Opened 13 years ago
Last modified 8 weeks ago
#17491 reopened defect (bug)
Make is_email() compliant with RFC5322 (updated by RFC6854)
Reported by: | arena | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | minor | Version: | 3.1.2 |
Component: | Formatting | Keywords: | has-patch dev-feedback needs-unit-tests is-email |
Focuses: | Cc: |
Description (last modified by )
is_email('toto.@…') returns true
Attachments (9)
Change History (51)
#2
@
13 years ago
- Keywords needs-patch added; dev-feedback removed
- Milestone changed from Awaiting Review to Future Release
- Severity changed from critical to minor
- Summary changed from is_email('toto.@toto.com') returns true !!!! to is_email('toto.@toto.com') returns true
Let's not get carried away.
#3
@
13 years ago
- Keywords has-patch added; needs-patch removed
Patch adds in the rest of the regex from http://www.regular-expressions.info/email.html for the local part.
#6
@
13 years ago
- Keywords dev-feedback added
Here is a new fix (#17491.patch) with code from the class swiftmailer
to comply with RFC2822
#7
follow-up:
↓ 8
@
13 years ago
- Resolution set to duplicate
- Status changed from new to closed
duplicate with #19759
#9
in reply to:
↑ 8
@
13 years ago
- Resolution duplicate deleted
- Status changed from closed to reopened
Replying to kawauso:
Are we closing an existing ticket with feedback and milestone in favour of a new one with a similar patch and issue or am I missing something?
I think arena may be trying to bump the ticket. Closing #19759 as duplicate - patch is exactly the same as #17491.patch.
#10
@
13 years ago
my purpose was not to bump but to clarify the situation with a more specific title : making is_email() compliant with rfc2822.
#11
@
13 years ago
- Summary changed from is_email('toto.@toto.com') returns true to Make is_email() compliant with RFC2822
#12
@
13 years ago
- Summary changed from Make is_email() compliant with RFC2822 to Make is_email() compliant with RFC2822 !
#13
@
13 years ago
- Description modified (diff)
- Summary changed from Make is_email() compliant with RFC2822 ! to Make is_email() compliant with RFC2822
No need, really. Especially for those of us with email threads.
#14
follow-up:
↓ 15
@
12 years ago
Have you considered simply adopting the Google solution? They offer a free PHP script for e-mail syntax validation.
#15
in reply to:
↑ 14
@
12 years ago
Replying to miqrogroove:
Have you considered simply adopting the Google solution? They offer a free PHP script for e-mail syntax validation.
any link to check that 'magic' google code , thanks
#16
@
12 years ago
Yes, it is here:
http://code.google.com/p/php-email-address-validation/
http://php-email-address-validation.googlecode.com/svn/trunk/
It has a New BSD license, so it should be GPL compatible?
#17
@
12 years ago
(Worth noting that's not actually a Google-written piece of code, it's just hosted on Google Code.)
#21
@
10 years ago
#17678 proposed this package: http://code.google.com/p/isemail/ (BSD-licensed and unit-tested)
Personally I don't see a huge need to add a 100% RFC compliant heavy package to do email validation, I'd rather stick to the side of fast, small, simple - That being said, I admit email validation doesn't follow that.
We already Test for leading and trailing periods and whitespace
in the $domain
part of the email, if we were to extend that to the $local
part of the email we'd cover the original issue here (and one that i've seen quite often).
This ticket was mentioned in Slack in #core-privacy by pepe. View the logs.
6 years ago
#25
@
6 years ago
I'm re-opening this ticket as it seems the most appropriate location to discuss RFC email compliance as was raised in #46343 recently. In that ticket it was flagged that plugins in some cases support "RFC : RFC822 (year 1982), 2822 (year 2001), 532x (year 2010), 653x (year 2012)" but these wouldn't be erasable as they don't currently pass the is_email check. I closed #46343 indicating as these are custom from core and to support these in the privacy tools they'd need to customize is_email there. That being said I wanted to re-open this ticket to look into support for the RFC compliant emails that currently aren't covered in core.
Thank you
@
6 years ago
Quoting @arena - "Here is the result applying the attached patch (is_email_new.patch) :"
#30
@
6 years ago
- Keywords dev-feedback 2nd-opinion added; is-email removed
Thanks @arena appreciate the patches. I'll be honest this is a bit out of my wheelhouse so am going to let others feedback. Cheers
P.S. I uploaded your screens to Trac for safekeeping.
#34
@
6 years ago
@achyuthajoy,
nice move, but out of scope of ticket subject !
WordPress is told to power more or less 10% of the web.
The wordpress open source dev community is obviously focused to fully support web standards.
In WP, you can use left to right and right to left languages but cannot use internationalized emails such as 用户@例子.广告 or θσερ@εχαμπλε.ψομ or अजय@डाटा.भारत
If you read #46343 (closed invalid) there is still a lot of work to do ...
RFC822 (year 1982), 2822 (year 2001), 532x (year 2010), 653x (year 2012)
The last one (internationalized emails, RFC6531) requires smtp mail server to support SMTPUTF8 extension (gmail as a smtp server does it very well). May be there are some external constraints that make this part of the wordpress code so stable (almost a decade) ! (maybe wordpress.com mail servers ?)
I expect to know more whenever the V2 privacy roadmap will be formalized : kick off, objectives, milestones, deadline ... (i googled it and all i found for now is this)
Regards
#35
@
6 years ago
Hi @arena as alot of tickets are being closed as duplicate in reference to this one and is_email and RFC compliance we might want to expand the title/scope here to be a general compliance ticket and tackle as many of them as can be done. Just my thought.
As to the Privacy Roadmap it can be found here - https://make.wordpress.org/core/roadmap/privacy/
Work has already started on the roadmap and you can see some tickets with strikethrough that have been addressed already. The objectives are outlined in the document. There are no milestones or deadlines just general direction.
- Not sure what you're looking to know from there but if something needs external resources then we'd want to avoid that from a privacy perspective and at worst use a wp.org server over a wp.com.
#36
follow-up:
↓ 43
@
6 years ago
just for your information,
Drupal Api is using egulias/EmailValidator
#37
@
18 months ago
- Summary changed from Make is_email() compliant with RFC2822 to Make is_email() compliant with RFC5322 (updated by RFC6854)
This ticket was mentioned in PR #7207 on WordPress/wordpress-develop by @brobken.
2 months ago
#38
I've seen an increased abuse on our different form plugins lately, which are basicly relying on this function as a basis to very if an e-mailaddress is valid.
I've added another RegEx that checks if there are misplaced periods in the local part of the e-mailaddress.
It checks wether if it has a dot at the start, end or a dot sequence.
This is based on the RFC5322 standard.
#39
follow-up:
↓ 40
@
2 months ago
I'm giving this one a bump as it seems strange that we don't have solutions for it yet. So giving my two cents, maybe we should try do this in small steps like the one I've created a PR for. More information can be found in the PR description on why I've suggested this.
Any feedback is welcome!
#40
in reply to:
↑ 39
@
8 weeks ago
Replying to brobken:
I'm giving this one a bump as it seems strange that we don't have solutions for it yet. So giving my two cents, maybe we should try do this in small steps like the one I've created a PR for. More information can be found in the PR description on why I've suggested this.
Any feedback is welcome!
I've uploaded an example of the abuse we're having because the registration forms can accept this kind of email address.
#41
follow-up:
↓ 42
@
8 weeks ago
A good step to move this forward would be to create a comprehensive set of automated tests so we can understand what works and what fails now. Perhaps another OSS project has one that is licensed in a way that we could include it in order to not need to create this ourselves.
#42
in reply to:
↑ 41
@
8 weeks ago
Replying to jorbin:
A good step to move this forward would be to create a comprehensive set of automated tests so we can understand what works and what fails now. Perhaps another OSS project has one that is licensed in a way that we could include it in order to not need to create this ourselves.
Do you mean extending these tests?
https://github.com/WordPress/wordpress-develop/blob/trunk/tests/phpunit/tests/formatting/isEmail.php
#43
in reply to:
↑ 36
@
8 weeks ago
Replying to arena:
just for your information,
Drupal Api is using egulias/EmailValidator
Would be a good starting point indeed. Would love to see improvements on this one as I think it's a crucial part of the Core.
toto.@… does not comply with RFC 2822