svasti wrote:http://www.ex-parrot.com/~pdw/Mail-RFC822-Address.html gives a regular expression to validate mail.
That's a nice example of a simple and graspable regular expression!
Unfortunately it implements RFC 822 which was superseeded by RFC 2822 which was superseeded by RFC 5322. Regarding international mail additionally RFC 6531 has to be consulted.
I've found several email validation regexps, but none of them seem to permit all valid email addresses (even if the claimy to be overly permissive). My suggestion fails too, as it rejects "Abc@def"@example.com and "Fred Bloggs"@example.com for example. Ah... well, I found http://isemail.info/about
which seems to be very good, but it's more than 50KB of PHP -- so it probably doesn't fit well to CMSimple(_XH).
As it's clear now, that checking a valid email adress is no simple task, and that doing it exactly might be overkill for CMSimple_XH's built-in mailform, it seems to be necessary to declare the priorities. These are IMO:
- do not allow any email injection vulnerability
- do not reject any valid email address
The following should allow any valid email address (and many many more), except those containing embedded newlines or carriage returns (which can't be entered to an <input type="text"> anyway):
- Code: Select all
Additionally we might check the domain part with gethostbyname(). I do not consider this a good solution, but it's probably sufficient according to the necessities stated earlier. It's simple and secure (if I don't overlook something).
I would be glad, if anybody comes up with a better solution!