Bug #94052
closed
Email validation in GeneralUtility
0%
Description
The function validEmail in
TYPO3\CMS\Core\Utility\GeneralUtility::validEmail($email)
returns valid for (tested in version 8 and 9)
hdj@½typoconsult.dk
hdj@typoconsult.dk½
hdj@§typoconsult.dk
hdj@typoconsult.dk§
Domain names may be a maximum of 253 characters and consist of:
Uppercase and lowercase letters in English (A-Z, a-z)
Digits from 0 to 9
A hyphen (-)
A period (.) (used to identify a sub-domain; for example, email.domainsample)
I know its a minor issue but it would be nice to get ironed out of core.
Updated by Christian Kuhn almost 3 years ago
Correct me if I'm wrong - I think most unicode characters are possible since the introduction of IDN's.
With core v10, email validation is done with a library, standard implementation is Egulias\EmailValidator\Validator\RFCValidation::class.
Core v11 adds a configuration array for validators. This allows to add DNSCheckValidation::class from the same library (or others, or own validators), which checks the domain-part for validity, which should solve your issue.
I'd say your issue is not security related, so we'll probably not touch it in v9 anymore. The validators-array is a feature, so we probably don't backport this to v10, except there are very good reasons to do so.
Is that fine with you?
Updated by Henrik Jensen almost 3 years ago
Christian Kuhn wrote in #note-1:
Correct me if I'm wrong - I think most unicode characters are possible since the introduction of IDN's.
With core v10, email validation is done with a library, standard implementation is Egulias\EmailValidator\Validator\RFCValidation::class.
Core v11 adds a configuration array for validators. This allows to add DNSCheckValidation::class from the same library (or others, or own validators), which checks the domain-part for validity, which should solve your issue.
I'd say your issue is not security related, so we'll probably not touch it in v9 anymore. The validators-array is a feature, so we probably don't backport this to v10, except there are very good reasons to do so.
Is that fine with you?
Hi Christian
Sounds good. I think we can live with that :-)
Regards
Henrik
Updated by Claus Harup almost 3 years ago
- Target version set to Candidate for patchlevel
Update!!!
TYPO3 v.9: GeneralUtility::validEmail('test@domain') does not validate
TYPO3 v.10: GeneralUtility::validEmail('test@domain') does validate
Note: in v.10 TCA eval: email also validates test@domain....
Updated by Georg Ringer almost 3 years ago
- Status changed from New to Closed
closing the issue as it is configurable with latest versions
Updated by Claus Harup almost 3 years ago
I do not understand why this bug report is closed..... - somethings have changed in v. 10 and the function GeneralUtility::validEmail does not return a valid email :-(
Imagine this scenario; in cli mode we maintain fe_users in TYP03 from 3rd party software and use email as username. 3rd party software does not have email validation so something like this can be added test@domain. When cli handles the data through TYPO3 datahandler the fe_users gets created / updated with errornous email and things start to go wrong..... :-(
Should I create another bug report for version 10 only?