Bug #94052

Email validation in GeneralUtility

Added by Henrik Jensen 6 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Miscellaneous
Start date:
2021-05-04
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

The function validEmail in

‪TYPO3\CMS\Core\Utility\GeneralUtility::validEmail($email)

returns valid for (tested in version 8 and 9)

hdj@½typoconsult.dk
½
hdj@§typoconsult.dk
§

Domain names may be a maximum of 253 characters and consist of:
Uppercase and lowercase letters in English (A-Z, a-z)
Digits from 0 to 9
A hyphen (-)
A period (.) (used to identify a sub-domain; for example, email.domainsample)

I know its a minor issue but it would be nice to get ironed out of core.

#1

Updated by Christian Kuhn 6 months ago

Correct me if I'm wrong - I think most unicode characters are possible since the introduction of IDN's.

With core v10, email validation is done with a library, standard implementation is Egulias\EmailValidator\Validator\RFCValidation::class.

Core v11 adds a configuration array for validators. This allows to add DNSCheckValidation::class from the same library (or others, or own validators), which checks the domain-part for validity, which should solve your issue.

I'd say your issue is not security related, so we'll probably not touch it in v9 anymore. The validators-array is a feature, so we probably don't backport this to v10, except there are very good reasons to do so.

Is that fine with you?

#2

Updated by Henrik Jensen 6 months ago

Christian Kuhn wrote in #note-1:

Correct me if I'm wrong - I think most unicode characters are possible since the introduction of IDN's.

With core v10, email validation is done with a library, standard implementation is Egulias\EmailValidator\Validator\RFCValidation::class.

Core v11 adds a configuration array for validators. This allows to add DNSCheckValidation::class from the same library (or others, or own validators), which checks the domain-part for validity, which should solve your issue.

I'd say your issue is not security related, so we'll probably not touch it in v9 anymore. The validators-array is a feature, so we probably don't backport this to v10, except there are very good reasons to do so.

Is that fine with you?

Hi Christian
Sounds good. I think we can live with that :-)

Regards
Henrik

#3

Updated by Claus Harup 4 months ago

  • Target version set to Candidate for patchlevel

Update!!!

TYPO3 v.9: GeneralUtility::validEmail('test@domain') does not validate
TYPO3 v.10: GeneralUtility::validEmail('test@domain') does validate

Note: in v.10 TCA eval: email also validates test@domain....

#4

Updated by Georg Ringer 3 months ago

  • Status changed from New to Closed

closing the issue as it is configurable with latest versions

#5

Updated by Claus Harup 3 months ago

I do not understand why this bug report is closed..... - somethings have changed in v. 10 and the function GeneralUtility::validEmail does not return a valid email :-(

Imagine this scenario; in cli mode we maintain fe_users in TYP03 from 3rd party software and use email as username. 3rd party software does not have email validation so something like this can be added test@domain. When cli handles the data through TYPO3 datahandler the fe_users gets created / updated with errornous email and things start to go wrong..... :-(

Should I create another bug report for version 10 only?

Also available in: Atom PDF