ID: 43402
User updated by: nobody at example dot org
Reported By: nobody at example dot org
Status: Open
Bug Type: Filter related
Operating System: N/A
PHP Version: 5.2.5
New Comment:
--TEST--
PMOPB-45-2007:PHP ext/filter Email Validation Vulnerability
--SKIPIF--
<?php if (!extension_loaded("filter")) die("skip"); ?>
--FILE--
<?php
$var = "[EMAIL PROTECTED]";
var_dump(filter_var($var, FILTER_VALIDATE_EMAIL));
?>
--EXPECT--
bool(false)
Previous Comments:
------------------------------------------------------------------------
[2007-11-25 23:42:35] nobody at example dot org
Adding test.
------------------------------------------------------------------------
[2007-11-25 22:22:59] nobody at example dot org
Description:
------------
The regex used in php_filter_validate_email does not permit all valid
atom chars from RFC2822 (eg: ASCII 61, 63).
Reproduce code:
---------------
<?php
$valid="!#$%&'*+-/=.?^_`{|[EMAIL PROTECTED]";
echo filter_var($valid, FILTER_VALIDATE_EMAIL)? 'Valid': 'Invalid',
"\n";
Expected result:
----------------
Valid
Actual result:
--------------
Invalid
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=43402&edit=1
