Does PHP's built-in filter_input work correctly?

Question

I tried PHP's built-in function: filter_input()

var_dump(filter_var('[email protected]', FILTER_VALIDATE_EMAIL));

Output:

string(19) "[email protected]"

Then I tried the latest release of Zend Framework (1.11.3):

$validator = new Zend_Validate_EmailAddress();  
if ($validator->isValid('[email protected]')) {
    echo 'OK';
} else {
    foreach ($validator->getMessages() as $message) {
            echo "$message\n";
    }
}

Output:

'john.doe.' can not be matched against dot-atom format
'john.doe.' can not be matched against quoted-string format
'john.doe.' is no valid local part for email address '[email protected]'

Either the built-in function should return FALSE or the Zend method 'OK'.

My hubmle question is:
Which one is right?

Answer 1

http://framework.zend.com/manual/en/zend.validate.set.html doesn't really indicate wether they're being RFC-strict or not, so lets look at the source.

In the source, _validateLocalPart() defines the EBNF they're matching against:

    // Dot-atom characters are: 1*atext *("." 1*atext)
    // atext: ALPHA / DIGIT / and "!", "#", "$", "%", "&", "'", "*",
    //        "+", "-", "/", "=", "?", "^", "_", "`", "{", "|", "}", "~"
    if (preg_match('/^[' . $atext . ']+(\x2e+[' . $atext . ']+)*$/', $this->_localPart)) {

It looks like they definitely do stay strict to that - so the local part cannot begin or end with a dot.

The pattern above is exactly the same as in the rfc2822 spec: http://www.ietf.org/rfc/rfc2822.txt - and the isValid docblock in Zend/Validate/EmailAddress.php references it as using 2822.

So, if you want to be rfc2822 compliant, Zend_Validate_EmailAddress is doing it right, and likely, the filter_input is doing it out of spec.