ID: 43402 Comment by: alexanderpas at yahoo dot co dot uk Reported By: nobody at example dot org Status: Open Bug Type: Filter related Operating System: * PHP Version: 5.2.5 New Comment:
RFC5322 is out, which obsoletes RFC2822 http://tools.ietf.org/html/rfc5322 Previous Comments: ------------------------------------------------------------------------ [2008-09-22 16:01:39] nobody at example dot org I see no reason support for hostnames can't be added. filter_var ($addr, FILTER_VALIDATE_EMAIL, FILTER_PERMIT_NON_FQDNS); That's fine on a LAN and the additional flag stops web miscreants doing what would, if this were the default behaviour, otherwise be inevitable. Back on topic, FILTER_VALIDATE_EMAIL validates nothing. It fails to ensure an address is syntactically valid. <?php function _ ($_, $inv = false) { $bool = (filter_var ($_, FILTER_VALIDATE_EMAIL) === $_); echo (($inv)? !$bool: $bool)? 'OK ': 'ERR ', "$_\n"; } // RFC2821 // 4.1.2 // Should pass _ ('escaped\"[EMAIL PROTECTED]'); // 4.5.3.1 // should both fail _ ('this-local-part-is-over-64-chars-in-length-' .'[EMAIL PROTECTED]', true); _ ('test@'.str_repeat('d', 256).'.com', true); // RFC2822 ('=' and '?' still fail as of PHP 5.3.0alpha3-dev) _ ("!#$%&'*+-/=.?^_`{|[EMAIL PROTECTED]"); ------------------------------------------------------------------------ [2008-09-17 12:41:05] matt at mattfarina dot com RFC 2822 allows for email addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] But, RFC 2821 (SMTP Standard) does not allow for those. See sections 4.1.2 and 4.13 for more detail. The question with email addresses is should we support RFC 2822 or 2821? For routing FILTER_VALIDATE_EMAIL currently follows RFC 2821. ------------------------------------------------------------------------ [2008-09-16 20:00:59] matt at mattfarina dot com Please correct me if I'm wrong but isn't localhost an alias and RFC 2822 requires a fully qualified domain name or IP address. That would be the issue with [EMAIL PROTECTED] ------------------------------------------------------------------------ [2008-09-16 19:37:41] drewish at katherinehouse dot com The current code also bounces valid email addresses like "[EMAIL PROTECTED]". I haven't been able to test out the suggested regex. ------------------------------------------------------------------------ [2007-11-26 14:23:55] nobody at example dot org Updated test, php_filter_validate_email() returns string on success. Surely bool would be a more appropriate return value for a logic filter? Updated regex above fixes the specific issue I was having, I'm uncertain about other edge cases ([EMAIL PROTECTED]@example.org)? --TEST-- Bug 43402, RFC2822 allows chars (?, =) in dot-atoms --SKIPIF-- <?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php $var="!#$%&'*+-/=.?^_`{|[EMAIL PROTECTED]"; var_dump((bool)filter_var($var, FILTER_VALIDATE_EMAIL)); ?> --EXPECT-- bool(true) ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/43402 -- Edit this bug report at http://bugs.php.net/?id=43402&edit=1
