diff options
author | Andreas Baumann <mail@andreasbaumann.cc> | 2019-11-17 20:57:39 +0100 |
---|---|---|
committer | Andreas Baumann <mail@andreasbaumann.cc> | 2019-11-17 20:57:39 +0100 |
commit | 3b06ee0d381dc1be5f40ca98ad4278046d869d21 (patch) | |
tree | d31e79fc57d882b8267f40c3434480bb58a3ca73 /include/utf8/utils/validation.php | |
download | fluxbb-3b06ee0d381dc1be5f40ca98ad4278046d869d21.tar.xz |
Diffstat (limited to 'include/utf8/utils/validation.php')
-rw-r--r-- | include/utf8/utils/validation.php | 186 |
1 files changed, 186 insertions, 0 deletions
diff --git a/include/utf8/utils/validation.php b/include/utf8/utils/validation.php new file mode 100644 index 0000000..90dce8e --- /dev/null +++ b/include/utf8/utils/validation.php @@ -0,0 +1,186 @@ +<?php + +/** +* @version $Id: validation.php,v 1.2 2006/02/26 13:20:44 harryf Exp $ +* Tools for validing a UTF-8 string is well formed. +* The Original Code is Mozilla Communicator client code. +* The Initial Developer of the Original Code is +* Netscape Communications Corporation. +* Portions created by the Initial Developer are Copyright (C) 1998 +* the Initial Developer. All Rights Reserved. +* Ported to PHP by Henri Sivonen (http://hsivonen.iki.fi) +* Slight modifications to fit with phputf8 library by Harry Fuecks (hfuecks gmail com) +* @see http://lxr.mozilla.org/seamonkey/source/intl/uconv/src/nsUTF8ToUnicode.cpp +* @see http://lxr.mozilla.org/seamonkey/source/intl/uconv/src/nsUnicodeToUTF8.cpp +* @see http://hsivonen.iki.fi/php-utf8/ +* @package utf8 +* @subpackage validation +*/ + +/** +* Tests a string as to whether it's valid UTF-8 and supported by the +* Unicode standard +* Note: this function has been modified to simple return true or false +* @author <hsivonen@iki.fi> +* @param string UTF-8 encoded string +* @return boolean true if valid +* @see http://hsivonen.iki.fi/php-utf8/ +* @see utf8_compliant +* @package utf8 +* @subpackage validation +*/ +function utf8_is_valid($str) +{ + $mState = 0; // Cached expected number of octets after the current octet + // until the beginning of the next UTF8 character sequence + $mUcs4 = 0; // Cached Unicode character + $mBytes = 1; // Cached expected number of octets in the current sequence + + $len = strlen($str); + + for($i = 0; $i < $len; $i++) + { + $in = ord($str{$i}); + + if ( $mState == 0) + { + // When mState is zero we expect either a US-ASCII character or a multi-octet sequence. + if (0 == (0x80 & ($in))) + { + $mBytes = 1; // US-ASCII, pass straight through + } + else if (0xC0 == (0xE0 & ($in))) + { + // First octet of 2 octet sequence + $mUcs4 = ($in); + $mUcs4 = ($mUcs4 & 0x1F) << 6; + $mState = 1; + $mBytes = 2; + } + else if (0xE0 == (0xF0 & ($in))) + { + // First octet of 3 octet sequence + $mUcs4 = ($in); + $mUcs4 = ($mUcs4 & 0x0F) << 12; + $mState = 2; + $mBytes = 3; + } + else if (0xF0 == (0xF8 & ($in))) + { + // First octet of 4 octet sequence + $mUcs4 = ($in); + $mUcs4 = ($mUcs4 & 0x07) << 18; + $mState = 3; + $mBytes = 4; + } + else if (0xF8 == (0xFC & ($in))) + { + /* First octet of 5 octet sequence. + * + * This is illegal because the encoded codepoint must be either + * (a) not the shortest form or + * (b) outside the Unicode range of 0-0x10FFFF. + * Rather than trying to resynchronize, we will carry on until the end + * of the sequence and let the later error handling code catch it. + */ + $mUcs4 = ($in); + $mUcs4 = ($mUcs4 & 0x03) << 24; + $mState = 4; + $mBytes = 5; + } + else if (0xFC == (0xFE & ($in))) + { + // First octet of 6 octet sequence, see comments for 5 octet sequence. + $mUcs4 = ($in); + $mUcs4 = ($mUcs4 & 1) << 30; + $mState = 5; + $mBytes = 6; + } + else + { + // Current octet is neither in the US-ASCII range nor a legal first octet of a multi-octet sequence. + return false; + } + } + else + { + // When mState is non-zero, we expect a continuation of the multi-octet sequence + if (0x80 == (0xC0 & ($in))) + { + // Legal continuation. + $shift = ($mState - 1) * 6; + $tmp = $in; + $tmp = ($tmp & 0x0000003F) << $shift; + $mUcs4 |= $tmp; + + /** + * End of the multi-octet sequence. mUcs4 now contains the final + * Unicode codepoint to be output + */ + if (0 == --$mState) + { + /* + * Check for illegal sequences and codepoints. + */ + // From Unicode 3.1, non-shortest form is illegal + if (((2 == $mBytes) && ($mUcs4 < 0x0080)) || ((3 == $mBytes) && ($mUcs4 < 0x0800)) || + ((4 == $mBytes) && ($mUcs4 < 0x10000)) || (4 < $mBytes) || + // From Unicode 3.2, surrogate characters are illegal + (($mUcs4 & 0xFFFFF800) == 0xD800) || + // Codepoints outside the Unicode range are illegal + ($mUcs4 > 0x10FFFF)) + { + return FALSE; + } + + // Initialize UTF8 cache + $mState = 0; + $mUcs4 = 0; + $mBytes = 1; + } + } + else + { + /** + *((0xC0 & (*in) != 0x80) && (mState != 0)) + * Incomplete multi-octet sequence. + */ + + return false; + } + } + } + + return true; +} + +/** +* Tests whether a string complies as UTF-8. This will be much +* faster than utf8_is_valid, but will pass five and six octet +* UTF-8 sequences, which are not supported by Unicode and +* so cannot be displayed correctly in a browser. In other words +* it is not as strict as utf8_is_valid but it's faster. If you use +* is to validate user input, you place yourself at the risk that +* attackers will be able to inject 5 and 6 byte sequences (which +* may or may not be a significant risk, depending on what you are +* are doing) +* Note: Does not pass five and six octet UTF-8 sequences anymore in +* in the unit tests. +* @see utf8_is_valid +* @see http://www.php.net/manual/en/reference.pcre.pattern.modifiers.php#54805 +* @param string UTF-8 string to check +* @return boolean TRUE if string is valid UTF-8 +* @package utf8 +* @subpackage validation +*/ +function utf8_compliant($str) +{ + if (strlen($str) == 0) + return true; + + // If even just the first character can be matched, when the /u + // modifier is used, then it's valid UTF-8. If the UTF-8 is somehow + // invalid, nothing at all will match, even if the string contains + // some valid sequences + return (preg_match('/^.{1}/us', $str, $ar) == 1); +} |