3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
18 use function xKerman\Restricted\unserialize
;
19 use xKerman\Restricted\UnserializeFailedException
;
21 require_once 'HTML/QuickForm/Rule/Email.php';
24 * This class contains string functions.
26 class CRM_Utils_String
{
27 const COMMA
= ",", SEMICOLON
= ";", SPACE
= " ", TAB
= "\t", LINEFEED
= "\n", CARRIAGELINE
= "\r\n", LINECARRIAGE
= "\n\r", CARRIAGERETURN
= "\r";
30 * List of all letters and numbers
32 const ALPHANUMERIC
= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
35 * Convert a display name into a potential variable name.
37 * @param string $title title of the string
38 * @param int $maxLength
41 * An equivalent variable name.
43 public static function titleToVar($title, $maxLength = 31) {
44 $variable = self
::munge($title, '_', $maxLength);
46 if (CRM_Utils_Rule
::title($variable, $maxLength)) {
50 // if longer than the maxLength lets just return a substr of the
51 // md5 to prevent errors downstream
52 return substr(md5($title), 0, $maxLength);
56 * Replace all non alpha numeric characters and spaces with the replacement character.
59 * The name to be worked on.
61 * The character to use for non-valid chars.
63 * Length of valid variables.
66 * returns the manipulated string
68 public static function munge($name, $char = '_', $len = 63) {
69 // Replace all white space and non-alpha numeric with $char
70 // we only use the ascii character set since mysql does not create table names / field names otherwise
72 $name = preg_replace('/[^a-zA-Z0-9]+/', $char, trim($name));
74 //If there are no ascii characters present.
76 $name = self
::createRandom($len, self
::ALPHANUMERIC
);
80 // lets keep variable names short
81 return substr($name, 0, $len);
89 * Convert possibly underscore separated words to camel case.
92 * @param bool $ucFirst
93 * Should the first letter be capitalized like `CamelCase` or lower like `camelCase`
96 public static function convertStringToCamel($str, $ucFirst = TRUE) {
97 $fragments = explode('_', $str);
98 $camel = implode('', array_map('ucfirst', $fragments));
99 return $ucFirst ?
$camel : lcfirst($camel);
103 * Takes a variable name and munges it randomly into another variable name.
105 * @param string $name
106 * Initial Variable Name.
108 * Length of valid variables.
111 * Randomized Variable Name
113 public static function rename($name, $len = 4) {
114 $rand = substr(uniqid(), 0, $len);
115 return substr_replace($name, $rand, -$len, $len);
119 * Takes a string and returns the last tuple of the string.
121 * Useful while converting file names to class names etc
123 * @param string $string
125 * @param string $char
126 * Character used to demarcate the components
131 public static function getClassName($string, $char = '_') {
133 if (!is_array($string)) {
134 $names = explode($char, $string);
136 if (!empty($names)) {
137 return array_pop($names);
142 * Appends a name to a string and separated by delimiter.
144 * Does the right thing for an empty string
147 * The string to be appended to.
148 * @param string $delim
149 * The delimiter to use.
151 * The string (or array of strings) to append.
153 public static function append(&$str, $delim, $name) {
158 if (is_array($name)) {
159 foreach ($name as $n) {
176 $str .= $delim . $name;
182 * Determine if the string is composed only of ascii characters.
187 * Attempt utf8 match on failure (default yes).
190 * true if string is ascii
192 public static function isAscii($str, $utf8 = TRUE) {
193 if (!function_exists('mb_detect_encoding')) {
194 // eliminate all white space from the string
195 $str = preg_replace('/\s+/', '', $str);
196 // FIXME: This is a pretty brutal hack to make utf8 and 8859-1 work.
198 // match low- or high-ascii characters
199 if (preg_match('/[\x00-\x20]|[\x7F-\xFF]/', $str)) {
200 // || // low ascii characters
201 // high ascii characters
202 // preg_match( '/[\x7F-\xFF]/', $str ) ) {
204 // if we did match, try for utf-8, or iso8859-1
206 return self
::isUtf8($str);
219 $enc = mb_detect_encoding($str, $order, TRUE);
220 return ($enc == 'ASCII' ||
$enc == 'UTF-8');
225 * Determine the string replacements for redaction.
226 * on the basis of the regular expressions
230 * @param array $regexRules
231 * Regular expression to be matched w/ replacements.
234 * array of strings w/ corresponding redacted outputs
236 public static function regex($str, $regexRules) {
237 // redact the regular expressions
238 if (!empty($regexRules) && isset($str)) {
239 static $matches, $totalMatches, $match = [];
240 foreach ($regexRules as $pattern => $replacement) {
241 preg_match_all($pattern, $str, $matches);
242 if (!empty($matches[0])) {
243 if (empty($totalMatches)) {
244 $totalMatches = $matches[0];
247 $totalMatches = array_merge($totalMatches, $matches[0]);
249 $match = array_flip($totalMatches);
254 if (!empty($match)) {
255 foreach ($match as $matchKey => & $dontCare) {
256 foreach ($regexRules as $pattern => $replacement) {
257 if (preg_match($pattern, $matchKey)) {
258 $dontCare = $replacement . substr(md5($matchKey), 0, 5);
270 * @param $stringRules
274 public static function redaction($str, $stringRules) {
275 // redact the strings
276 if (!empty($stringRules)) {
277 foreach ($stringRules as $match => $replace) {
278 $str = str_ireplace($match, $replace, $str);
282 // return the redacted output
287 * Determine if a string is composed only of utf8 characters
294 public static function isUtf8($str) {
295 if (!function_exists(mb_detect_encoding
)) {
296 // eliminate all white space from the string
297 $str = preg_replace('/\s+/', '', $str);
299 // pattern stolen from the php.net function documentation for
301 // comment by JF Sebastian, 30-Mar-2005
302 return preg_match('/^([\x00-\x7f]|[\xc2-\xdf][\x80-\xbf]|\xe0[\xa0-\xbf][\x80-\xbf]|[\xe1-\xec][\x80-\xbf]{2}|\xed[\x80-\x9f][\x80-\xbf]|[\xee-\xef][\x80-\xbf]{2}|f0[\x90-\xbf][\x80-\xbf]{2}|[\xf1-\xf3][\x80-\xbf]{3}|\xf4[\x80-\x8f][\x80-\xbf]{2})*$/', $str);
304 // iconv('ISO-8859-1', 'UTF-8', $str);
307 $enc = mb_detect_encoding($str, ['UTF-8'], TRUE);
308 return ($enc !== FALSE);
313 * Determine if two hrefs are equivalent (fuzzy match)
315 * @param string $url1
316 * The first url to be matched.
317 * @param string $url2
318 * The second url to be matched against.
321 * true if the urls match, else false
323 public static function match($url1, $url2) {
324 $url1 = strtolower($url1);
325 $url2 = strtolower($url2);
327 $url1Str = parse_url($url1);
328 $url2Str = parse_url($url2);
330 if ($url1Str['path'] == $url2Str['path'] &&
331 self
::extractURLVarValue(CRM_Utils_Array
::value('query', $url1Str)) == self
::extractURLVarValue(CRM_Utils_Array
::value('query', $url2Str))
339 * Extract the civicrm path from the url.
341 * @param string $query
344 * @return string|null
345 * civicrm url (eg: civicrm/contact/search)
347 public static function extractURLVarValue($query) {
348 $config = CRM_Core_Config
::singleton();
349 $urlVar = $config->userFrameworkURLVar
;
351 $params = explode('&', $query);
352 foreach ($params as $p) {
353 if (strpos($p, '=')) {
354 list($k, $v) = explode('=', $p);
364 * Translate a true/false/yes/no string to a 0 or 1 value
367 * The string to be translated.
371 public static function strtobool($str) {
372 if (!is_scalar($str)) {
376 if (preg_match('/^(y(es)?|t(rue)?|1)$/i', $str)) {
383 * Returns string '1' for a true/yes/1 string, and '0' for no/false/0 else returns false
386 * The string to be translated.
390 public static function strtoboolstr($str) {
391 if (!is_scalar($str)) {
395 if (preg_match('/^(y(es)?|t(rue)?|1)$/i', $str)) {
398 elseif (preg_match('/^(n(o)?|f(alse)?|0)$/i', $str)) {
407 * Convert a HTML string into a text one using html2text
409 * @param string $html
410 * The string to be converted.
413 * the converted string
415 public static function htmlToText($html) {
416 require_once 'html2text/rcube_html2text.php';
417 $token_html = preg_replace('!\{([a-z_.]+)\}!i', 'token:{$1}', $html);
418 $converter = new rcube_html2text($token_html);
419 $token_text = $converter->get_text();
420 $text = preg_replace('!token\:\{([a-z_.]+)\}!i', '{$1}', $token_text);
426 * @param array $params
428 public static function extractName($string, &$params) {
429 $name = trim($string);
435 $name = str_replace('"', '', $name);
436 $name = str_replace('\'', '', $name);
438 // check for comma in name
439 if (strpos($name, ',') !== FALSE) {
441 // name has a comma - assume lname, fname [mname]
442 $names = explode(',', $name);
443 if (count($names) > 1) {
444 $params['last_name'] = trim($names[0]);
446 // check for space delim
447 $fnames = explode(' ', trim($names[1]));
448 if (count($fnames) > 1) {
449 $params['first_name'] = trim($fnames[0]);
450 $params['middle_name'] = trim($fnames[1]);
453 $params['first_name'] = trim($fnames[0]);
457 $params['first_name'] = trim($names[0]);
461 // name has no comma - assume fname [mname] fname
462 $names = explode(' ', $name);
463 if (count($names) == 1) {
464 $params['first_name'] = $names[0];
466 elseif (count($names) == 2) {
467 $params['first_name'] = $names[0];
468 $params['last_name'] = $names[1];
471 $params['first_name'] = $names[0];
472 $params['middle_name'] = $names[1];
473 $params['last_name'] = $names[2];
483 public static function &makeArray($string) {
484 $string = trim($string);
486 $values = explode("\n", $string);
488 foreach ($values as $value) {
489 list($n, $v) = CRM_Utils_System
::explode('=', $value, 2);
491 $result[trim($n)] = trim($v);
498 * Given an ezComponents-parsed representation of
499 * a text with alternatives return only the first one
501 * @param string $full
502 * All alternatives as a long string (or some other text).
505 * only the first alternative found (or the text without alternatives)
507 public static function stripAlternatives($full) {
509 preg_match('/-ALTERNATIVE ITEM 0-(.*?)-ALTERNATIVE ITEM 1-.*-ALTERNATIVE END-/s', $full, $matches);
511 if (isset($matches[1]) &&
512 trim(strip_tags($matches[1])) != ''
522 * Strip leading, trailing, double spaces from string
523 * used for postal/greeting/addressee
525 * @param string $string
526 * Input string to be cleaned.
531 public static function stripSpaces($string) {
532 return (empty($string)) ?
$string : preg_replace("/\s{2,}/", " ", trim($string));
536 * clean the URL 'path' variable that we use
537 * to construct CiviCRM urls by removing characters from the path variable
539 * @param string $string
540 * The input string to be sanitized.
541 * @param array $search
542 * The characters to be sanitized.
543 * @param string $replace
544 * The character to replace it with.
547 * the sanitized string
549 public static function stripPathChars(
554 static $_searchChars = NULL;
555 static $_replaceChar = NULL;
557 if (empty($string)) {
561 if ($_searchChars == NULL) {
584 if ($search == NULL) {
585 $search = $_searchChars;
588 if ($replace == NULL) {
589 $replace = $_replaceChar;
592 return str_replace($search, $replace, $string);
596 * Use HTMLPurifier to clean up a text string and remove any potential
597 * xss attacks. This is primarily used in public facing pages which
598 * accept html as the input string
600 * @param string $string
604 * the cleaned up string
606 public static function purifyHTML($string) {
607 static $_filter = NULL;
609 $config = HTMLPurifier_Config
::createDefault();
610 $config->set('Core.Encoding', 'UTF-8');
611 $config->set('Attr.AllowedFrameTargets', ['_blank', '_self', '_parent', '_top']);
613 // Disable the cache entirely
614 $config->set('Cache.DefinitionImpl', NULL);
616 $_filter = new HTMLPurifier($config);
619 return $_filter->purify($string);
623 * Truncate $string; if $string exceeds $maxLen, place "..." at the end
625 * @param string $string
630 public static function ellipsify($string, $maxLen) {
631 if (mb_strlen($string, 'UTF-8') <= $maxLen) {
634 return mb_substr($string, 0, $maxLen - 3, 'UTF-8') . '...';
638 * Generate a random string.
644 public static function createRandom($len, $alphabet) {
645 $alphabetSize = strlen($alphabet);
647 for ($i = 0; $i < $len; $i++
) {
648 $result .= $alphabet{rand(1, $alphabetSize) - 1};
655 * "admin foo" => array(NULL,"admin foo")
656 * "cms:admin foo" => array("cms", "admin foo")
659 * @param string $string
660 * E.g. "view all contacts". Syntax: "[prefix:]name".
661 * @param null $defaultPrefix
664 * (0 => string|NULL $prefix, 1 => string $value)
666 public static function parsePrefix($delim, $string, $defaultPrefix = NULL) {
667 $pos = strpos($string, $delim);
668 if ($pos === FALSE) {
669 return [$defaultPrefix, $string];
672 return [substr($string, 0, $pos), substr($string, 1 +
$pos)];
677 * This function will mask part of the the user portion of an Email address (everything before the @)
679 * @param string $email
680 * The email address to be masked.
681 * @param string $maskChar
682 * The character used for masking.
683 * @param int $percent
684 * The percentage of the user portion to be masked.
687 * returns the masked Email address
689 public static function maskEmail($email, $maskChar = '*', $percent = 50) {
690 list($user, $domain) = preg_split("/@/", $email);
691 $len = strlen($user);
692 $maskCount = floor($len * $percent / 100);
693 $offset = floor(($len - $maskCount) / 2);
695 $masked = substr($user, 0, $offset)
696 . str_repeat($maskChar, $maskCount)
697 . substr($user, $maskCount +
$offset);
699 return ($masked . '@' . $domain);
703 * This function compares two strings.
705 * @param string $strOne
707 * @param string $strTwo
710 * Boolean indicating whether you want the comparison to be case sensitive or not.
713 * TRUE (string are identical); FALSE (strings are not identical)
715 public static function compareStr($strOne, $strTwo, $case) {
717 // Convert to lowercase and trim white spaces
718 if (strtolower(trim($strOne)) == strtolower(trim($strTwo))) {
719 // yes - they are identical
727 if ($case == FALSE) {
729 if (trim($strOne) == trim($strTwo)) {
730 // yes - they are identical
741 * Many parts of the codebase have a convention of internally passing around
742 * HTML-encoded URLs. This effectively means that "&" is replaced by "&"
743 * (because most other odd characters are %-escaped in URLs; and %-escaped
744 * strings don't need any extra escaping in HTML).
746 * @param string $htmlUrl
747 * URL with HTML entities.
749 * URL without HTML entities
751 public static function unstupifyUrl($htmlUrl) {
752 return str_replace('&', '&', $htmlUrl);
756 * When a user supplies a URL (e.g. to an image), we'd like to:
757 * - Remove the protocol and domain name if the URL points to the current
759 * - Keep the domain name for remote URLs.
760 * - Optionally, force remote URLs to use https instead of http (which is
764 * The URL to simplify. Examples:
765 * "https://example.org/sites/default/files/coffee-mug.jpg"
766 * "sites/default/files/coffee-mug.jpg"
767 * "http://i.stack.imgur.com/9jb2ial01b.png"
768 * @param bool $forceHttps = FALSE
769 * If TRUE, ensure that remote URLs use https. If a URL with
770 * http is supplied, then we'll change it to https.
771 * This is useful for situations like showing a premium product on a
772 * contribution, because (as reported in CRM-14283) if the user gets a
773 * browser warning like "page contains insecure elements" on a contribution
774 * page, that's a very bad thing. Thus, even if changing http to https
775 * breaks the image, that's better than leaving http content in a
779 * The simplified URL. Examples:
780 * "/sites/default/files/coffee-mug.jpg"
781 * "https://i.stack.imgur.com/9jb2ial01b.png"
783 public static function simplifyURL($url, $forceHttps = FALSE) {
784 $config = CRM_Core_Config
::singleton();
785 $siteURLParts = self
::simpleParseUrl($config->userFrameworkBaseURL
);
786 $urlParts = self
::simpleParseUrl($url);
788 // If the image is locally hosted, then only give the path to the image
790 = ($urlParts['host+port'] == '')
791 |
($urlParts['host+port'] == $siteURLParts['host+port']);
793 // and make sure it begins with one forward slash
794 return preg_replace('_^/*(?=.)_', '/', $urlParts['path+query']);
797 // If the URL is external, then keep the full URL as supplied
799 return $forceHttps ?
preg_replace('_^http://_', 'https://', $url) : $url;
804 * A simplified version of PHP's parse_url() function.
807 * e.g. "https://example.com:8000/foo/bar/?id=1#fragment"
810 * Will always contain keys 'host+port' and 'path+query', even if they're
811 * empty strings. Example:
813 * 'host+port' => "example.com:8000",
814 * 'path+query' => "/foo/bar/?id=1",
817 public static function simpleParseUrl($url) {
818 $parts = parse_url($url);
819 $host = $parts['host'] ??
'';
820 $port = isset($parts['port']) ?
':' . $parts['port'] : '';
821 $path = $parts['path'] ??
'';
822 $query = isset($parts['query']) ?
'?' . $parts['query'] : '';
824 'host+port' => "$host$port",
825 'path+query' => "$path$query",
830 * Formats a string of attributes for insertion in an html tag.
832 * @param array $attributes
836 public static function htmlAttributes($attributes) {
838 foreach ($attributes as $name => $vals) {
839 $output .= " $name=\"" . htmlspecialchars(implode(' ', (array) $vals)) . '"';
841 return ltrim($output);
845 * Determine if $string starts with $fragment.
847 * @param string $string
849 * @param string $fragment
850 * The fragment to look for.
853 public static function startsWith($string, $fragment) {
854 if ($fragment === '') {
857 $len = strlen($fragment);
858 return substr($string, 0, $len) === $fragment;
862 * Determine if $string ends with $fragment.
864 * @param string $string
866 * @param string $fragment
867 * The fragment to look for.
870 public static function endsWith($string, $fragment) {
871 if ($fragment === '') {
874 $len = strlen($fragment);
875 return substr($string, -1 * $len) === $fragment;
879 * @param string|array $patterns
880 * @param array $allStrings
881 * @param bool $allowNew
882 * Whether to return new, unrecognized names.
885 public static function filterByWildcards($patterns, $allStrings, $allowNew = FALSE) {
886 $patterns = (array) $patterns;
888 foreach ($patterns as $pattern) {
889 if (!\CRM_Utils_String
::endsWith($pattern, '*')) {
890 if ($allowNew ||
in_array($pattern, $allStrings)) {
891 $result[] = $pattern;
895 $prefix = rtrim($pattern, '*');
896 foreach ($allStrings as $key) {
897 if (\CRM_Utils_String
::startsWith($key, $prefix)) {
903 return array_values(array_unique($result));
907 * Safely unserialize a string of scalar or array values (but not objects!)
909 * Use `xkerman/restricted-unserialize` to unserialize strings using PHP's
910 * serialization format. `restricted-unserialize` works like PHP's built-in
911 * `unserialize` function except that it does not deserialize object instances,
912 * making it immune to PHP Object Injection {@see https://www.owasp.org/index.php/PHP_Object_Injection}
915 * Note: When dealing with user inputs, it is generally recommended to use
916 * safe, standard data interchange formats such as JSON rather than PHP's
917 * serialization format when dealing with user input.
919 * @param string|NULL $string
923 public static function unserialize($string) {
924 if (!is_string($string)) {
928 return unserialize($string);
930 catch (UnserializeFailedException
$e) {
936 * Returns the plural form of an English word.
941 public static function pluralize($str) {
942 switch (substr($str, -1)) {
947 return substr($str, 0, -1) . 'ies';
955 * Generic check as to whether any tokens are in the given string.
957 * It might be a smarty token OR a CiviCRM token. In both cases the
958 * absence of a '{' indicates no token is present.
960 * @param string $string
964 public static function stringContainsTokens(string $string) {
965 return strpos($string, '{') !== FALSE;
969 * Parse a string through smarty without creating a smarty template file per string.
971 * This function is for swapping out any smarty tokens that appear in a string
972 * and are not re-used much if at all. For example parsing a contact's greeting
973 * does not need to be cached are there are some minor security / data privacy benefits
974 * to not caching them per file. We also save disk space, reduce I/O and disk clearing time.
976 * Doing this is cleaning in Smarty3 which we are alas not using
977 * https://www.smarty.net/docs/en/resources.string.tpl
979 * However, it highlights that smarty-eval is not evil-eval and still have the security applied.
981 * In order to replicate that in Smarty2 I'm using {eval} per
982 * https://www.smarty.net/docsv2/en/language.function.eval.tpl#id2820446
984 * - Evaluated variables are treated the same as templates. They follow the same escapement and security features just as if they were templates.
985 * - Evaluated variables are compiled on every invocation, the compiled versions are not saved! However if you have caching enabled, the output
986 * will be cached with the rest of the template.
988 * Our set up does not have caching enabled and my testing suggests this still works fine with it
989 * enabled so turning it off before running this is out of caution based on the above.
991 * When this function is run only one template file is created (for the eval) tag no matter how
992 * many times it is run. This compares to it otherwise creating one file for every parsed string.
994 * @param string $templateString
998 public static function parseOneOffStringThroughSmarty($templateString) {
999 if (!CRM_Utils_String
::stringContainsTokens($templateString)) {
1000 // Skip expensive smarty processing.
1001 return $templateString;
1003 $smarty = CRM_Core_Smarty
::singleton();
1004 $cachingValue = $smarty->caching
;
1005 $smarty->caching
= 0;
1006 $smarty->assign('smartySingleUseString', $templateString);
1007 $templateString = $smarty->fetch('string:{eval var=$smartySingleUseString}');
1008 $smarty->caching
= $cachingValue;
1009 $smarty->assign('smartySingleUseString', NULL);
1010 return $templateString;