php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55560 filter_var($e, FILTER_VALIDATE_EMAIL) won't validate spaces in quoted strings
Submitted: 2011-09-01 11:38 UTC Modified: 2011-09-02 10:55 UTC
From: fredgandt at hotmail dot com Assigned:
Status: Closed Package: Mail related
PHP Version: 5.3SVN-2011-09-01 (SVN) OS: Windows XP (SP3)
Private report: No CVE-ID: None
 [2011-09-01 11:38 UTC] fredgandt at hotmail dot com
Description:
------------
---
From manual page: http://www.php.net/filter.filters.validate
---
IMPORTANT: I am a learner. Sorry if I am wasting your time. Also GoDaddy don't 
supply much in the way of detail about what version is running. All I know is 
that it is 5.3.? I have asked for the rest but am still waiting.

Using filter_var($e, FILTER_VALIDATE_EMAIL) where $e is a submitted email 
address that according to RFC 5321 and Wikipedias clearer to understand 
interpretation of it should be considered valid, the return can be invalid where 
spaces are featured within quoted strings.

e.g.

A-Za-z0-9."?Oooh![what]{fun}|is|!".gladthisisn'tmyaddress@[32.64.128.1] == valid 
(impressive)

"Fred Gandt"@fredgandt.com == invalid

Take the space out and "FredGandt"@fredgandt.com == valid

I've tested all the most unusual combinations I can think of and 
FILTER_VALIDATE_EMAIL seems to only fail with spaces being disallowed outright 
rather than only being disallowed when not enclosed by quotes (as with other 
otherwise disallowed chars).

If my interpretation of RFC 5321 is wrong and spaces are in fact never allowed 
(even when enclosed by quotes) please forgive my impertinence.

Love PHP. Very slick and user friendlyness abounds!



Test script:
---------------
<html><body><br>
<form action="" method="post">
<input type="text" name="email" size="100">
<input type="submit" value="POST"><br><br>
<?php
$e=$_REQUEST["email"];
$result=filter_var($e, FILTER_VALIDATE_EMAIL);
if($result){echo($e."<br><br><b style=\"color:#008800;\">Valid Email Address</b>");}
else{echo($e."<br><br><b style=\"color:#ff0000;\">Invalid Email Address</b>");}
?>
</form></body></html>

Expected result:
----------------
Test script provides form entry field "input type="text""

Fill in "textbox" with email address having a local-part with a quoted string 
containing spaces.

e.g. "Fred Gandt"@fredgandt.com

Submit

EXPECT: Return (echo) == Valid

Actual result:
--------------
OBSERVE: Return (echo) == Invalid

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-09-01 12:04 UTC] fredgandt at hotmail dot com
-Status: Open +Status: Closed
 [2011-09-01 12:04 UTC] fredgandt at hotmail dot com
Really sorry. RFC is hard to read so I relied on Wikipedia (usually very good with 
this kind of thing). Spaces aren't ever allowed. Not even within quotes. Going to 
edit Wikipedia now instead of waste your time.
Forgive? ;-)
 [2011-09-01 18:24 UTC] fredgandt at hotmail dot com
I reread and read some extra, edited and re-edited Wikipedia and now have to 
suggest reopening this bug report. It seems I was right in the first place: 
Quoted strings containing spaces should validate (return true).

See: http://tools.ietf.org/html/rfc3696#section-3 for confirmation.

\ \ \ \ @example.com FALSE incorrect since spaces can exist as slashed doublets

"abc def"@example.com FALSE incorrect

abc"123@456"xyz@example.com FALSE cannot find regulation stating that it should 
be invalid.

abc"123 456"xyz@example.com FLASE also should be valid (it seems)

abc"123"xyz@example.com FALSE also, so not a space issue but that the quotes are 
not outermost of the local-part

abc123xyz@example.c TRUE incorrect

\\\\\\\\@example.com FALSE incorrect since backslash can quote itself this 
should be accepted

I think there are a few problems need addressing (pun intended).
 [2011-09-02 10:55 UTC] fredgandt at hotmail dot com
It seems that the function and filter work perfectly in all cases.

It was my misunderstanding of the regulations that was at fault. I have edited 
Wikipedia to show what is correct (never read so many regulations in my life!) and 
hope you'll forgive my rush to accuse. My intentions were to help not hinder.

Yours, Fred Gandt.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri Sep 24 04:03:36 2021 UTC