WordPress.org

Make WordPress Core

Opened 4 weeks ago

Last modified 4 weeks ago

#44191 new defect (bug)

is_email() function accepts non RFC822

Reported by: vonsch Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.7
Component: General Keywords:
Focuses: Cc:

Description

is_email() seems to declare non RFC822 compliant addresses as valid email address. The following email address came through a WooCommerce shop, the email address is altered.

faaanebencze.lujza.@…

due to the '.' at the end of the local part, the email address is not valid or RFC822, the logic shall be the follows

local-part = word *("." word)

still, the above mail address passes. (WooCommerce uses is_email() function to determine the email address validity.)

Change History (2)

#1 @swissspidy
4 weeks ago

IIRC Gmail doesn't care about dots, so email addresses like foo.bar.@gmail.com are valid. If someone uses that on a site, I would expect it to work.

#2 @vonsch
4 weeks ago

I was also surprised, but checked RFC822 and unfortunately you are wrong. Here it is RFC822

6.1. Syntax
local-part = word *("." word) ; uninterpreted ; case-preserved

3.3. LEXICAL TOKENS
word = atom / quoted-string
atom = 1*<any CHAR except specials, SPACE and CTLs>

Even though '.' is no special per atom, it is special in the word *("." word) rule, as at least one atom is expected as a word. So according to the specs foo.bar.@gmail.com is incorrect, but foo.bar..@gmail.com might be correct.

Would have never noticed, unless a client triggered this error and that resulted certain functions to fail. Guess that all Wordpress versions are affected, not just 4.7.

Last edited 4 weeks ago by vonsch (previous) (diff)
Note: See TracTickets for help on using tickets.