[wp-trac] [WordPress Trac] #50720: PHPMailer's validator defaults to 'php' after the upgrade

WordPress Trac noreply at wordpress.org
Wed Jul 22 18:26:40 UTC 2020 

#50720: PHPMailer's validator defaults to 'php' after the upgrade
-------------------------------------+------------------------------
 Reporter:  david.binda              |       Owner:  (none)
     Type:  defect (bug)             |      Status:  new
 Priority:  normal                   |   Milestone:  Awaiting Review
Component:  Mail                     |     Version:
 Severity:  normal                   |  Resolution:
 Keywords:  has-patch needs-testing  |     Focuses:
-------------------------------------+------------------------------
Changes (by ayeshrajans):

 * keywords:   => has-patch needs-testing


Comment:

 Thanks for the inputs @Synchro and @davidbinda . I think there definitely
 is the edge case of the example `ace at 1.2.3.4` not being accepted in
 `filter_var()`, which in turn means PHPMailer not accepting this email
 address, although it appears to make through `is_email`.

 I think it's fairly agreed upon that we use the verbatim copy of PHPMailer
 6.x versions as they are released, so patching PHPMailer wouldn't be the
 ideal option.

 PHPMailer supports custom email validator callbacks, so I'd suggest that
 we simply make PHPMailer use `is_email` as the validator.

 So to summarize:

  - WordPress's `is_email` is more forgiving and allows `a at b` email
 addresses.
  - PHPMailer by default uses the more semantically correct
 `filter_var/FILTER_VALIDATE_EMAIL`
  - Because `is_email` allows through `a at b` addresses, it is technically
 possible to have email addresses that are rejected only at PHPMailer
 level, but not at `is_email`.
  - To fix, we can make PHPMailer reuse `is_email` function to validate
 email addresses.
  - We will need a few extra tests to make sure PHPMailer and `is_email`
 accept/reject same sets of email addresses, including the edge case ones.

 I will submit tests if this approach is preferred, but I will attach a
 patch.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/50720#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list