Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Minor
-
Resolution: Fixed/Completed
-
Affects Version/s: 1.0
-
Fix Version/s: 1.6
-
Component/s: Core CiviCRM
-
Labels:
Description
The email validation regex in packages/Validate.php is too restrictive; according to RFC 2822, the following could be a perfectly valid email address:
" spaces! @s! \"escaped quotes!\" "@?ód?.pl
After searching a bit at regexlib.com[1] and seeing that all of the proposed patterns have problems, I suggest we drop the regex check and base the verification process on checking the existence of MX records and tests of the connection to the provided server on port 25 alone. Something like this (a piece of my very old code from another project):
function validEmail($email) {
$email = trim($email);
$parts = explode("@", $email);
if (count($parts) < 2)
$domain = array_pop($parts);
$mxhosts = array();
if (!checkdnsrr($domain)) { return false; }
if (getmxrr($domain, $mxhosts)) {
foreach ($mxhosts as $host) {
if (fsockopen($host, 25, $errno, $errstr, 30))
}
} else {
if (fsockopen($domain, 25, $errno, $errstr, 30))
}
return false;
}
I know there are issues with this approach (nonexistence of checkdnsrr() and getmxrr() on Windows machines, for one), but they might be worked around (by calling nslookup, for example).
I'm marking this as minor, as the vast majority of email addresses would pass our regex at the moment; still, from the technical point of view, the validation is too restrictive.
[1] http://regexlib.com/DisplayPatterns.aspx?cattabindex=0&categoryId=1