Laravel 6: Email validation filter is too permissive #5070
Comments
|
@bennothommo could you take a stab at this? |
|
Will do! |
bennothommo
added a commit
to octobercms/library
that referenced
this issue
May 19, 2020
Laravel 5.8 introduced a new email validation library, with a more permissive default filter (supposedly, following the RFC). To maintain the expected functionality of October, we have reverted the default back to the 'filter' method, which uses PHP's inbuilt 'filter_var' method. Fixes octobercms/october#5070
|
Fixed by octobercms/library@97d4163 and c3a5780. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Originally reported by @datune.
Laravel introduced fancier email validation in 5.8 (laravel/framework#26503), but made it too permissive by default, supposedly following the RFC exactly (although there are inconsistencies reported). This has caused breaking changes in emails reported as valid even though they may not be: laravel/framework#28233, laravel/framework#27875.
We need to make sure that October overrides Laravel's email validator to make the default filter used
email:filter, which uses PHP's built in email validator, instead ofemail:rfcwhich isn't even technically accurate to the RFC (reportedly).We should still support the other filters used, we just need to change the default filter used: https://laravel.com/docs/6.x/validation#rule-email.
The text was updated successfully, but these errors were encountered: