Opened 7 years ago
Closed 6 years ago
#44191 closed defect (bug) (duplicate)
is_email() function accepts non RFC822
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Formatting | Keywords: | |
Focuses: | Cc: |
Description
is_email() seems to declare non RFC822 compliant addresses as valid email address. The following email address came through a WooCommerce shop, the email address is altered.
faaanebencze.lujza.@…
due to the '.' at the end of the local part, the email address is not valid or RFC822, the logic shall be the follows
local-part = word *("." word)
still, the above mail address passes. (WooCommerce uses is_email() function to determine the email address validity.)
Attachments (1)
Change History (7)
#2
@
7 years ago
I was also surprised, but checked RFC822 and unfortunately you are wrong. Here it is RFC822
6.1. Syntax
local-part = word *("." word) ; uninterpreted ; case-preserved
3.3. LEXICAL TOKENS
word = atom / quoted-string
atom = 1*<any CHAR except specials, SPACE and CTLs>
Even though '.'
is no special per atom, it is special in the word *("." word)
rule, as at least one atom is expected as a word. So according to the specs foo.bar.@gmail.com
is incorrect, but foo.bar..@gmail.com
might be correct.
Would have never noticed, unless a client triggered this error and that resulted certain functions to fail. Guess that all Wordpress versions are affected, not just 4.7.
#4
@
6 years ago
- Keywords needs-patch added; has-patch removed
@arena We can't rely on filter_var
as the filter module might not be available in PHP, i.e. if PHP was compiled without the filter module. That's why you won't find any filter_var
calls in core.
IIRC Gmail doesn't care about dots, so email addresses like
foo.bar.@gmail.com
are valid. If someone uses that on a site, I would expect it to work.