| [6] | 1 | <?php |
|---|
| 2 | |
|---|
| 3 | /** |
|---|
| 4 | * @version $Id: validation.php,v 1.2 2006/02/26 13:20:44 harryf Exp $ |
|---|
| 5 | * Tools for validing a UTF-8 string is well formed. |
|---|
| 6 | * The Original Code is Mozilla Communicator client code. |
|---|
| 7 | * The Initial Developer of the Original Code is |
|---|
| 8 | * Netscape Communications Corporation. |
|---|
| 9 | * Portions created by the Initial Developer are Copyright (C) 1998 |
|---|
| 10 | * the Initial Developer. All Rights Reserved. |
|---|
| 11 | * Ported to PHP by Henri Sivonen (http://hsivonen.iki.fi) |
|---|
| 12 | * Slight modifications to fit with phputf8 library by Harry Fuecks (hfuecks gmail com) |
|---|
| 13 | * @see http://lxr.mozilla.org/seamonkey/source/intl/uconv/src/nsUTF8ToUnicode.cpp |
|---|
| 14 | * @see http://lxr.mozilla.org/seamonkey/source/intl/uconv/src/nsUnicodeToUTF8.cpp |
|---|
| 15 | * @see http://hsivonen.iki.fi/php-utf8/ |
|---|
| 16 | * @package utf8 |
|---|
| 17 | * @subpackage validation |
|---|
| 18 | */ |
|---|
| 19 | |
|---|
| 20 | /** |
|---|
| 21 | * Tests a string as to whether it's valid UTF-8 and supported by the |
|---|
| 22 | * Unicode standard |
|---|
| 23 | * Note: this function has been modified to simple return true or false |
|---|
| 24 | * @author <hsivonen@iki.fi> |
|---|
| 25 | * @param string UTF-8 encoded string |
|---|
| 26 | * @return boolean true if valid |
|---|
| 27 | * @see http://hsivonen.iki.fi/php-utf8/ |
|---|
| 28 | * @see utf8_compliant |
|---|
| 29 | * @package utf8 |
|---|
| 30 | * @subpackage validation |
|---|
| 31 | */ |
|---|
| 32 | function utf8_is_valid($str) |
|---|
| 33 | { |
|---|
| 34 | $mState = 0; // Cached expected number of octets after the current octet |
|---|
| 35 | // until the beginning of the next UTF8 character sequence |
|---|
| 36 | $mUcs4 = 0; // Cached Unicode character |
|---|
| 37 | $mBytes = 1; // Cached expected number of octets in the current sequence |
|---|
| 38 | |
|---|
| 39 | $len = strlen($str); |
|---|
| 40 | |
|---|
| 41 | for($i = 0; $i < $len; $i++) |
|---|
| 42 | { |
|---|
| 43 | $in = ord($str{$i}); |
|---|
| 44 | |
|---|
| 45 | if ( $mState == 0) |
|---|
| 46 | { |
|---|
| 47 | // When mState is zero we expect either a US-ASCII character or a multi-octet sequence. |
|---|
| 48 | if (0 == (0x80 & ($in))) |
|---|
| 49 | { |
|---|
| 50 | $mBytes = 1; // US-ASCII, pass straight through |
|---|
| 51 | } |
|---|
| 52 | else if (0xC0 == (0xE0 & ($in))) |
|---|
| 53 | { |
|---|
| 54 | // First octet of 2 octet sequence |
|---|
| 55 | $mUcs4 = ($in); |
|---|
| 56 | $mUcs4 = ($mUcs4 & 0x1F) << 6; |
|---|
| 57 | $mState = 1; |
|---|
| 58 | $mBytes = 2; |
|---|
| 59 | } |
|---|
| 60 | else if (0xE0 == (0xF0 & ($in))) |
|---|
| 61 | { |
|---|
| 62 | // First octet of 3 octet sequence |
|---|
| 63 | $mUcs4 = ($in); |
|---|
| 64 | $mUcs4 = ($mUcs4 & 0x0F) << 12; |
|---|
| 65 | $mState = 2; |
|---|
| 66 | $mBytes = 3; |
|---|
| 67 | } |
|---|
| 68 | else if (0xF0 == (0xF8 & ($in))) |
|---|
| 69 | { |
|---|
| 70 | // First octet of 4 octet sequence |
|---|
| 71 | $mUcs4 = ($in); |
|---|
| 72 | $mUcs4 = ($mUcs4 & 0x07) << 18; |
|---|
| 73 | $mState = 3; |
|---|
| 74 | $mBytes = 4; |
|---|
| 75 | } |
|---|
| 76 | else if (0xF8 == (0xFC & ($in))) |
|---|
| 77 | { |
|---|
| 78 | /* First octet of 5 octet sequence. |
|---|
| 79 | * |
|---|
| 80 | * This is illegal because the encoded codepoint must be either |
|---|
| 81 | * (a) not the shortest form or |
|---|
| 82 | * (b) outside the Unicode range of 0-0x10FFFF. |
|---|
| 83 | * Rather than trying to resynchronize, we will carry on until the end |
|---|
| 84 | * of the sequence and let the later error handling code catch it. |
|---|
| 85 | */ |
|---|
| 86 | $mUcs4 = ($in); |
|---|
| 87 | $mUcs4 = ($mUcs4 & 0x03) << 24; |
|---|
| 88 | $mState = 4; |
|---|
| 89 | $mBytes = 5; |
|---|
| 90 | } |
|---|
| 91 | else if (0xFC == (0xFE & ($in))) |
|---|
| 92 | { |
|---|
| 93 | // First octet of 6 octet sequence, see comments for 5 octet sequence. |
|---|
| 94 | $mUcs4 = ($in); |
|---|
| 95 | $mUcs4 = ($mUcs4 & 1) << 30; |
|---|
| 96 | $mState = 5; |
|---|
| 97 | $mBytes = 6; |
|---|
| 98 | } |
|---|
| 99 | else |
|---|
| 100 | { |
|---|
| 101 | // Current octet is neither in the US-ASCII range nor a legal first octet of a multi-octet sequence. |
|---|
| 102 | return false; |
|---|
| 103 | } |
|---|
| 104 | } |
|---|
| 105 | else |
|---|
| 106 | { |
|---|
| 107 | // When mState is non-zero, we expect a continuation of the multi-octet sequence |
|---|
| 108 | if (0x80 == (0xC0 & ($in))) |
|---|
| 109 | { |
|---|
| 110 | // Legal continuation. |
|---|
| 111 | $shift = ($mState - 1) * 6; |
|---|
| 112 | $tmp = $in; |
|---|
| 113 | $tmp = ($tmp & 0x0000003F) << $shift; |
|---|
| 114 | $mUcs4 |= $tmp; |
|---|
| 115 | |
|---|
| 116 | /** |
|---|
| 117 | * End of the multi-octet sequence. mUcs4 now contains the final |
|---|
| 118 | * Unicode codepoint to be output |
|---|
| 119 | */ |
|---|
| 120 | if (0 == --$mState) |
|---|
| 121 | { |
|---|
| 122 | /* |
|---|
| 123 | * Check for illegal sequences and codepoints. |
|---|
| 124 | */ |
|---|
| 125 | // From Unicode 3.1, non-shortest form is illegal |
|---|
| 126 | if (((2 == $mBytes) && ($mUcs4 < 0x0080)) || ((3 == $mBytes) && ($mUcs4 < 0x0800)) || |
|---|
| 127 | ((4 == $mBytes) && ($mUcs4 < 0x10000)) || (4 < $mBytes) || |
|---|
| 128 | // From Unicode 3.2, surrogate characters are illegal |
|---|
| 129 | (($mUcs4 & 0xFFFFF800) == 0xD800) || |
|---|
| 130 | // Codepoints outside the Unicode range are illegal |
|---|
| 131 | ($mUcs4 > 0x10FFFF)) |
|---|
| 132 | { |
|---|
| 133 | return FALSE; |
|---|
| 134 | } |
|---|
| 135 | |
|---|
| 136 | // Initialize UTF8 cache |
|---|
| 137 | $mState = 0; |
|---|
| 138 | $mUcs4 = 0; |
|---|
| 139 | $mBytes = 1; |
|---|
| 140 | } |
|---|
| 141 | } |
|---|
| 142 | else |
|---|
| 143 | { |
|---|
| 144 | /** |
|---|
| 145 | *((0xC0 & (*in) != 0x80) && (mState != 0)) |
|---|
| 146 | * Incomplete multi-octet sequence. |
|---|
| 147 | */ |
|---|
| 148 | |
|---|
| 149 | return false; |
|---|
| 150 | } |
|---|
| 151 | } |
|---|
| 152 | } |
|---|
| 153 | |
|---|
| 154 | return true; |
|---|
| 155 | } |
|---|
| 156 | |
|---|
| 157 | /** |
|---|
| 158 | * Tests whether a string complies as UTF-8. This will be much |
|---|
| 159 | * faster than utf8_is_valid, but will pass five and six octet |
|---|
| 160 | * UTF-8 sequences, which are not supported by Unicode and |
|---|
| 161 | * so cannot be displayed correctly in a browser. In other words |
|---|
| 162 | * it is not as strict as utf8_is_valid but it's faster. If you use |
|---|
| 163 | * is to validate user input, you place yourself at the risk that |
|---|
| 164 | * attackers will be able to inject 5 and 6 byte sequences (which |
|---|
| 165 | * may or may not be a significant risk, depending on what you are |
|---|
| 166 | * are doing) |
|---|
| 167 | * Note: Does not pass five and six octet UTF-8 sequences anymore in |
|---|
| 168 | * in the unit tests. |
|---|
| 169 | * @see utf8_is_valid |
|---|
| 170 | * @see http://www.php.net/manual/en/reference.pcre.pattern.modifiers.php#54805 |
|---|
| 171 | * @param string UTF-8 string to check |
|---|
| 172 | * @return boolean TRUE if string is valid UTF-8 |
|---|
| 173 | * @package utf8 |
|---|
| 174 | * @subpackage validation |
|---|
| 175 | */ |
|---|
| 176 | function utf8_compliant($str) |
|---|
| 177 | { |
|---|
| 178 | if (strlen($str) == 0) |
|---|
| 179 | return true; |
|---|
| 180 | |
|---|
| 181 | // If even just the first character can be matched, when the /u |
|---|
| 182 | // modifier is used, then it's valid UTF-8. If the UTF-8 is somehow |
|---|
| 183 | // invalid, nothing at all will match, even if the string contains |
|---|
| 184 | // some valid sequences |
|---|
| 185 | return (preg_match('/^.{1}/us', $str, $ar) == 1); |
|---|
| 186 | } |
|---|
