PHPKonf 2020 Online

The Spoofchecker class

(PHP 5 >= 5.4.0, PHP 7, PECL intl >= 2.0.0)

Introducere

This class is provided because Unicode contains large number of characters and incorporates the varied writing systems of the world and their incorrect usage can expose programs or systems to possible security attacks using characters similarity.

Provided methods allow to check whether an individual string is likely an attempt at confusing the reader (spoof detection), such as "pаypаl" spelled with Cyrillic 'а' characters.

Sinopsisul clasei

Spoofchecker {
/* Constants */
const int|float ASCII = 0x10000000 ;
const int|float HIGHLY_RESTRICTIVE = 0x30000000 ;
const int|float MODERATELY_RESTRICTIVE = 0x40000000 ;
const int|float MINIMALLY_RESTRICTIVE = 0x50000000 ;
const int|float UNRESTRICTIVE = 0x60000000 ;
const int|float SINGLE_SCRIPT_RESTRICTIVE = 0x20000000 ;
const int SINGLE_SCRIPT_CONFUSABLE = 1 ;
const int MIXED_SCRIPT_CONFUSABLE = 2 ;
const int WHOLE_SCRIPT_CONFUSABLE = 4 ;
const int ANY_CASE = 8 ;
const int SINGLE_SCRIPT = 16 ;
const int INVISIBLE = 32 ;
const int CHAR_LIMIT = 64 ;
/* Metode */
public areConfusable ( string $str1 , string $str2 [, string &$error ] ) : bool
public __construct ( )
public isSuspicious ( string $text [, string &$error ] ) : bool
public setAllowedLocales ( string $locale_list ) : void
public setChecks ( int $checks ) : void
}

Constante predefinite

Spoofchecker::ASCII

Spoofchecker::HIGHLY_RESTRICTIVE

Spoofchecker::MODERATELY_RESTRICTIVE

Spoofchecker::MINIMALLY_RESTRICTIVE

Spoofchecker::UNRESTRICTIVE

Spoofchecker::SINGLE_SCRIPT_RESTRICTIVE

Spoofchecker::SINGLE_SCRIPT_CONFUSABLE

Spoofchecker::MIXED_SCRIPT_CONFUSABLE

Spoofchecker::WHOLE_SCRIPT_CONFUSABLE

Spoofchecker::ANY_CASE

Spoofchecker::SINGLE_SCRIPT

Spoofchecker::INVISIBLE

Spoofchecker::CHAR_LIMIT

Istoricul schimbărilor

Versiune Descriere
7.3.0 Class constants used by Spoofchecker::setRestrictionLevel() such as Spoofchecker::ASCII, Spoofchecker::HIGHLY_RESTRICTIVE, Spoofchecker::MODERATELY_RESTRICTIVE, Spoofchecker::MINIMALLY_RESTRICTIVE, Spoofchecker::UNRESTRICTIVE, Spoofchecker::SINGLE_SCRIPT_RESTRICTIVE has been added.

Cuprins

add a note add a note

User Contributed Notes 2 notes

up
4
Anonymous
3 years ago
From http://icu-project.org/apiref/icu4j/com/ibm/icu/text/SpoofChecker.html :
SINGLE_SCRIPT_CONFUSABLE: indicates that the two strings are visually confusable and that they are from the same script
MIXED_SCRIPT_CONFUSABLE: indicates that the two strings are visually confusable and that they are NOT from the same script
WHOLE_SCRIPT_CONFUSABLE: indicates that the two strings are visually confusable and that they are NOT from the same script BUT both of them are single-script strings
ANY_CASE: Deprecated.
SINGLE_SCRIPT: Deprecated.
INVISIBLE: Check an identifier for the presence of invisible characters, such as zero-width spaces, or character sequences that are likely not to display, such as multiple occurrences of the same non-spacing mark.
CHAR_LIMIT: Check that an identifier contains only characters from a specified set of acceptable characters.

Explanation of whole script, mixed script and single script confusables in UTS 39 section 4 : http://unicode.org/reports/tr39/#Confusable_Detection

Details from Java SpoofChecker class at http://icu-project.org/apiref/icu4j/com/ibm/icu/text/SpoofChecker.html
up
-1
Anonymous
2 years ago
Spoofchecker yields false positives by defaut when Whole-Script Confusables (WSC) and Mixed-Script Confusables (MSC) checks are used.
They have been deprecated since ICU 58:
http://bugs.icu-project.org/trac/ticket/12549#comment:10

Workarounds: upgrade ICU to 58+, or avoid the MSC and WSC checks with Spoofcheckers' setChecks() function.
To Top