Form Element Email validation allows invalid email address

1
votes

Today I discovered that Zend\Form\Element\Email is not using Zend\Validator\EmailAddress for email validation but uses instead the following Regex Validator: 

'/^[a-zA-Z0-9.!#$%&\'*+\/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/'

The regex validator allows email addresses such as example@world-test-de.

Before filing a bug report I want to check if:

a) Why is the EmailAddress validator not used by default?
b) Is the regex pattern buggy?

The above mentioned email address is valid if am using that code:

$this->add(array(
    'type' => 'Zend\Form\Element\Email',
    'name' => 'emails',
    'options' => array(
        'label' => 'Notification recipients',
        'description' => 'separate multiple email addresses with comma',
    ),
    'attributes' => array(
        'multiple' => true
    ),
));

As soon as I am changing the default email validator, validation works correctly:

$this->add(array(
    'type' => 'Zend\Form\Element\Email',
    'name' => 'emails',
    'options' => array(
        'label' => 'Notification recipients',
        'description' => 'separate multiple email addresses with comma',
    ),
    'attributes' => array(
        'multiple' => true
    ),
));
**$this->get('emails')->setEmailValidator(new \Zend\Validator\EmailAddress());**
1
phpzend-framework2zend-framework3

1 Answers

2
votes

I don't think this is a bug.
Zend\Form\Element\Email is a HTML5 input with type email, so it is made to fulfll HTML5 specification -> https://html.spec.whatwg.org/multipage/forms.html#valid-e-mail-address

As you can see there is:

The following JavaScript- and Perl-compatible regular expression is an implementation of the above definition.

/^[a-zA-Z0-9.!#$%&'+/=?^_`{|}~-]+@a-zA-Z0-9?(?:.a-zA-Z0-9?)$/

This is exactly the same regex which Zend used to validate emails