php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #54233 PHP Filter email doesn't work properly
Submitted: 2011-03-11 22:43 UTC Modified: 2015-06-15 23:43 UTC
Votes:2
Avg. Score:4.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: flood at itnews-bg dot com Assigned: cmb (profile)
Status: Not a bug Package: Filter related
PHP Version: 5.3.5 OS: Slackware 13x86_64
Private report: No CVE-ID: None
View Developer Edit
 [2011-03-11 22:43 UTC] flood at itnews-bg dot com 
Description:
------------
Hey,

It seems the filter function is not working some times.
You can see in the test script that the email is returned as a valid though it's not quite.

Testing script:
<?php

$email = "?“?‰?“a‚¬?“?S?“a‚¬_?“a€??“a€¦?“??' this.is.a.testing@email.com";
var_dump(filter_var(filter_var($email,FILTER_SANITIZE_EMAIL), FILTER_VALIDATE_EMAIL));

?>



Test script:
---------------
<?php

$email = "?“?‰?“a‚¬?“?S?“a‚¬_?“a€??“a€¦?“??' this.is.a.testing@email.com";
var_dump(filter_var(filter_var($email,FILTER_SANITIZE_EMAIL), FILTER_VALIDATE_EMAIL));

?>

Expected result:
----------------
It should return a false boolean. This is not a valid email.

Actual result:
--------------
Returns an invalid email:
???a??S?a_?a??a???'this.is.a.testing@email.com

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-03-11 22:44 UTC] flood at itnews-bg dot com 
Hey,

It seems the filter function is not working some times.
You can see in the test script that the email is returned as a valid though it's not quite.
 [2011-03-12 12:14 UTC] carsten_sttgt at gmx dot de 
That's the correct behavior.
FILTER_SANITIZE_EMAIL on:
?“?‰?“a‚¬?“?S?“a‚¬_?“a€??“a€¦?“??' this.is.a.testing@email.com

results in:
???a??S?a_?a??a???'this.is.a.testing@email.com

and that's a valid email address according to (at least) RFC822
(sorry, don't know which RFC PHP is exactly using for FILTER_VALIDATE_EMAIL. Should be documented)
 [2011-03-15 10:42 UTC] cataphract@php.net
-Package: *General Issues +Package: Filter related
 [2012-04-08 07:25 UTC] michael at squiloople dot com 
That is a valid email address. "?", "'" and "_", ".", as well as letters and 
numbers are acceptable characters in an email address's local-part.

carsten_sttgt at gmx dot de, it uses RFC 5321 (more or less).
 [2015-06-15 23:43 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2015-06-15 23:43 UTC] cmb@php.net 
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

You shouldn't first sanitize and validate afterwards; that is
likely to give unexpected results. Either sanitize or validate.
See <http://3v4l.org/UXqdK>.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Oct 28 14:00:01 2025 UTC