Email validator bug
Comments(0) The problem
There is a bug in Symfony’s email validator which means that unless you use both modes (strict and non-strict) invalid email addresses are possible.
Time of writing we are at version 1.0.13 - this could well be (and probably will be) fixed in 1.1 but please let me know if you spot that this has been fixed beforehand.
Strict mode validation
This mode is intended to catch email addresses such as root@localhost, but unfortunately it does not check for valid email strings, so %,%@hotmail.com would be accepted, as well as many other illegal character combinations.
Non-strict mode
This mode checks that the email address contains legal characters, but does not check for internal addresses. This is fine for most cases, but it is worth restricting users from using your site to spam your local mail server.
Solution 1
Sapheriel suggests on his blog that one solution is to override the functionality of the class, and then restore it once an update has been released.
“The best way to achieve this with the least amount of intrusion is to copy sfEmailValidator.class.php into your project’s library folder, modify it, and delete it once a fix has been published”
This may suit many users
Solution 2
If you do not want to worry about something you may have to do in the future, you can also run the validator twice, for example in your validator.yml file:
DoubleCheckEmailValidator:
class: sfEmailValidator
param:
class: sfGuardUser
column: email
strict: true
email_error: This email address is invalid
fields:
email:
required:
msg: Please enter an email address
sfEmailValidator:
email_error: This email address is invalid
strict: false
sfPropelUniqueValidator:
class: sfGuardUser
column: email
unique_error: This email is already in use
doubleCheckEmailValidator:You could also write a custom validator which calls the email validator twice, however we have opted for this solution for now.