Merge pull request #278 from jeremyquinton/issue-162

Fixes #162 - Validate quoted local part of email addresses

library/Zend/Validate/EmailAddress.php

@@ -424,15 +424,12 @@ class Zend_Validate_EmailAddress extends Zend_Validate_Abstract
         if (preg_match('/^[' . $atext . ']+(\x2e+[' . $atext . ']+)*$/', $this->_localPart)) {
             $result = true;
         } else {
-            // Try quoted string format
-
-            // Quoted-string characters are: DQUOTE *([FWS] qtext/quoted-pair) [FWS] DQUOTE
-            // qtext: Non white space controls, and the rest of the US-ASCII characters not
-            //   including "\" or the quote character
-            $noWsCtl = '\x01-\x08\x0b\x0c\x0e-\x1f\x7f';
-            $qtext   = $noWsCtl . '\x21\x23-\x5b\x5d-\x7e';
-            $ws      = '\x20\x09';
-            if (preg_match('/^\x22([' . $ws . $qtext . '])*[$ws]?\x22$/', $this->_localPart)) {
+            // Try quoted string format (RFC 5321 Chapter 4.1.2)
+
+            // Quoted-string characters are: DQUOTE *(qtext/quoted-pair) DQUOTE
+            $qtext      = '\x20-\x21\x23-\x5b\x5d-\x7e'; // %d32-33 / %d35-91 / %d93-126
+            $quotedPair = '\x20-\x7e'; // %d92 %d32-126
+            if (preg_match('/^"(['. $qtext .']|\x5c[' . $quotedPair . '])*"$/', $this->localPart)) {
                 $result = true;
             } else {
                 $this->_error(self::DOT_ATOM);

tests/Zend/Validate/EmailAddressTest.php

@@ -190,6 +190,19 @@ class Zend_Validate_EmailAddressTest extends PHPUnit_Framework_TestCase
     public function testQuotedString()
     {
         $emailAddresses = array(
+            '""@domain.com', // Optional
+            '" "@domain.com', // x20
+            '"!"@domain.com', // x21
+            '"\""@domain.com', // \" (escaped x22)
+            '"#"@domain.com', // x23
+            '"$"@domain.com', // x24
+            '"Z"@domain.com', // x5A
+            '"["@domain.com', // x5B
+            '"\\\"@domain.com', // \\ (escaped x5C)
+            '"]"@domain.com', // x5D
+            '"^"@domain.com', // x5E
+            '"}"@domain.com', // x7D
+            '"~"@domain.com', // x7E
             '"username"@example.com',
             '"bob%jones"@domain.com',
             '"bob jones"@domain.com',
@@ -204,6 +217,29 @@ class Zend_Validate_EmailAddressTest extends PHPUnit_Framework_TestCase
     }
 
     /**
+     * Ensures that quoted-string local part is considered invalid
+     *
+     * @return void
+     */
+    public function testInvalidQuotedString()
+    {
+        $emailAddresses = array(
+            "\"\x00\"@example.com",
+            "\"\x01\"@example.com",
+            "\"\x1E\"@example.com",
+            "\"\x1F\"@example.com",
+            '"""@example.com', // x22 (not escaped)
+            '"\"@example.com', // x5C (not escaped)
+            "\"\x7F\"@example.com",
+        );
+        foreach ($emailAddresses as $input) {
+            $this->assertFalse($this->_validator->isValid($input), "$input failed to pass validation:\n"
+                . implode("\n", $this->_validator->getMessages()));
+        }
+    }
+
+
+    /**
      * Ensures that validation fails when the e-mail is given as for display,
      * with angle brackets around the actual address
      *