PHPMailer\PHPMailer

PHPMailer::validateAddresspublic staticWP 1.0

Check that a string looks like an email address. Validation patterns supported:

  • auto Pick best pattern automatically;
  • pcre8 Use the squiloople.com pattern, requires PCRE > 8.0;
  • pcre Use old PCRE implementation;
  • php Use PHP built-in FILTER_VALIDATE_EMAIL;
  • html5 Use the pattern given by the HTML5 spec for 'email' type form input elements.
  • eai Use a pattern similar to the HTML5 spec for 'email' and to firefox, extended to support EAI (RFC6530).
  • noregex Don't use a regex: super fast, really dumb. Alternatively you may pass in a callable to inject your own validator, for example:
PHPMailer::validateAddress('[email protected]', function($address) {
	return (strpos($address, '@') !== false);
});

You can also set the PHPMailer::$validator static to a callable, allowing built-in methods to use your validator.

Method of the class: PHPMailer{}

No Hooks.

Returns

true|false.

Usage

$result = PHPMailer::validateAddress( $address, $patternselect );
$address(string) (required)
The email address to check.
$patternselect(string|callable)
Which pattern to use.
Default: null

PHPMailer::validateAddress() code WP 7.0

wp-includes/PHPMailer/PHPMailer.php 
public static function validateAddress($address, $patternselect = null)
{
    if (null === $patternselect) {
        $patternselect = static::$validator;
    }
    //Don't allow strings as callables, see SECURITY.md and CVE-2021-3603
    if (is_callable($patternselect) && !is_string($patternselect)) {
        return call_user_func($patternselect, $address);
    }
    //Reject line breaks in addresses; it's valid RFC5322, but not RFC5321
    if (strpos($address, "\n") !== false || strpos($address, "\r") !== false) {
        return false;
    }
    switch ($patternselect) {
        case 'pcre': //Kept for BC
        case 'pcre8':
            /*
             * A more complex and more permissive version of the RFC5322 regex on which FILTER_VALIDATE_EMAIL
             * is based.
             * In addition to the addresses allowed by filter_var, also permits:
             *  * dotless domains: `a@b`
             *  * comments: `1234 @ local(blah) .machine .example`
             *  * quoted elements: `'"test blah"@example.org'`
             *  * numeric TLDs: `[email protected]`
             *  * unbracketed IPv4 literals: `[email protected]`
             *  * IPv6 literals: 'first.last@[IPv6:a1::]'
             * Not all of these will necessarily work for sending!
             *
             * @copyright 2009-2010 Michael Rushton
             * Feel free to use and redistribute this code. But please keep this copyright notice.
             */
            return (bool) preg_match(
                '/^(?!(?>(?1)"?(?>\\\[ -~]|[^"])"?(?1)){255,})(?!(?>(?1)"?(?>\\\[ -~]|[^"])"?(?1)){65,}@)' .
                '((?>(?>(?>((?>(?>(?>\x0D\x0A)?[\t ])+|(?>[\t ]*\x0D\x0A)?[\t ]+)?)(\((?>(?2)' .
                '(?>[\x01-\x08\x0B\x0C\x0E-\'*-\[\]-\x7F]|\\\[\x00-\x7F]|(?3)))*(?2)\)))+(?2))|(?2))?)' .
                '([!#-\'*+\/-9=?^-~-]+|"(?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-!#-\[\]-\x7F]|\\\[\x00-\x7F]))*' .
                '(?2)")(?>(?1)\.(?1)(?4))*(?1)@(?!(?1)[a-z0-9-]{64,})(?1)(?>([a-z0-9](?>[a-z0-9-]*[a-z0-9])?)' .
                '(?>(?1)\.(?!(?1)[a-z0-9-]{64,})(?1)(?5)){0,126}|\[(?:(?>IPv6:(?>([a-f0-9]{1,4})(?>:(?6)){7}' .
                '|(?!(?:.*[a-f0-9][:\]]){8,})((?6)(?>:(?6)){0,6})?::(?7)?))|(?>(?>IPv6:(?>(?6)(?>:(?6)){5}:' .
                '|(?!(?:.*[a-f0-9]:){6,})(?8)?::(?>((?6)(?>:(?6)){0,4}):)?))?(25[0-5]|2[0-4][0-9]|1[0-9]{2}' .
                '|[1-9]?[0-9])(?>\.(?9)){3}))\])(?1)$/isD',
                $address
            );
        case 'html5':
            /*
             * This is the pattern used in the HTML5 spec for validation of 'email' type form input elements.
             *
             * @see https://html.spec.whatwg.org/#e-mail-state-(type=email)
             */
            return (bool) preg_match(
                '/^[a-zA-Z0-9.!#$%&\'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}' .
                '[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/sD',
                $address
            );
        case 'eai':
            /*
             * This is the pattern used in the HTML5 spec for validation of 'email' type
             * form input elements (as above), modified to accept Unicode email addresses.
             * This is also more lenient than Firefox' html5 spec, in order to make the regex faster.
             * 'eai' is an acronym for Email Address Internationalization.
             * This validator is selected automatically if you attempt to use recipient addresses
             * that contain Unicode characters in the local part.
             *
             * @see https://html.spec.whatwg.org/#e-mail-state-(type=email)
             * @see https://en.wikipedia.org/wiki/International_email
             */
            return (bool) preg_match(
                '/^[-\p{L}\p{N}\p{M}.!#$%&\'*+\/=?^_`{|}~]+@[\p{L}\p{N}\p{M}](?:[\p{L}\p{N}\p{M}-]{0,61}' .
                '[\p{L}\p{N}\p{M}])?(?:\.[\p{L}\p{N}\p{M}]' .
                '(?:[-\p{L}\p{N}\p{M}]{0,61}[\p{L}\p{N}\p{M}])?)*$/usD',
                $address
            );
        case 'php':
        default:
            return filter_var($address, FILTER_VALIDATE_EMAIL) !== false;
    }
}