ZF-5010: Zend_Validate_EmailAddress fails to reject certain invalid email addresses


According to RFC 2822 (Section 3.2.4) - [http://www.ietf.org/rfc/rfc2822.txt], The local part of an e-mail address may consist of alphabetic and numeric characters, and the following characters: !, #, $, %, &, ', *, +, -, /, =, ?, ^, _, `, {, |, } and ~, possibly with dot separators (.), inside, but not at the start, end or next to another dot separator: {quote}dot-atom-text = 1atext *("." 1atext){quote}

The expression used in Zend_Validate_EmailAddress misses the "next to another dot separator" part. For example, the following e-mail address validates:


Further, according to RFC 2821 (Section - [http://www.ietf.org/rfc/rfc2821.txt], {quote}The maximum total length of a user name or other local-part is 64 characters.{quote}

An email address with 65 characters in the local part validates.


The second is no longer true.

Email addresses with more than 64 chars in the local part and more then 255 chars in the hostname part are no longer valid.

Fixed with r13253