ZF-12237: Illegal characters in email addresses are removed instead of refused

Issue Type: Bug Created: 2012-05-22T12:28:14.000+0000 Last Updated: 2012-05-22T12:28:14.000+0000 Status: Open Fix version(s): Reporter: Arnold Pistorius (arnoldpistorius) Assignee: Dolf Schimmel (Freeaqingme) (freak) Tags: - Zend_Mail

Related issues: Attachments:


When an email address is provided to the Zend_Mail class, it goes through the protected _filterEmail($email) function. This function removes illegal characters from provided addresses to the Zend_Mail class. It should throw an exception if the address contains illegal characters. The next case explains why:

A visitor (John Doe) submits a contact form, but has accidentally entered his email address with a comma instead of a dot:

john, (instead of

The Zend_Mail class puts this addres through the _filterEmail function, which removes the comma:

Now the email will be sent to the wrong email address.

Here's some code which replicates the problem:

$mail = new Zend_Mail(); $mail->addTo('youremailaddress,'); // this will be sent to $mail->setBodyText('Hello world'); $mail->setSubject('This should definately throw an exception'); $mail->setFrom(''); $mail->send();


No comments to display

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.