php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47270 Invalid email address allowed as valid
Submitted: 2009-02-02 09:44 UTC Modified: 2009-02-02 18:23 UTC
From: jason at netmums dot com Assigned:
Status: Not a bug Package: Filter related
PHP Version: 5.2.8 OS: RHEL 5.3
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
37 - 35 = ?
Subscribe to this entry?

 
 [2009-02-02 09:44 UTC] jason at netmums dot com
Description:
------------
An email address is submitted to filter_var and returned as valid 
despite the domain being invalid. There are no single character top-
level domains.

Reproduce code:
---------------
$email = 'testuser@hotmail.co.u';
if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
echo "Invalid email address.";
} else {
echo "Valid email address.";
}



Expected result:
----------------
Invalid email address.

Actual result:
--------------
Valid email address.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-02-02 14:23 UTC] johannes@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

That domain might exist at your network.
 [2009-02-02 15:30 UTC] jason at netmums dot com
Thanks, perhaps a flag could be added to test against valid public TLDs 
supported by IANA versus technically valid internal addresses?
 [2009-02-02 18:23 UTC] johannes@php.net
Just checking TLD isn't enough - actually we'd have to make a NS lookup but that's certainly outside the things of filter. The filter is for making sure nothing bad happens when using the value not checking whether the user couldn't type his name.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon Jan 17 18:03:34 2022 UTC