Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:118763 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 7450 invoked from network); 6 Oct 2022 08:19:21 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 6 Oct 2022 08:19:21 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 081A51804C4 for ; Thu, 6 Oct 2022 01:19:20 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,NICE_REPLY_A, PDS_OTHER_BAD_TLD,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 6 Oct 2022 01:19:19 -0700 (PDT) Received: by mail-wr1-f48.google.com with SMTP id bq9so1487046wrb.4 for ; Thu, 06 Oct 2022 01:19:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=X+TfbLJNhQ5/poTJ6oM1fhKl+y1P64MDQvr7TrK6sZ0=; b=ktap6Im/4eexvAofcm0r2BHtaq7NNFaChw/7tZf24BWUq+gBk7lYdOaN1hM/uIje9m lrcMYN0XochLF0198WMM966KxA8DJ0ipQihZHtlBG40stDWsvAUV2G8ZfbrE77FReeCR 05VL+9fa6MyP02o4TaJYcQUbnj6olk4AePCOmg6XiiqvZiBw2cscJLLdqAjQUIBih+is WctjimTt9ur3ZBHH2WE28YXGnev7o2LT/RF1HkJXv+Qraq5WIWRW/2GnzKyUSwbxFaHq mGSkUo6wlLnb2ZKnLt7fRGOXnnqR/sUCmB6jyfU56+/oYxuNCKx5qfdwJaQdgvnUgTHf JK+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=X+TfbLJNhQ5/poTJ6oM1fhKl+y1P64MDQvr7TrK6sZ0=; b=MrfokI5y5Ho/MBS7uGVTTSzz1YxmIDKajVtu9HBrqdPN4GVNkHVrLGHjrc6s/mPBMg 7BSoeBu9G+HKF1eK9lc7HloFQMkg0knhrwCKFl1FWEdpQbor5I4odXdPvyqf+cihTJU8 2GPo9BVAS5EPhRIid+KTVlyxONhWUNt800jqqe8j2kMzuPmyOPGqUIaNYzcurBC4zKPN KwDVpRjDagUbE2SBKPGuNsiGIetx491b9z+28+bT2a6ir6wnl6zverG7EEkaGeoB7H79 vgxpIBlJB0bhTszGcH1TLb9ZB2IryqxgJQ5LoCDhUY/IJhiZFkq5Oj0HDbrYSAXxir5r DUZA== X-Gm-Message-State: ACrzQf2g1HfG4GguXJPvtZg7xiJt8O/GlFoI3/gv/VDDtbj+e5d9efta PRYA4nDLakLC3xg1EMW2GBG3GCJXTcc= X-Google-Smtp-Source: AMsMyM6p0vrO5lDfcmsGpsB5Hv6I6C0ZlF52hVh5YW8bmKMaBEUGQvXJKY+150Yo/61zGZt1vI9zuQ== X-Received: by 2002:a5d:5887:0:b0:22b:1255:42e5 with SMTP id n7-20020a5d5887000000b0022b125542e5mr2341598wrf.114.1665044358048; Thu, 06 Oct 2022 01:19:18 -0700 (PDT) Received: from [192.168.0.22] (cpc104104-brig22-2-0-cust548.3-3.cable.virginm.net. [82.10.58.37]) by smtp.googlemail.com with ESMTPSA id bj3-20020a0560001e0300b00226dfac0149sm11208773wrb.114.2022.10.06.01.19.17 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 06 Oct 2022 01:19:17 -0700 (PDT) Message-ID: <73b9c782-bcdf-7520-ea96-b2a265a933e2@gmail.com> Date: Thu, 6 Oct 2022 09:19:14 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.3.1 Content-Language: en-GB To: internals@lists.php.net References: <0cfb9a7b-1168-42ef-ae1a-bdc72210de43@app.fastmail.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Sanitize filters From: rowan.collins@gmail.com (Rowan Tommins) On 05/10/2022 22:35, David Gebler wrote: > There are multiple RFC standards for email address format but AFAIK > PHP's FILTER_SANITIZE_EMAIL doesn't conform to any of them. FILTER_SANITIZE_EMAIL is a very short list of characters which claims to be based on RFC 822 section 6: https://heap.space/xref/php-src/ext/filter/sanitizing_filters.c?r=4df3dd76#295 FILTER_VALIDATE_EMAIL doesn't say exactly which standard it's attempting to adhere to; it's one of many long unreadable regexes I've seen online claiming to cover all possible addresses. (Actually, there are now two regexes there, because there's a different version to support FILTER_FLAG_EMAIL_UNICODE). https://heap.space/xref/php-src/ext/filter/logical_filters.c?r=d8fc05c0#651 > The idea behind my suggestion for something like is_valid_email > (whatever it might be named) is as a step towards deprecating and > removing the entire existing filter API, which I think many of us > agree is a mess. You described FILTER_VALIDATE_EMAIL as "notorious for being next to useless"; that gives us two possibilities: a) A new function will be just as useless, because it will be based on the same implementation b) There is a better implementation out there, which we should start using in ext/filter right now My gut feel is that (a) is true, and there is no point considering what a new function would be called, because we don't know how to implement it. Regards, -- Rowan Tommins [IMSoP]