When validating a hostname with ALLOW_LOCAL, like in the following code, host names containing invalid characters such as space, '!' and so on are valid:

$v = new Zend_Validate_Hostname(Zend_Validate_Hostname::ALLOW_LOCAL);
var_dump($v->isValid('www foo com'));

This is because of a mistake in the $regexLocal regular expression, which uses \x2e to mark '.' but this sequence is being resolved by PHP before preg compilation - so it behaves like an unescaped '.' in a regex - meaning any character is allowed instead of the dot separator.

The fix is easy - replace the double quotes encapsulating the regex with single quotes.

BTW this really makes our unit tests look poor.