Index: wp-includes/formatting.php =================================================================== --- wp-includes/formatting.php (revision 19680) +++ wp-includes/formatting.php (working copy) @@ -1532,9 +1532,10 @@ /** * Verifies that an email is valid. * - * Does not grok i18n domains. Not RFC compliant. + * To comply with addr-spec of RFC 2822. (3.4.1. Addr-spec specification page 16) + * code from swiftmailer.org * - * @since 0.71 + * @since 3.4 * * @param string $email Email address to verify. * @param boolean $deprecated Deprecated. @@ -1544,59 +1545,45 @@ if ( ! empty( $deprecated ) ) _deprecated_argument( __FUNCTION__, '3.0' ); - // Test for the minimum length the email can be - if ( strlen( $email ) < 3 ) { - return apply_filters( 'is_email', false, $email, 'email_too_short' ); - } + /*** Refer to RFC 2822 for ABNF grammar ***/ + + //All basic building blocks + $rfc2822['NO-WS-CTL'] = '[\x01-\x08\x0B\x0C\x0E-\x19\x7F]'; + $rfc2822['WSP'] = '[ \t]'; + $rfc2822['CRLF'] = '(?:\r\n)'; + $rfc2822['FWS'] = '(?:(?:' . $rfc2822['WSP'] . '*' . $rfc2822['CRLF'] . ')?' . $rfc2822['WSP'] . ')'; + $rfc2822['text'] = '[\x00-\x08\x0B\x0C\x0E-\x7F]'; + $rfc2822['quoted-pair'] = '(?:\\\\' . $rfc2822['text'] . ')'; + $rfc2822['ctext'] = '(?:' . $rfc2822['NO-WS-CTL'] . '|[\x21-\x27\x2A-\x5B\x5D-\x7E])'; + //Uses recursive PCRE (?1) -- could be a weak point?? + $rfc2822['ccontent'] = '(?:' . $rfc2822['ctext'] . '|' . $rfc2822['quoted-pair'] . '|(?1))'; + $rfc2822['comment'] = '(\((?:' . $rfc2822['FWS'] . '|' . $rfc2822['ccontent']. ')*' . $rfc2822['FWS'] . '?\))'; + $rfc2822['CFWS'] = '(?:(?:' . $rfc2822['FWS'] . '?' . $rfc2822['comment'] . ')*(?:(?:' . $rfc2822['FWS'] . '?' . $rfc2822['comment'] . ')|' . $rfc2822['FWS'] . '))'; + $rfc2822['qtext'] = '(?:' . $rfc2822['NO-WS-CTL'] . '|[\x21\x23-\x5B\x5D-\x7E])'; + $rfc2822['qcontent'] = '(?:' . $rfc2822['qtext'] . '|' . $rfc2822['quoted-pair'] . ')'; + $rfc2822['quoted-string'] = '(?:' . $rfc2822['CFWS'] . '?"' . '(' . $rfc2822['FWS'] . '?' . $rfc2822['qcontent'] . ')*' . $rfc2822['FWS'] . '?"' . $rfc2822['CFWS'] . '?)'; + $rfc2822['atext'] = '[a-zA-Z0-9!#\$%&\'\*\+\-\/=\?\^_`\{\}\|~]'; + $rfc2822['atom'] = '(?:' . $rfc2822['CFWS'] . '?' . $rfc2822['atext'] . '+' . $rfc2822['CFWS'] . '?)'; + $rfc2822['dot-atom-text'] = '(?:' . $rfc2822['atext'] . '+' . '(\.' . $rfc2822['atext'] . '+)*)'; + $rfc2822['dot-atom'] = '(?:' . $rfc2822['CFWS'] . '?' . $rfc2822['dot-atom-text'] . '+' . $rfc2822['CFWS'] . '?)'; + $rfc2822['word'] = '(?:' . $rfc2822['atom'] . '|' . $rfc2822['quoted-string'] . ')'; + $rfc2822['phrase'] = '(?:' . $rfc2822['word'] . '+?)'; + $rfc2822['no-fold-quote'] = '(?:"(?:' . $rfc2822['qtext'] . '|' . $rfc2822['quoted-pair'] . ')*")'; + $rfc2822['dtext'] = '(?:' . $rfc2822['NO-WS-CTL'] . '|[\x21-\x5A\x5E-\x7E])'; + $rfc2822['no-fold-literal'] = '(?:\[(?:' . $rfc2822['dtext'] . '|' . $rfc2822['quoted-pair'] . ')*\])'; + //Message IDs + $rfc2822['id-left'] = '(?:' . $rfc2822['dot-atom-text'] . '|' . $rfc2822['no-fold-quote'] . ')'; + $rfc2822['id-right'] = '(?:' . $rfc2822['dot-atom-text'] . '|' . $rfc2822['no-fold-literal'] . ')'; + //Addresses, mailboxes and paths + $rfc2822['local-part'] = '(?:' . $rfc2822['dot-atom'] . '|' . $rfc2822['quoted-string'] . ')'; + $rfc2822['dcontent'] = '(?:' . $rfc2822['dtext'] . '|' . $rfc2822['quoted-pair'] . ')'; + $rfc2822['domain-literal'] = '(?:' . $rfc2822['CFWS'] . '?\[(' . $rfc2822['FWS'] . '?' . $rfc2822['dcontent'] . ')*?' . $rfc2822['FWS'] . '?\]' . $rfc2822['CFWS'] . '?)'; + $rfc2822['domain'] = '(?:' . $rfc2822['dot-atom'] . '|' . $rfc2822['domain-literal'] . ')'; + $rfc2822['addr-spec'] = '(?:' . $rfc2822['local-part'] . '@' . $rfc2822['domain'] . ')'; - // Test for an @ character after the first position - if ( strpos( $email, '@', 1 ) === false ) { - return apply_filters( 'is_email', false, $email, 'email_no_at' ); - } + if (preg_match( '/^' . $rfc2822['addr-spec'] . '$/D', $email)) return apply_filters( 'is_email', $email, $email, null ); - // Split out the local and domain parts - list( $local, $domain ) = explode( '@', $email, 2 ); - - // LOCAL PART - // Test for invalid characters - if ( !preg_match( '/^[a-zA-Z0-9!#$%&\'*+\/=?^_`{|}~\.-]+$/', $local ) ) { - return apply_filters( 'is_email', false, $email, 'local_invalid_chars' ); - } - - // DOMAIN PART - // Test for sequences of periods - if ( preg_match( '/\.{2,}/', $domain ) ) { - return apply_filters( 'is_email', false, $email, 'domain_period_sequence' ); - } - - // Test for leading and trailing periods and whitespace - if ( trim( $domain, " \t\n\r\0\x0B." ) !== $domain ) { - return apply_filters( 'is_email', false, $email, 'domain_period_limits' ); - } - - // Split the domain into subs - $subs = explode( '.', $domain ); - - // Assume the domain will have at least two subs - if ( 2 > count( $subs ) ) { - return apply_filters( 'is_email', false, $email, 'domain_no_periods' ); - } - - // Loop through each sub - foreach ( $subs as $sub ) { - // Test for leading and trailing hyphens and whitespace - if ( trim( $sub, " \t\n\r\0\x0B-" ) !== $sub ) { - return apply_filters( 'is_email', false, $email, 'sub_hyphen_limits' ); - } - - // Test for invalid characters - if ( !preg_match('/^[a-z0-9-]+$/i', $sub ) ) { - return apply_filters( 'is_email', false, $email, 'sub_invalid_chars' ); - } - } - - // Congratulations your email made it! - return apply_filters( 'is_email', $email, $email, null ); + return apply_filters( 'is_email', false, $email, 'not_RFC_2822_compliant' ); } /**