php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #47270 Invalid email address allowed as valid
Submitted: 2009-02-02 09:44 UTC Modified: 2009-02-02 18:23 UTC
From: jason at netmums dot com Assigned:
Status: Not a bug Package: Filter related
PHP Version: 5.2.8 OS: RHEL 5.3
Private report: No CVE-ID: None
View Developer Edit
 [2009-02-02 09:44 UTC] jason at netmums dot com 
Description:
------------
An email address is submitted to filter_var and returned as valid 
despite the domain being invalid. There are no single character top-
level domains.

Reproduce code:
---------------
$email = 'testuser@hotmail.co.u';
if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
echo "Invalid email address.";
} else {
echo "Valid email address.";
}



Expected result:
----------------
Invalid email address.

Actual result:
--------------
Valid email address.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-02-02 14:23 UTC] johannes@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

That domain might exist at your network.
 [2009-02-02 15:30 UTC] jason at netmums dot com 
Thanks, perhaps a flag could be added to test against valid public TLDs 
supported by IANA versus technically valid internal addresses?
 [2009-02-02 18:23 UTC] johannes@php.net 
Just checking TLD isn't enough - actually we'd have to make a NS lookup but that's certainly outside the things of filter. The filter is for making sure nothing bad happens when using the value not checking whether the user couldn't type his name.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Oct 26 03:00:01 2025 UTC