Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#53130 closed defect (bug) (fixed)

is_email() and sanitize_email() differ.

Reported by: duisterdenhaag's profile DuisterDenHaag Owned by: desrosj's profile desrosj
Milestone: 5.8 Priority: normal
Severity: normal Version: 5.5
Component: Formatting Keywords: commit
Focuses: Cc:

Description (last modified by SergeyBiryukov)

According to sanitize_email() and FILTER_SANITIZE_EMAIL and FILTER_VALIDATE_EMAIL a plus sign (+) is a valid character in an email address. Yet is_email() will fail. (

Why is the validity for is_email() different from sanitize_email()?

Before reporting this, I found two related issues: #47467 and [48645].

Since PHPMailer is using is_email() all valid addresses with a + will result in an error.

Attachments (1)

53130.diff (479 bytes) - added by desrosj 3 years ago.

Download all attachments as: .zip

Change History (7)

#1 @SergeyBiryukov
3 years ago

  • Description modified (diff)

#2 follow-up: @ayeshrajans
3 years ago

  • Keywords needs-patch removed

is_email function does accept email addresses with the plus sign.


Note the function returns the original email address on email addresses this function deems correct. If the is_email function returns false for you on such email address, it is possible that a plugin makes so by using is_email filter.

Last edited 3 years ago by SergeyBiryukov (previous) (diff)

#3 in reply to: ↑ 2 @SergeyBiryukov
3 years ago

  • Keywords close added

Replying to ayeshrajans:

is_email function does accept email addresses with the plus sign.


Just noting that I was able confirm, is_email() does treat this address as valid.

3 years ago

#4 @desrosj
3 years ago

  • Keywords commit added; close removed
  • Milestone changed from Awaiting Review to 5.8

53130.diff adds a test for an email with a +. I think it doesn't hurt to add to show it works (and continues to work).

#5 @desrosj
3 years ago

  • Component changed from Mail to Formatting

#6 @desrosj
3 years ago

  • Owner set to desrosj
  • Resolution set to fixed
  • Status changed from new to closed

In 50812:

Formatting: Verify emails with + characters are valid.

This adds an assertion to confirm that is_email() considers email addresses with a + valid.

Props SergeyBiryukov, ayeshrajans.
Fixes #53130.

Note: See TracTickets for help on using tickets.