|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77089 An email with an invalid character passes filter_var validation
Submitted: 2018-10-31 15:26 UTC Modified: 2018-10-31 16:14 UTC
From: marco dot bagnaresi at golee dot it Assigned: cmb (profile)
Status: Not a bug Package: filter (PECL)
PHP Version: 7.1.23 OS: Windows
Private report: No CVE-ID: None
 [2018-10-31 15:26 UTC] marco dot bagnaresi at golee dot it
An email with an invalid character ' is filtered as a valid email.

Test script:
$email = "hello'";
$sanitized_email = filter_var($email, FILTER_SANITIZE_EMAIL);
$this->assertEquals($email,$sanitized_email,"The email should not be valid!");

Expected result:
The email should not pass validation.

Actual result:
The email is returned from the filter_var function.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2018-10-31 15:55 UTC] nospam at relianthost dot co dot uk

> Remove all characters except letters, digits and !#$%&'*+-=?^_`{|}~@.[].

This is not a bug, as the filter does as the documentation intended.
 [2018-10-31 16:07 UTC]
-Package: *Mail Related +Package: filter
 [2018-10-31 16:14 UTC]
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2018-10-31 16:14 UTC]
hello' is a valid email address according to RFC 5322[1].

[1] <>
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Dec 09 04:03:34 2021 UTC