1 <?php
2 /**
3 * Tools for validing a UTF-8 string is well formed.
4 * The Original Code is Mozilla Communicator client code.
5 * The Initial Developer of the Original Code is
6 * Netscape Communications Corporation.
7 * Portions created by the Initial Developer are Copyright (C) 1998
8 * the Initial Developer. All Rights Reserved.
9 * Ported to PHP by Henri Sivonen (http://hsivonen.iki.fi)
10 * Slight modifications to fit with phputf8 library by Harry Fuecks (hfuecks gmail com)
11 * @see http://lxr.mozilla.org/seamonkey/source/intl/uconv/src/nsUTF8ToUnicode.cpp
12 * @see http://lxr.mozilla.org/seamonkey/source/intl/uconv/src/nsUnicodeToUTF8.cpp
13 * @see http://hsivonen.iki.fi/php-utf8/
14 * @package utf8
15 */
16
17 //--------------------------------------------------------------------
18 /**
19 * Tests a string as to whether it's valid UTF-8 and supported by the
20 * Unicode standard
21 * Note: this function has been modified to simple return true or false
22 * @author <hsivonen@iki.fi>
23 * @param string UTF-8 encoded string
24 * @return boolean true if valid
25 * @see http://hsivonen.iki.fi/php-utf8/
26 * @see utf8_compliant
27 * @package utf8
28 */
29 function utf8_is_valid($str) {
30
31 $mState = 0; // cached expected number of octets after the current octet
32 // until the beginning of the next UTF8 character sequence
33 $mUcs4 = 0; // cached Unicode character
34 $mBytes = 1; // cached expected number of octets in the current sequence
35
36 $len = strlen($str);
37
38 for($i = 0; $i < $len; $i++) {
39
40 $in = ord($str{$i});
41
42 if ( $mState == 0) {
43
44 // When mState is zero we expect either a US-ASCII character or a
45 // multi-octet sequence.
46 if (0 == (0x80 & ($in))) {
47 // US-ASCII, pass straight through.
48 $mBytes = 1;
49
50 } else if (0xC0 == (0xE0 & ($in))) {
51 // First octet of 2 octet sequence
52 $mUcs4 = ($in);
53 $mUcs4 = ($mUcs4 & 0x1F) << 6;
54 $mState = 1;
55 $mBytes = 2;
56
57 } else if (0xE0 == (0xF0 & ($in))) {
58 // First octet of 3 octet sequence
59 $mUcs4 = ($in);
60 $mUcs4 = ($mUcs4 & 0x0F) << 12;
61 $mState = 2;
62 $mBytes = 3;
63
64 } else if (0xF0 == (0xF8 & ($in))) {
65 // First octet of 4 octet sequence
66 $mUcs4 = ($in);
67 $mUcs4 = ($mUcs4 & 0x07) << 18;
68 $mState = 3;
69 $mBytes = 4;
70
71 } else if (0xF8 == (0xFC & ($in))) {
72 /* First octet of 5 octet sequence.
73 *
74 * This is illegal because the encoded codepoint must be either
75 * (a) not the shortest form or
76 * (b) outside the Unicode range of 0-0x10FFFF.
77 * Rather than trying to resynchronize, we will carry on until the end
78 * of the sequence and let the later error handling code catch it.
79 */
80 $mUcs4 = ($in);
81 $mUcs4 = ($mUcs4 & 0x03) << 24;
82 $mState = 4;
83 $mBytes = 5;
84
85 } else if (0xFC == (0xFE & ($in))) {
86 // First octet of 6 octet sequence, see comments for 5 octet sequence.
87 $mUcs4 = ($in);
88 $mUcs4 = ($mUcs4 & 1) << 30;
89 $mState = 5;
90 $mBytes = 6;
91
92 } else {
93 /* Current octet is neither in the US-ASCII range nor a legal first
94 * octet of a multi-octet sequence.
95 */
96 return FALSE;
97
98 }
99
100 } else {
101
102 // When mState is non-zero, we expect a continuation of the multi-octet
103 // sequence
104 if (0x80 == (0xC0 & ($in))) {
105
106 // Legal continuation.
107 $shift = ($mState - 1) * 6;
108 $tmp = $in;
109 $tmp = ($tmp & 0x0000003F) << $shift;
110 $mUcs4 |= $tmp;
111
112 /**
113 * End of the multi-octet sequence. mUcs4 now contains the final
114 * Unicode codepoint to be output
115 */
116 if (0 == --$mState) {
117
118 /*
119 * Check for illegal sequences and codepoints.
120 */
121 // From Unicode 3.1, non-shortest form is illegal
122 if (((2 == $mBytes) && ($mUcs4 < 0x0080)) ||
123 ((3 == $mBytes) && ($mUcs4 < 0x0800)) ||
124 ((4 == $mBytes) && ($mUcs4 < 0x10000)) ||
125 (4 < $mBytes) ||
126 // From Unicode 3.2, surrogate characters are illegal
127 (($mUcs4 & 0xFFFFF800) == 0xD800) ||
128 // Codepoints outside the Unicode range are illegal
129 ($mUcs4 > 0x10FFFF)) {
130
131 return FALSE;
132
133 }
134
135 //initialize UTF8 cache
136 $mState = 0;
137 $mUcs4 = 0;
138 $mBytes = 1;
139 }
140
141 } else {
142 /**
143 *((0xC0 & (*in) != 0x80) && (mState != 0))
144 * Incomplete multi-octet sequence.
145 */
146
147 return FALSE;
148 }
149 }
150 }
151 return TRUE;
152 }
153
154 //--------------------------------------------------------------------
155 /**
156 * Tests whether a string complies as UTF-8. This will be much
157 * faster than utf8_is_valid but will pass five and six octet
158 * UTF-8 sequences, which are not supported by Unicode and
159 * so cannot be displayed correctly in a browser. In other words
160 * it is not as strict as utf8_is_valid but it's faster. If you use
161 * is to validate user input, you place yourself at the risk that
162 * attackers will be able to inject 5 and 6 byte sequences (which
163 * may or may not be a significant risk, depending on what you are
164 * are doing)
165 * @see utf8_is_valid
166 * @see http://www.php.net/manual/en/reference.pcre.pattern.modifiers.php#54805
167 * @param string UTF-8 string to check
168 * @return boolean TRUE if string is valid UTF-8
169 * @package utf8
170 */
171 function utf8_compliant($str) {
172 if ( strlen($str) == 0 ) {
173 return TRUE;
174 }
175 // If even just the first character can be matched, when the /u
176 // modifier is used, then it's valid UTF-8. If the UTF-8 is somehow
177 // invalid, nothing at all will match, even if the string contains
178 // some valid sequences
179 return (preg_match('/^.{1}/us',$str,$ar) == 1);
180 }
181
182