php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #47270 Invalid email address allowed as valid
Submitted: 2009-02-02 09:44 UTC Modified: 2009-02-02 18:23 UTC
From: jason at netmums dot com Assigned:
Status: Not a bug Package: Filter related
PHP Version: 5.2.8 OS: RHEL 5.3
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jason at netmums dot com
New email:
PHP Version: OS:

 

 [2009-02-02 09:44 UTC] jason at netmums dot com 
Description:
------------
An email address is submitted to filter_var and returned as valid 
despite the domain being invalid. There are no single character top-
level domains.

Reproduce code:
---------------
$email = 'testuser@hotmail.co.u';
if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
echo "Invalid email address.";
} else {
echo "Valid email address.";
}



Expected result:
----------------
Invalid email address.

Actual result:
--------------
Valid email address.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-02-02 14:23 UTC] johannes@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

That domain might exist at your network.
 [2009-02-02 15:30 UTC] jason at netmums dot com 
Thanks, perhaps a flag could be added to test against valid public TLDs 
supported by IANA versus technically valid internal addresses?
 [2009-02-02 18:23 UTC] johannes@php.net 
Just checking TLD isn't enough - actually we'd have to make a NS lookup but that's certainly outside the things of filter. The filter is for making sure nothing bad happens when using the value not checking whether the user couldn't type his name.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 23:01:28 2024 UTC