Grokbase Groups PHP pear-bugs October 2009
FAQ
Edit report at http://pear.php.net/bugs/bug.php?id=16700&edit=1

ID: 16700
Updated by: [email protected]
Reported By: g dot schuster at laxit dot com
Summary: Invalid characters allowed in RFC822 validation
-Status: Open
+Status: Bogus
Type: Bug
Package: Validate
Operating System: Irrelevant
Package Version: CVS
PHP Version: Irrelevant
Roadmap Versions:
New Comment:

-Status: Open
+Status: Bogus
I know this seem a little strange but that's the expected behavior.

According to RFC822 address specifications section the domain part of
an email address may contain any ASCII character (well, obviously other
than control characters, space and any of "()<>[]@.,;:\")

However this is in contrary with RFC1034 which specifies that domain
names can only
contain alphanumerics, hyphen and dot.

I got your point, but use_rfc822 option is doing what it says. Please
use the non-RFC822 mode if you really don't need that level of
validation.

P.S: Please use

Validate::email($email, array("use_rfc822" => true))

Instead of

Validate::__emailRFC822($email)

Calling methods starting with __ is a bad practice, those methods are
for internal purposes only. A new release of package with that method
removed/renamed/changed-behavior may break your code.


Previous Comments:
------------------------------------------------------------------------

[2009-10-14 23:01:18] gschuster

Description:
------------
The __emailRFC822 function allows, at least, one illegal character in
the domain name.
In my case it is the ^ character, a user had appended it to the domain
part of his email address.
As this is not an allowed character in the domain part the SMTP server
denied the email - so Pear_Validate should return "false".

Tested against beta and latest CVS, both have this problem.

Test script:
---------------
require_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Validate.php';

$email = '[email protected]^';
$options = array();
var_dump(Validate::__emailRFC822($email, $options));

Expected result:
----------------
bool(false)

Actual result:
--------------
bool(true)

------------------------------------------------------------------------

Search Discussions

  • G Schuster at Oct 14, 2009 at 11:33 pm
    Edit report at http://pear.php.net/bugs/bug.php?id=16700&edit=1

    ID: 16700
    Updated by: [email protected]
    Reported By: g dot schuster at laxit dot com
    Summary: Invalid characters allowed in RFC822 validation
    Status: Bogus
    Type: Bug
    Package: Validate
    Operating System: Irrelevant
    Package Version: CVS
    PHP Version: Irrelevant
    Roadmap Versions:
    New Comment:

    Hm, OK, I checked the RFC (sorry for not doing that before) and you're
    right.
    What the hell did the RFC writer think...
    I think I'm gonna break with the RFC and correct that as it's critical
    in my case.

    Regarding your "PS" - I just used it in the sample code for simplicity,
    I'd never use a non-static (and even private or at least protected,
    according to __) method that way.


    Previous Comments:
    ------------------------------------------------------------------------

    [2009-10-15 00:17:03] amir

    -Status: Open
    +Status: Bogus
    I know this seem a little strange but that's the expected behavior.

    According to RFC822 address specifications section the domain part of
    an email address may contain any ASCII character (well, obviously other
    than control characters, space and any of "()<>[]@.,;:\")

    However this is in contrary with RFC1034 which specifies that domain
    names can only
    contain alphanumerics, hyphen and dot.

    I got your point, but use_rfc822 option is doing what it says. Please
    use the non-RFC822 mode if you really don't need that level of
    validation.

    P.S: Please use

    Validate::email($email, array("use_rfc822" => true))

    Instead of

    Validate::__emailRFC822($email)

    Calling methods starting with __ is a bad practice, those methods are
    for internal purposes only. A new release of package with that method
    removed/renamed/changed-behavior may break your code.

    ------------------------------------------------------------------------

    [2009-10-14 23:01:18] gschuster

    Description:
    ------------
    The __emailRFC822 function allows, at least, one illegal character in
    the domain name.
    In my case it is the ^ character, a user had appended it to the domain
    part of his email address.
    As this is not an allowed character in the domain part the SMTP server
    denied the email - so Pear_Validate should return "false".

    Tested against beta and latest CVS, both have this problem.

    Test script:
    ---------------
    require_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Validate.php';

    $email = '[email protected]^';
    $options = array();
    var_dump(Validate::__emailRFC822($email, $options));

    Expected result:
    ----------------
    bool(false)

    Actual result:
    --------------
    bool(true)

    ------------------------------------------------------------------------

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppear-bugs @
categoriesphp
postedOct 14, '09 at 10:17p
activeOct 14, '09 at 11:33p
posts2
users2
websitepear.php.net

2 users in discussion

Amirsaied: 1 post G Schuster: 1 post

Content

People

Support

Translate

site design / logo © 2023 Grokbase