php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80957 FILTER_VALIDATE_EMAIL and FILTER_SANITIZE_EMAIL are not unicode safe
Submitted: 2021-04-15 15:28 UTC Modified: 2021-04-15 15:37 UTC
From: gG5aKfc4w53QZ2Lq3dHWwY at mailinator dot com Assigned: cmb (profile)
Status: Duplicate Package: *Unicode Issues
PHP Version: 8.0.3 OS:
Private report: No CVE-ID: None
 [2021-04-15 15:28 UTC] gG5aKfc4w53QZ2Lq3dHWwY at mailinator dot com
Description:
------------
Using FILTER_VALIDATE_EMAIL and FILTER_SANITIZE_EMAIL produces incorrect results. In the first case, valid unicode emails are deemed invalid. In the second case, unicode characters are stripped from a valid unicode email.

Test script:
---------------
<?php

$email = 'Müller@example.org';
$isValid = filter_var($email, FILTER_VALIDATE_EMAIL);
if (!$isValid) {
    echo "Uh-oh, PHP thinks unicode email addresses are invalid \n";
}

$sanitized = filter_var($email, FILTER_SANITIZE_EMAIL);
if ($sanitized !== $email) {
    echo "Not only that, but it destroys valid emails while sanitizing: $sanitized \n";
}


Expected result:
----------------
No output is expected.

Actual result:
--------------
Uh-oh, PHP thinks unicode email addresses are invalid 
Not only that, but it destroys valid emails while sanitizing: Mller@example.org 


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-04-15 15:37 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2021-04-15 15:37 UTC] cmb@php.net
Duplicate of request #39469.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Sep 27 23:03:36 2021 UTC