fix(email): reinforcement of the validator and skip invalid address when sending alerts

[kevin-blackbird]

Hi,

On the last version for Sylius 1.X, version 4.1.0, we had a bug blocking the sending of alerts.

Indeed, if the email format was incorrect, we had an RfcComplianceException.
A person try an injection with this kind of email : mauralien21@gmail.com'&&sleep(27*1000)*ckfqsx&&' just by changing the input type from email to text, the backend Email validator accept this email.
To prevent that I add it the redtriction mode : Email::VALIDATION_MODE_STRICT

On alert sending, I had a try catch to no stop alert sending on email error.

If you accept this PR, can we have an 4.1.1 or 4.2.0 tags for Sylius 1 pls ?

Have a nice day !

Kind regards,
Kévin

[kevin-blackbird]

Hi,

Is there an update with this fix planned for soon ?

Kind regards,
Kévin

[Copilot]

Pull request overview

This PR hardens email handling for back-in-stock subscriptions to prevent invalid/malicious email strings from being accepted and to avoid alert-sending failures caused by RFC compliance exceptions during email delivery.

Changes:

• Switch subscription form email validation to Symfony Email::VALIDATION_MODE_STRICT.
• Catch RfcComplianceException during alert sending to continue processing remaining subscriptions.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
src/Form/SubscriptionType.php	Tightens validation for the subscription email field using strict RFC validation.
src/Command/AlertCommand.php	Prevents the alert command from stopping on RFC-compliance email errors by catching RfcComplianceException.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[LucaGallinari]

I had to make some changes and change the merge base branch as now master is compatible with Sylius 2, so i opened a new PR #79 and is now merged and tagged with "4.2.0".
Thank you very much @kevin-blackbird !