ZF-5010: Zend_Validate_EmailAddress fails to reject certain invalid email addresses
Description
According to RFC 2822 (Section 3.2.4) - [http://www.ietf.org/rfc/rfc2822.txt], The local part of an e-mail address may consist of alphabetic and numeric characters, and the following characters: !, #, $, %, &, ', *, +, -, /, =, ?, ^, _, `, {, |, } and ~, possibly with dot separators (.), inside, but not at the start, end or next to another dot separator: {quote}dot-atom-text = 1atext *("." 1atext){quote}
The expression used in Zend_Validate_EmailAddress misses the "next to another dot separator" part. For example, the following e-mail address validates:
Abc..123@example.com
Further, according to RFC 2821 (Section 4.5.3.1) - [http://www.ietf.org/rfc/rfc2821.txt], {quote}The maximum total length of a user name or other local-part is 64 characters.{quote}
An email address with 65 characters in the local part validates.
Comments
Posted by Thomas Weidner (thomas) on 2008-12-08T12:22:49.000+0000
The second is no longer true.
Email addresses with more than 64 chars in the local part and more then 255 chars in the hostname part are no longer valid.
Posted by Thomas Weidner (thomas) on 2008-12-14T12:30:18.000+0000
Fixed with r13253