php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69844 FILTER_VALIDATE_EMAIL rejects unusual but valid addresses
Submitted: 2015-06-15 22:22 UTC Modified: 2015-06-16 14:39 UTC
From: grzegorz129 at gmail dot com Assigned:
Status: Not a bug Package: Filter related
PHP Version: 7.0.0alpha1 OS: Any
Private report: No CVE-ID: None
 [2015-06-15 22:22 UTC] grzegorz129 at gmail dot com
Description:
------------
Some weird (but still perfectly valid) e-mail addresses are rejected by filter_var with FILTER_VALIDATE_EMAIL filter.
I've got sample data from https://en.wikipedia.org/wiki/Email_address#Valid_email_addresses

While support for comments was mention before I was unable to find any references to spaces.

Test script:
---------------
$emails = array(
    'test@example.com',
    'test.derp@example.com',
    'test+nick@example.com',
    'abc."defghi".xyz@example.com',
    '"abcdefghixyz"@example.com',
    'jsmith@[192.168.2.1]',
    'jsmith@[IPv6:2001:db8::1]',
'long.but.still.perfectly.valid.email.address@on.even.longer.domain.name.owned.by.some.weird.name.company.which.name.you.cannot.pronounce.com',
    'other.email-with-dash@example.com',
    '"much.more unusual"@example.com',
    '"very.unusual.@.unusual.com"@example.com',
    '"very.(),:;<>[]\".VERY.\"very@\\ \"very\".unusual"@strange.example.com',
    'admin@mailserver1 (local domain name with no TLD)',
    '#!$%&\'*+-/=?^_`{}|~@example.org',
    '"()<>[]:,;@\\\"!#$%&\'*+-/=?^_`{}| ~.a"@example.org',
    '" "@example.org (space between the quotes)',
    '☃☃☃@example.com (Unicode characters in local part)',
    '☃☃☃@☃☃☃.com (Unicode characters in domain part)',
    'new@domain.pizza'
);

foreach ($emails as $email) {
    echo (filter_var($email, FILTER_VALIDATE_EMAIL)) ? 
        "[+] Email $email is valid\n" : 
        "[-] Email $email is NOT valid\n";
}

Actual result:
--------------
http://3v4l.org/qTsVc

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-06-16 14:39 UTC] rasmus@php.net
-Status: Open +Status: Not a bug
 [2015-06-16 14:39 UTC] rasmus@php.net
This is working as documented. We validate according to RFC822 and don't allow IDNs. The simple work-around if you want IDN support is to call idn_to_ascii() first.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 01 17:01:32 2024 UTC