Poor E-mail validation

[TheAndrey]

Laravel Version

10.16.1

PHP Version

8.1.21

Database Driver & Version

No response

Description

I found that the mail address validation rule skips the null byte in the login.

Here is an example of code that can be executed in tinker:

$ php artisan tinker
> Validator::make(['email' => urldecode('exa%00mple%40domain.tld')], ['email' => ['string', 'email']])->validate();
= [
    "email" => "exa\0mple@domain.tld",
  ]

The check is passed. As a result, I get an error from an SMTP server that doesn't like this address. Tested on exim4 and mailpit.

# exim4
501 NUL characters are not allowed in SMTP commands

# mailpit
451 4.3.5 Unable to process mail
[smtpd] error parsing message: malformed MIME header line: Received: from [127.0.0.1]

At the same time, the standard validation of the mail address in PHP works correctly:

$ php -r "var_dump(filter_var(urldecode('exa%00mple%40domain.tld'), FILTER_VALIDATE_EMAIL));"
bool(false)

I found a way to solve this problem by adding a filter flag to the validation rule.
https://laravel.com/docs/10.x/validation#rule-email

The filter validator, which uses PHP's filter_var function, ships with Laravel and was Laravel's default email validation behavior prior to Laravel version 5.8.

What was the idea of using a third-party library that performs such a simple task worse than the built-in tools in PHP?

Steps To Reproduce

The description provides example code for tinker.

[timacdonald]

Hi @TheAndrey,

You can see the reasoning in the PR: #29589

If the null bytes do not adhere to the email RFCs (I'm not sure if they do or not), it would be good to open an issue on their repository: https://github.com/egulias/EmailValidator/issues