LaravelConf Taiwan 2019 announcement

Класс Spoofchecker

(PHP 5 >= 5.4.0, PHP 7, PECL intl >= 2.0.0)

Введение

Этот класс существует потому, что Unicode содержит большое количество символов и включает в себя различные системы письма со всего мира и их некорректное использование может сделать программы и системы уязвимыми к хакерским атакам, использующим сходство символов.

Предоставляемые методы позволяют проверить строку на предмет попыток обмануть пользователя (spoof detection), например вставить в слово "pаypаl" кириллический символ 'а'.

Обзор классов

Spoofchecker {
/* Константы */
const number ASCII = 0x10000000 ;
const number HIGHLY_RESTRICTIVE = 0x30000000 ;
const number MODERATELY_RESTRICTIVE = 0x40000000 ;
const number MINIMALLY_RESTRICTIVE = 0x50000000 ;
const number UNRESTRICTIVE = 0x60000000 ;
const number SINGLE_SCRIPT_RESTRICTIVE = 0x20000000 ;
const integer SINGLE_SCRIPT_CONFUSABLE = 1 ;
const integer MIXED_SCRIPT_CONFUSABLE = 2 ;
const integer WHOLE_SCRIPT_CONFUSABLE = 4 ;
const integer ANY_CASE = 8 ;
const integer SINGLE_SCRIPT = 16 ;
const integer INVISIBLE = 32 ;
const integer CHAR_LIMIT = 64 ;
/* Методы */
public areConfusable ( string $str1 , string $str2 [, string &$error ] ) : bool
public __construct ( void )
public isSuspicious ( string $text [, string &$error ] ) : bool
public setAllowedLocales ( string $locale_list ) : void
public setChecks ( int $checks ) : void
}

Предопределенные константы

Spoofchecker::ASCII

Spoofchecker::HIGHLY_RESTRICTIVE

Spoofchecker::MODERATELY_RESTRICTIVE

Spoofchecker::MINIMALLY_RESTRICTIVE

Spoofchecker::UNRESTRICTIVE

Spoofchecker::SINGLE_SCRIPT_RESTRICTIVE

Spoofchecker::SINGLE_SCRIPT_CONFUSABLE

Spoofchecker::MIXED_SCRIPT_CONFUSABLE

Spoofchecker::WHOLE_SCRIPT_CONFUSABLE

Spoofchecker::ANY_CASE

Spoofchecker::SINGLE_SCRIPT

Spoofchecker::INVISIBLE

Spoofchecker::CHAR_LIMIT

Список изменений

Версия Описание
7.3.0 Добавлены константы класса, используемые Spoofchecker::setRestrictionLevel(), такие как: Spoofchecker::ASCII, Spoofchecker::HIGHLY_RESTRICTIVE, Spoofchecker::MODERATELY_RESTRICTIVE, Spoofchecker::MINIMALLY_RESTRICTIVE, Spoofchecker::UNRESTRICTIVE, Spoofchecker::SINGLE_SCRIPT_RESTRICTIVE.

Содержание

add a note add a note

User Contributed Notes 2 notes

up
4
Anonymous
2 years ago
From http://icu-project.org/apiref/icu4j/com/ibm/icu/text/SpoofChecker.html :
SINGLE_SCRIPT_CONFUSABLE: indicates that the two strings are visually confusable and that they are from the same script
MIXED_SCRIPT_CONFUSABLE: indicates that the two strings are visually confusable and that they are NOT from the same script
WHOLE_SCRIPT_CONFUSABLE: indicates that the two strings are visually confusable and that they are NOT from the same script BUT both of them are single-script strings
ANY_CASE: Deprecated.
SINGLE_SCRIPT: Deprecated.
INVISIBLE: Check an identifier for the presence of invisible characters, such as zero-width spaces, or character sequences that are likely not to display, such as multiple occurrences of the same non-spacing mark.
CHAR_LIMIT: Check that an identifier contains only characters from a specified set of acceptable characters.

Explanation of whole script, mixed script and single script confusables in UTS 39 section 4 : http://unicode.org/reports/tr39/#Confusable_Detection

Details from Java SpoofChecker class at http://icu-project.org/apiref/icu4j/com/ibm/icu/text/SpoofChecker.html
up
0
Anonymous
1 year ago
Spoofchecker yields false positives by defaut when Whole-Script Confusables (WSC) and Mixed-Script Confusables (MSC) checks are used.
They have been deprecated since ICU 58:
http://bugs.icu-project.org/trac/ticket/12549#comment:10

Workarounds: upgrade ICU to 58+, or avoid the MSC and WSC checks with Spoofcheckers' setChecks() function.
To Top