.php.net/viewvc/?view=revision&revision=297350
Log: Update the FILTER_VALIDATE_EMAIL filter to fix bug #49576

------------------------------------------------------------------------
[2010-04-02 07:40:29] ras...@php.net

Finally having a look at this.  Some of your cases are actually
incorrect 

according to RFC3696/RFC5322



For example.  ipinsteadofdom...@127.0.0.1 is not a valid email address
according 

to the RFC.  IPs in an email address must be in square brackets.  So it
should 

be ipinsteadofdom...@[127.0.0.1] for that one to be valid.  This is
valid under 

both RFC822 and RFC2822, but RFC3696 and RFC5322 updates those RFCs. 
And you 

can't have a port in it, so ipandp...@127.0.0.1:25 is invalid as well,
even if 

you added the square brackets.  Also we do not validate domains, so your
2 

examples of invalid TLDs are not relevant.



I'll have an update of the baked in regex soon, but it sounds like you
need to 

update the Kohana one as well.

------------------------------------------------------------------------
[2009-09-17 08:53:51] mparkin at de-facto dot com

Description:
------------
Filter_Var does not validate emails accurately enough, and false
positives are made. The regex needs improving - the regex we are using
in kohanaphp framework (with preg_match) is more accurate.



some more reading could be done here:



http://fightingforalostcause.net/misc/2006/compare-email-regex.php

Reproduce code:
---------------
http://codepad.org/UIrhI5ep

Expected result:
----------------
All emails in $valid are valid, all emails in $invalid are invalid.



A far more accurate regex can be found here:



http://dev.kohanaphp.com/projects/kohana2/repository/entry/trunk/system/helpers/valid.php#L20

Actual result:
--------------
There are false positives and non failures.






------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=49576&edit=1