php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #77089 An email with an invalid character passes filter_var validation
Submitted: 2018-10-31 15:26 UTC Modified: 2018-10-31 16:14 UTC
From: marco dot bagnaresi at golee dot it Assigned: cmb (profile)
Status: Not a bug Package: filter (PECL)
PHP Version: 7.1.23 OS: Windows
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: marco dot bagnaresi at golee dot it
New email:
PHP Version: OS:

 

 [2018-10-31 15:26 UTC] marco dot bagnaresi at golee dot it 
Description:
------------
An email with an invalid character ' is filtered as a valid email.

Test script:
---------------
$email = "hello'@world.it";
$sanitized_email = filter_var($email, FILTER_SANITIZE_EMAIL);
$this->assertEquals($email,$sanitized_email,"The email should not be valid!");

Expected result:
----------------
The email should not pass validation.

Actual result:
--------------
The email is returned from the filter_var function.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-10-31 15:55 UTC] nospam at relianthost dot co dot uk 
See: https://secure.php.net/manual/en/filter.filters.sanitize.php

> FILTER_SANITIZE_EMAIL
> Remove all characters except letters, digits and !#$%&'*+-=?^_`{|}~@.[].

This is not a bug, as the filter does as the documentation intended.
 [2018-10-31 16:07 UTC] cmb@php.net
-Package: *Mail Related +Package: filter
 [2018-10-31 16:14 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2018-10-31 16:14 UTC] cmb@php.net 
hello'@world.it is a valid email address according to RFC 5322[1].

[1] <https://tools.ietf.org/html/rfc5322>
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue May 13 12:01:27 2025 UTC