[wolfcms] r344 committed - Added Validate::valid_utf8 and Validate::compliant_utf8 functions. Sti...

1 view
Skip to first unread message

wol...@googlecode.com

unread,
Nov 29, 2010, 1:35:35 PM11/29/10
to wolfcms...@googlegroups.com
Revision: 344
Author: martij...@gmail.com
Date: Mon Nov 29 10:34:32 2010
Log: Added Validate::valid_utf8 and Validate::compliant_utf8 functions.
Still need proper testing.
http://code.google.com/p/wolfcms/source/detail?r=344

Modified:
/trunk/wolf/helpers/Validate.php

=======================================
--- /trunk/wolf/helpers/Validate.php Mon Nov 22 08:32:21 2010
+++ /trunk/wolf/helpers/Validate.php Mon Nov 29 10:34:32 2010
@@ -9,7 +9,7 @@
*/

/**
- * This helper is based on the Kohana 2.x valid.php helper.
+ * This helper is based on the Kohana 2.x valid.php helper but has been
expanded.
*
* @package wolf
* @subpackage helpers
@@ -845,5 +845,170 @@

return true;
}
+
+
+ /**
+ * Tests a string as to whether it's valid UTF-8 and supported by the
+ * Unicode standard.
+ *
+ * This code has been taken from the phputf8 library.
+ *
+ * @author <hsiv...@iki.fi>
+ * @see http://hsivonen.iki.fi/php-utf8/
+ *
+ * @param string UTF-8 encoded string
+ * @return boolean true if valid
+ */
+ function valid_utf8($str) {
+
+ $mState = 0; // cached expected number of octets after the
current octet
+ // until the beginning of the next UTF8 character
sequence
+ $mUcs4 = 0; // cached Unicode character
+ $mBytes = 1; // cached expected number of octets in the
current sequence
+
+ $len = strlen($str);
+
+ for ($i = 0; $i < $len; $i++) {
+
+ $in = ord($str{$i});
+
+ if ($mState == 0) {
+
+ // When mState is zero we expect either a US-ASCII
character or a
+ // multi-octet sequence.
+ if (0 == (0x80 & ($in))) {
+ // US-ASCII, pass straight through.
+ $mBytes = 1;
+ }
+ else if (0xC0 == (0xE0 & ($in))) {
+ // First octet of 2 octet sequence
+ $mUcs4 = ($in);
+ $mUcs4 = ($mUcs4 & 0x1F) << 6;
+ $mState = 1;
+ $mBytes = 2;
+ }
+ else if (0xE0 == (0xF0 & ($in))) {
+ // First octet of 3 octet sequence
+ $mUcs4 = ($in);
+ $mUcs4 = ($mUcs4 & 0x0F) << 12;
+ $mState = 2;
+ $mBytes = 3;
+ }
+ else if (0xF0 == (0xF8 & ($in))) {
+ // First octet of 4 octet sequence
+ $mUcs4 = ($in);
+ $mUcs4 = ($mUcs4 & 0x07) << 18;
+ $mState = 3;
+ $mBytes = 4;
+ }
+ else if (0xF8 == (0xFC & ($in))) {
+ /* First octet of 5 octet sequence.
+ *
+ * This is illegal because the encoded codepoint must
be either
+ * (a) not the shortest form or
+ * (b) outside the Unicode range of 0-0x10FFFF.
+ * Rather than trying to resynchronize, we will carry
on until the end
+ * of the sequence and let the later error handling
code catch it.
+ */
+ $mUcs4 = ($in);
+ $mUcs4 = ($mUcs4 & 0x03) << 24;
+ $mState = 4;
+ $mBytes = 5;
+ }
+ else if (0xFC == (0xFE & ($in))) {
+ // First octet of 6 octet sequence, see comments for 5
octet sequence.
+ $mUcs4 = ($in);
+ $mUcs4 = ($mUcs4 & 1) << 30;
+ $mState = 5;
+ $mBytes = 6;
+ }
+ else {
+ /* Current octet is neither in the US-ASCII range nor
a legal first
+ * octet of a multi-octet sequence.
+ */
+ return FALSE;
+ }
+ }
+ else {
+
+ // When mState is non-zero, we expect a continuation of
the multi-octet
+ // sequence
+ if (0x80 == (0xC0 & ($in))) {
+
+ // Legal continuation.
+ $shift = ($mState - 1) * 6;
+ $tmp = $in;
+ $tmp = ($tmp & 0x0000003F) << $shift;
+ $mUcs4 |= $tmp;
+
+ /**
+ * End of the multi-octet sequence. mUcs4 now contains
the final
+ * Unicode codepoint to be output
+ */
+ if (0 == --$mState) {
+
+ /*
+ * Check for illegal sequences and codepoints.
+ */
+ // From Unicode 3.1, non-shortest form is illegal
+ if (((2 == $mBytes) && ($mUcs4 < 0x0080)) ||
+ ((3 == $mBytes) && ($mUcs4 < 0x0800)) ||
+ ((4 == $mBytes) && ($mUcs4 < 0x10000)) ||
+ (4 < $mBytes) ||
+ // From Unicode 3.2, surrogate characters
are illegal
+ (($mUcs4 & 0xFFFFF800) == 0xD800) ||
+ // Codepoints outside the Unicode range
are illegal
+ ($mUcs4 > 0x10FFFF)) {
+
+ return FALSE;
+ }
+
+ //initialize UTF8 cache
+ $mState = 0;
+ $mUcs4 = 0;
+ $mBytes = 1;
+ }
+ }
+ else {
+ /**
+ * ((0xC0 & (*in) != 0x80) && (mState != 0))
+ * Incomplete multi-octet sequence.
+ */
+ return FALSE;
+ }
+ }
+ }
+ return TRUE;
+ }
+
+
+ /**
+ * Tests whether a string complies as UTF-8.
+ *
+ * This will be much faster than utf8_is_valid but will pass five and
+ * six octet UTF-8 sequences, which are not supported by Unicode and
+ * so cannot be displayed correctly in a browser. In other words
+ * it is not as strict as utf8_is_valid but it's faster.
+ *
+ * If your use is to validate user input, you place yourself at the
risk
+ * that attackers will be able to inject 5 and 6 byte sequences (which
+ * may or may not be a significant risk, depending on what you are
+ * are doing)
+ *
+ * @see
http://www.php.net/manual/en/reference.pcre.pattern.modifiers.php#54805
+ *
+ * @param string UTF-8 string to check
+ * @return boolean TRUE if string is valid UTF-8
+ */
+ function compliant_utf8($str) {
+ if (strlen($str) == 0) {
+ return TRUE;
+ }
+ // If even just the first character can be matched, when the /u
+ // modifier is used, then it's valid UTF-8. If the UTF-8 is somehow
+ // invalid, nothing at all will match, even if the string contains
+ // some valid sequences
+ return (preg_match('/^.{1}/us', $str, $ar) == 1);
+ }

}

Reply all
Reply to author
Forward
0 new messages