php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #48718 FILTER_VALIDATE_EMAIL does not allow number
Submitted: 2009-06-29 12:39 UTC Modified: 2009-07-07 00:44 UTC
From: glj dot klomp at gmail dot com Assigned: iliaa
Status: Closed Package: Filter related
PHP Version: 5.2.10 OS: *
Private report: No CVE-ID:
 [2009-06-29 12:39 UTC] glj dot klomp at gmail dot com
Description:
------------
When supplying the filter_var() function with a domain containing a number at the front of the domain, and using a subdomain, the filter fails.

firstname.lastname@employee.2something.com - Failed
firstname.lastname@employee.something.com - Success
firstname.lastname@2something.com - Success

Reproduce code:
---------------
echo '<pre>', var_dump(filter_var('firstname.lastname@employee.2something.com', FILTER_VALIDATE_EMAIL)), '</pre>';

Expected result:
----------------
string(42) "firstname.lastname@employee.2something.com"


Actual result:
--------------
bool(false)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-07-02 06:32 UTC] sjoerd-php at linuxonly dot nl
diff -u -r1.1.2.22.2.12 logical_filters.c
--- ext/filter/logical_filters.c	10 Jun 2009 19:01:17 -0000	1.1.2.22.2.12
+++ ext/filter/logical_filters.c	1 Jul 2009 19:01:42 -0000
@@ -472,7 +472,7 @@
 void php_filter_validate_email(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 {
 	/* From http://cvs.php.net/co.php/pear/HTML_QuickForm/QuickForm/Rule/Email.php?r=1.4 */
-	const char regexp[] = "/^((\\\"[^\\\"\\f\\n\\r\\t\\b]+\\\")|([A-Za-z0-9_\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+(\\.[A-Za-z0-9_\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]*)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9])(([A-Za-z0-9\\-])*([A-Za-z0-9]))?(\\.(?=[A-Za-z\\-]))?)+[A-Za-z\\-]*))$/D";
+	const char regexp[] = "/^((\\\"[^\\\"\\f\\n\\r\\t\\b]+\\\")|([A-Za-z0-9_\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+(\\.[A-Za-z0-9_\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]*)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9])(([A-Za-z0-9\\-])*([A-Za-z0-9]))?(\\.(?=[A-Za-z0-9]))?)+[A-Za-z\\-]*))$/D";
 
 	pcre       *re = NULL;
 	pcre_extra *pcre_extra = NULL;
diff -u -N /home/sjoerd/dev/php/php-5.3.0/ext/filter/tests/bug48718.phpt ext/filter/tests/bug48718.phpt
--- /home/sjoerd/dev/php/php-5.3.0/ext/filter/tests/bug48718.phpt	1970-01-01 01:00:00.000000000 +0100
+++ ext/filter/tests/bug48718.phpt	2009-07-01 20:54:54.000000000 +0200
@@ -0,0 +1,11 @@
+--TEST--
+bug 48718, FILTER_VALIDATE_EMAIL does not allow number
+--SKIPIF--
+<?php if (!extension_loaded("filter")) die("skip"); ?>
+--FILE--
+<?php
+$email = 'test@mail.2php.net';
+var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
+?>
+--EXPECT--	
+string(18) "test@mail.2php.net"
 [2009-07-05 16:08 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2009-07-05 17:11 UTC] felipe@php.net
But now it accepts TLD containing numbers.
 [2009-07-06 14:57 UTC] sjoerd-php at linuxonly dot nl
Here is another regex for e-mail validation:
http://ex-parrot.com/~pdw/Mail-RFC822-Address.html

It is hard to get it right, at least with a regex.
 [2009-07-07 00:44 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 19:01:51 2014 UTC