Source code for file /phputf8/utils/validation.php
Documentation is available at validation.php
* @version $Id: validation.php,v 1.2 2006/02/26 13:20:44 harryf Exp $
* Tools for validing a UTF-8 string is well formed.
* The Original Code is Mozilla Communicator client code.
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
* Ported to PHP by Henri Sivonen (http://hsivonen.iki.fi)
* Slight modifications to fit with phputf8 library by Harry Fuecks (hfuecks gmail com)
* @see http://lxr.mozilla.org/seamonkey/source/intl/uconv/src/nsUTF8ToUnicode.cpp
* @see http://lxr.mozilla.org/seamonkey/source/intl/uconv/src/nsUnicodeToUTF8.cpp
* @see http://hsivonen.iki.fi/php-utf8/
//--------------------------------------------------------------------
* Tests a string as to whether it's valid UTF-8 and supported by the
* Note: this function has been modified to simple return true or false
* @param string UTF-8 encoded string
* @return boolean true if valid
* @see http://hsivonen.iki.fi/php-utf8/
$mState =
0; // cached expected number of octets after the current octet
// until the beginning of the next UTF8 character sequence
$mUcs4 =
0; // cached Unicode character
$mBytes =
1; // cached expected number of octets in the current sequence
for($i =
0; $i <
$len; $i++
) {
// When mState is zero we expect either a US-ASCII character or a
if (0 ==
(0x80 & ($in))) {
// US-ASCII, pass straight through.
} else if (0xC0 ==
(0xE0 & ($in))) {
// First octet of 2 octet sequence
$mUcs4 =
($mUcs4 & 0x1F) <<
6;
} else if (0xE0 ==
(0xF0 & ($in))) {
// First octet of 3 octet sequence
$mUcs4 =
($mUcs4 & 0x0F) <<
12;
} else if (0xF0 ==
(0xF8 & ($in))) {
// First octet of 4 octet sequence
$mUcs4 =
($mUcs4 & 0x07) <<
18;
} else if (0xF8 ==
(0xFC & ($in))) {
/* First octet of 5 octet sequence.
* This is illegal because the encoded codepoint must be either
* (a) not the shortest form or
* (b) outside the Unicode range of 0-0x10FFFF.
* Rather than trying to resynchronize, we will carry on until the end
* of the sequence and let the later error handling code catch it.
$mUcs4 =
($mUcs4 & 0x03) <<
24;
} else if (0xFC ==
(0xFE & ($in))) {
// First octet of 6 octet sequence, see comments for 5 octet sequence.
$mUcs4 =
($mUcs4 & 1) <<
30;
/* Current octet is neither in the US-ASCII range nor a legal first
* octet of a multi-octet sequence.
// When mState is non-zero, we expect a continuation of the multi-octet
if (0x80 ==
(0xC0 & ($in))) {
$shift =
($mState -
1) *
6;
$tmp =
($tmp & 0x0000003F) <<
$shift;
* End of the multi-octet sequence. mUcs4 now contains the final
* Unicode codepoint to be output
* Check for illegal sequences and codepoints.
// From Unicode 3.1, non-shortest form is illegal
if (((2 ==
$mBytes) &&
($mUcs4 <
0x0080)) ||
((3 ==
$mBytes) &&
($mUcs4 <
0x0800)) ||
((4 ==
$mBytes) &&
($mUcs4 <
0x10000)) ||
// From Unicode 3.2, surrogate characters are illegal
(($mUcs4 & 0xFFFFF800) ==
0xD800) ||
// Codepoints outside the Unicode range are illegal
*((0xC0 & (*in) != 0x80) && (mState != 0))
* Incomplete multi-octet sequence.
//--------------------------------------------------------------------
* Tests whether a string complies as UTF-8. This will be much
* faster than utf8_is_valid but will pass five and six octet
* UTF-8 sequences, which are not supported by Unicode and
* so cannot be displayed correctly in a browser. In other words
* it is not as strict as utf8_is_valid but it's faster. If you use
* is to validate user input, you place yourself at the risk that
* attackers will be able to inject 5 and 6 byte sequences (which
* may or may not be a significant risk, depending on what you are
* @see http://www.php.net/manual/en/reference.pcre.pattern.modifiers.php#54805
* @param string UTF-8 string to check
* @return boolean TRUE if string is valid UTF-8
// If even just the first character can be matched, when the /u
// modifier is used, then it's valid UTF-8. If the UTF-8 is somehow
// invalid, nothing at all will match, even if the string contains