PHP :: Bug #55560 :: filter_var($e, FILTER_VALIDATE_EMAIL) won't validate spaces in quoted strings

Bug #55560	filter_var($e, FILTER_VALIDATE_EMAIL) won't validate spaces in quoted strings
Submitted:	2011-09-01 11:38 UTC	Modified:	2011-09-02 10:55 UTC
From:	fredgandt at hotmail dot com	Assigned:
Status:	Closed	Package:	Mail related
PHP Version:	5.3SVN-2011-09-01 (SVN)	OS:	Windows XP (SP3)
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	fredgandt at hotmail dot com
New email:
PHP Version:		OS:

New Comment:

[2011-09-01 11:38 UTC] fredgandt at hotmail dot com

Description:
------------
---
From manual page: http://www.php.net/filter.filters.validate
---
IMPORTANT: I am a learner. Sorry if I am wasting your time. Also GoDaddy don't 
supply much in the way of detail about what version is running. All I know is 
that it is 5.3.? I have asked for the rest but am still waiting.

Using filter_var($e, FILTER_VALIDATE_EMAIL) where $e is a submitted email 
address that according to RFC 5321 and Wikipedias clearer to understand 
interpretation of it should be considered valid, the return can be invalid where 
spaces are featured within quoted strings.

e.g.

A-Za-z0-9."?Oooh![what]{fun}|is|!".gladthisisn'tmyaddress@[32.64.128.1] == valid 
(impressive)

"Fred Gandt"@fredgandt.com == invalid

Take the space out and "FredGandt"@fredgandt.com == valid

I've tested all the most unusual combinations I can think of and 
FILTER_VALIDATE_EMAIL seems to only fail with spaces being disallowed outright 
rather than only being disallowed when not enclosed by quotes (as with other 
otherwise disallowed chars).

If my interpretation of RFC 5321 is wrong and spaces are in fact never allowed 
(even when enclosed by quotes) please forgive my impertinence.

Love PHP. Very slick and user friendlyness abounds!



Test script:
---------------
<html><body><br>
<form action="" method="post">
<input type="text" name="email" size="100">
<input type="submit" value="POST"><br><br>
<?php
$e=$_REQUEST["email"];
$result=filter_var($e, FILTER_VALIDATE_EMAIL);
if($result){echo($e."<br><br><b style=\"color:#008800;\">Valid Email Address</b>");}
else{echo($e."<br><br><b style=\"color:#ff0000;\">Invalid Email Address</b>");}
?>
</form></body></html>

Expected result:
----------------
Test script provides form entry field "input type="text""

Fill in "textbox" with email address having a local-part with a quoted string 
containing spaces.

e.g. "Fred Gandt"@fredgandt.com

Submit

EXPECT: Return (echo) == Valid

Actual result:
--------------
OBSERVE: Return (echo) == Invalid

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-09-01 12:04 UTC] fredgandt at hotmail dot com

-Status: Open +Status: Closed

[2011-09-01 12:04 UTC] fredgandt at hotmail dot com

Really sorry. RFC is hard to read so I relied on Wikipedia (usually very good with 
this kind of thing). Spaces aren't ever allowed. Not even within quotes. Going to 
edit Wikipedia now instead of waste your time.
Forgive? ;-)

[2011-09-01 18:24 UTC] fredgandt at hotmail dot com

I reread and read some extra, edited and re-edited Wikipedia and now have to 
suggest reopening this bug report. It seems I was right in the first place: 
Quoted strings containing spaces should validate (return true).

See: http://tools.ietf.org/html/rfc3696#section-3 for confirmation.

\ \ \ \ @example.com FALSE incorrect since spaces can exist as slashed doublets

"abc def"@example.com FALSE incorrect

abc"123@456"xyz@example.com FALSE cannot find regulation stating that it should 
be invalid.

abc"123 456"xyz@example.com FLASE also should be valid (it seems)

abc"123"xyz@example.com FALSE also, so not a space issue but that the quotes are 
not outermost of the local-part

abc123xyz@example.c TRUE incorrect

\\\\\\\\@example.com FALSE incorrect since backslash can quote itself this 
should be accepted

I think there are a few problems need addressing (pun intended).

[2011-09-02 10:55 UTC] fredgandt at hotmail dot com

It seems that the function and filter work perfectly in all cases.

It was my misunderstanding of the regulations that was at fault. I have edited 
Wikipedia to show what is correct (never read so many regulations in my life!) and 
hope you'll forgive my rush to accuse. My intentions were to help not hinder.

Yours, Fred Gandt.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 13:01:29 2024 UTC