3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
18 use function xKerman\Restricted\unserialize
;
19 use xKerman\Restricted\UnserializeFailedException
;
21 require_once 'HTML/QuickForm/Rule/Email.php';
24 * This class contains string functions.
26 class CRM_Utils_String
{
27 const COMMA
= ",", SEMICOLON
= ";", SPACE
= " ", TAB
= "\t", LINEFEED
= "\n", CARRIAGELINE
= "\r\n", LINECARRIAGE
= "\n\r", CARRIAGERETURN
= "\r";
30 * List of all letters and numbers
32 const ALPHANUMERIC
= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
35 * Convert a display name into a potential variable name.
37 * @param string $title title of the string
38 * @param int $maxLength
41 * An equivalent variable name.
43 public static function titleToVar($title, $maxLength = 31) {
44 $variable = self
::munge($title, '_', $maxLength);
46 if (CRM_Utils_Rule
::title($variable, $maxLength)) {
50 // if longer than the maxLength lets just return a substr of the
51 // md5 to prevent errors downstream
52 return substr(md5($title), 0, $maxLength);
56 * Replace all non alpha numeric characters and spaces with the replacement character.
59 * The name to be worked on.
61 * The character to use for non-valid chars.
63 * Length of valid variables.
66 * returns the manipulated string
68 public static function munge($name, $char = '_', $len = 63) {
69 // Replace all white space and non-alpha numeric with $char
70 // we only use the ascii character set since mysql does not create table names / field names otherwise
72 $name = preg_replace('/[^a-zA-Z0-9]+/', $char, trim($name));
74 //If there are no ascii characters present.
76 $name = self
::createRandom($len, self
::ALPHANUMERIC
);
80 // lets keep variable names short
81 return substr($name, 0, $len);
89 * Convert possibly underscore separated words to camel case with special handling for 'UF'
90 * e.g membership_payment returns MembershipPayment
92 * @param string $string
96 public static function convertStringToCamel($string) {
103 if (isset($map[$string])) {
104 return $map[$string];
107 $fragments = explode('_', $string);
108 foreach ($fragments as & $fragment) {
109 $fragment = ucfirst($fragment);
110 // Special case: UFGroup, UFJoin, UFMatch, UFField (if passed in without underscores)
111 if (strpos($fragment, 'Uf') === 0 && strlen($string) > 2) {
112 $fragment = 'UF' . ucfirst(substr($fragment, 2));
115 // Special case: UFGroup, UFJoin, UFMatch, UFField (if passed in underscore-separated)
116 if ($fragments[0] === 'Uf') {
117 $fragments[0] = 'UF';
119 return implode('', $fragments);
123 * Takes a variable name and munges it randomly into another variable name.
125 * @param string $name
126 * Initial Variable Name.
128 * Length of valid variables.
131 * Randomized Variable Name
133 public static function rename($name, $len = 4) {
134 $rand = substr(uniqid(), 0, $len);
135 return substr_replace($name, $rand, -$len, $len);
139 * Takes a string and returns the last tuple of the string.
141 * Useful while converting file names to class names etc
143 * @param string $string
145 * @param string $char
146 * Character used to demarcate the components
151 public static function getClassName($string, $char = '_') {
153 if (!is_array($string)) {
154 $names = explode($char, $string);
156 if (!empty($names)) {
157 return array_pop($names);
162 * Appends a name to a string and separated by delimiter.
164 * Does the right thing for an empty string
167 * The string to be appended to.
168 * @param string $delim
169 * The delimiter to use.
171 * The string (or array of strings) to append.
173 public static function append(&$str, $delim, $name) {
178 if (is_array($name)) {
179 foreach ($name as $n) {
196 $str .= $delim . $name;
202 * Determine if the string is composed only of ascii characters.
207 * Attempt utf8 match on failure (default yes).
210 * true if string is ascii
212 public static function isAscii($str, $utf8 = TRUE) {
213 if (!function_exists('mb_detect_encoding')) {
214 // eliminate all white space from the string
215 $str = preg_replace('/\s+/', '', $str);
216 // FIXME: This is a pretty brutal hack to make utf8 and 8859-1 work.
218 // match low- or high-ascii characters
219 if (preg_match('/[\x00-\x20]|[\x7F-\xFF]/', $str)) {
220 // || // low ascii characters
221 // high ascii characters
222 // preg_match( '/[\x7F-\xFF]/', $str ) ) {
224 // if we did match, try for utf-8, or iso8859-1
226 return self
::isUtf8($str);
239 $enc = mb_detect_encoding($str, $order, TRUE);
240 return ($enc == 'ASCII' ||
$enc == 'UTF-8');
245 * Determine the string replacements for redaction.
246 * on the basis of the regular expressions
250 * @param array $regexRules
251 * Regular expression to be matched w/ replacements.
254 * array of strings w/ corresponding redacted outputs
256 public static function regex($str, $regexRules) {
257 // redact the regular expressions
258 if (!empty($regexRules) && isset($str)) {
259 static $matches, $totalMatches, $match = [];
260 foreach ($regexRules as $pattern => $replacement) {
261 preg_match_all($pattern, $str, $matches);
262 if (!empty($matches[0])) {
263 if (empty($totalMatches)) {
264 $totalMatches = $matches[0];
267 $totalMatches = array_merge($totalMatches, $matches[0]);
269 $match = array_flip($totalMatches);
274 if (!empty($match)) {
275 foreach ($match as $matchKey => & $dontCare) {
276 foreach ($regexRules as $pattern => $replacement) {
277 if (preg_match($pattern, $matchKey)) {
278 $dontCare = $replacement . substr(md5($matchKey), 0, 5);
290 * @param $stringRules
294 public static function redaction($str, $stringRules) {
295 // redact the strings
296 if (!empty($stringRules)) {
297 foreach ($stringRules as $match => $replace) {
298 $str = str_ireplace($match, $replace, $str);
302 // return the redacted output
307 * Determine if a string is composed only of utf8 characters
314 public static function isUtf8($str) {
315 if (!function_exists(mb_detect_encoding
)) {
316 // eliminate all white space from the string
317 $str = preg_replace('/\s+/', '', $str);
319 // pattern stolen from the php.net function documentation for
321 // comment by JF Sebastian, 30-Mar-2005
322 return preg_match('/^([\x00-\x7f]|[\xc2-\xdf][\x80-\xbf]|\xe0[\xa0-\xbf][\x80-\xbf]|[\xe1-\xec][\x80-\xbf]{2}|\xed[\x80-\x9f][\x80-\xbf]|[\xee-\xef][\x80-\xbf]{2}|f0[\x90-\xbf][\x80-\xbf]{2}|[\xf1-\xf3][\x80-\xbf]{3}|\xf4[\x80-\x8f][\x80-\xbf]{2})*$/', $str);
324 // iconv('ISO-8859-1', 'UTF-8', $str);
327 $enc = mb_detect_encoding($str, ['UTF-8'], TRUE);
328 return ($enc !== FALSE);
333 * Determine if two hrefs are equivalent (fuzzy match)
335 * @param string $url1
336 * The first url to be matched.
337 * @param string $url2
338 * The second url to be matched against.
341 * true if the urls match, else false
343 public static function match($url1, $url2) {
344 $url1 = strtolower($url1);
345 $url2 = strtolower($url2);
347 $url1Str = parse_url($url1);
348 $url2Str = parse_url($url2);
350 if ($url1Str['path'] == $url2Str['path'] &&
351 self
::extractURLVarValue(CRM_Utils_Array
::value('query', $url1Str)) == self
::extractURLVarValue(CRM_Utils_Array
::value('query', $url2Str))
359 * Extract the civicrm path from the url.
361 * @param string $query
364 * @return string|null
365 * civicrm url (eg: civicrm/contact/search)
367 public static function extractURLVarValue($query) {
368 $config = CRM_Core_Config
::singleton();
369 $urlVar = $config->userFrameworkURLVar
;
371 $params = explode('&', $query);
372 foreach ($params as $p) {
373 if (strpos($p, '=')) {
374 list($k, $v) = explode('=', $p);
384 * Translate a true/false/yes/no string to a 0 or 1 value
387 * The string to be translated.
391 public static function strtobool($str) {
392 if (!is_scalar($str)) {
396 if (preg_match('/^(y(es)?|t(rue)?|1)$/i', $str)) {
403 * Returns string '1' for a true/yes/1 string, and '0' for no/false/0 else returns false
406 * The string to be translated.
410 public static function strtoboolstr($str) {
411 if (!is_scalar($str)) {
415 if (preg_match('/^(y(es)?|t(rue)?|1)$/i', $str)) {
418 elseif (preg_match('/^(n(o)?|f(alse)?|0)$/i', $str)) {
427 * Convert a HTML string into a text one using html2text
429 * @param string $html
430 * The string to be converted.
433 * the converted string
435 public static function htmlToText($html) {
436 require_once 'html2text/rcube_html2text.php';
437 $token_html = preg_replace('!\{([a-z_.]+)\}!i', 'token:{$1}', $html);
438 $converter = new rcube_html2text($token_html);
439 $token_text = $converter->get_text();
440 $text = preg_replace('!token\:\{([a-z_.]+)\}!i', '{$1}', $token_text);
446 * @param array $params
448 public static function extractName($string, &$params) {
449 $name = trim($string);
455 $name = str_replace('"', '', $name);
456 $name = str_replace('\'', '', $name);
458 // check for comma in name
459 if (strpos($name, ',') !== FALSE) {
461 // name has a comma - assume lname, fname [mname]
462 $names = explode(',', $name);
463 if (count($names) > 1) {
464 $params['last_name'] = trim($names[0]);
466 // check for space delim
467 $fnames = explode(' ', trim($names[1]));
468 if (count($fnames) > 1) {
469 $params['first_name'] = trim($fnames[0]);
470 $params['middle_name'] = trim($fnames[1]);
473 $params['first_name'] = trim($fnames[0]);
477 $params['first_name'] = trim($names[0]);
481 // name has no comma - assume fname [mname] fname
482 $names = explode(' ', $name);
483 if (count($names) == 1) {
484 $params['first_name'] = $names[0];
486 elseif (count($names) == 2) {
487 $params['first_name'] = $names[0];
488 $params['last_name'] = $names[1];
491 $params['first_name'] = $names[0];
492 $params['middle_name'] = $names[1];
493 $params['last_name'] = $names[2];
503 public static function &makeArray($string) {
504 $string = trim($string);
506 $values = explode("\n", $string);
508 foreach ($values as $value) {
509 list($n, $v) = CRM_Utils_System
::explode('=', $value, 2);
511 $result[trim($n)] = trim($v);
518 * Given an ezComponents-parsed representation of
519 * a text with alternatives return only the first one
521 * @param string $full
522 * All alternatives as a long string (or some other text).
525 * only the first alternative found (or the text without alternatives)
527 public static function stripAlternatives($full) {
529 preg_match('/-ALTERNATIVE ITEM 0-(.*?)-ALTERNATIVE ITEM 1-.*-ALTERNATIVE END-/s', $full, $matches);
531 if (isset($matches[1]) &&
532 trim(strip_tags($matches[1])) != ''
542 * Strip leading, trailing, double spaces from string
543 * used for postal/greeting/addressee
545 * @param string $string
546 * Input string to be cleaned.
551 public static function stripSpaces($string) {
552 return (empty($string)) ?
$string : preg_replace("/\s{2,}/", " ", trim($string));
556 * clean the URL 'path' variable that we use
557 * to construct CiviCRM urls by removing characters from the path variable
559 * @param string $string
560 * The input string to be sanitized.
561 * @param array $search
562 * The characters to be sanitized.
563 * @param string $replace
564 * The character to replace it with.
567 * the sanitized string
569 public static function stripPathChars(
574 static $_searchChars = NULL;
575 static $_replaceChar = NULL;
577 if (empty($string)) {
581 if ($_searchChars == NULL) {
604 if ($search == NULL) {
605 $search = $_searchChars;
608 if ($replace == NULL) {
609 $replace = $_replaceChar;
612 return str_replace($search, $replace, $string);
616 * Use HTMLPurifier to clean up a text string and remove any potential
617 * xss attacks. This is primarily used in public facing pages which
618 * accept html as the input string
620 * @param string $string
624 * the cleaned up string
626 public static function purifyHTML($string) {
627 static $_filter = NULL;
629 $config = HTMLPurifier_Config
::createDefault();
630 $config->set('Core.Encoding', 'UTF-8');
631 $config->set('Attr.AllowedFrameTargets', ['_blank', '_self', '_parent', '_top']);
633 // Disable the cache entirely
634 $config->set('Cache.DefinitionImpl', NULL);
636 $_filter = new HTMLPurifier($config);
639 return $_filter->purify($string);
643 * Truncate $string; if $string exceeds $maxLen, place "..." at the end
645 * @param string $string
650 public static function ellipsify($string, $maxLen) {
651 if (mb_strlen($string, 'UTF-8') <= $maxLen) {
654 return mb_substr($string, 0, $maxLen - 3, 'UTF-8') . '...';
658 * Generate a random string.
664 public static function createRandom($len, $alphabet) {
665 $alphabetSize = strlen($alphabet);
667 for ($i = 0; $i < $len; $i++
) {
668 $result .= $alphabet{rand(1, $alphabetSize) - 1};
675 * "admin foo" => array(NULL,"admin foo")
676 * "cms:admin foo" => array("cms", "admin foo")
679 * @param string $string
680 * E.g. "view all contacts". Syntax: "[prefix:]name".
681 * @param null $defaultPrefix
684 * (0 => string|NULL $prefix, 1 => string $value)
686 public static function parsePrefix($delim, $string, $defaultPrefix = NULL) {
687 $pos = strpos($string, $delim);
688 if ($pos === FALSE) {
689 return [$defaultPrefix, $string];
692 return [substr($string, 0, $pos), substr($string, 1 +
$pos)];
697 * This function will mask part of the the user portion of an Email address (everything before the @)
699 * @param string $email
700 * The email address to be masked.
701 * @param string $maskChar
702 * The character used for masking.
703 * @param int $percent
704 * The percentage of the user portion to be masked.
707 * returns the masked Email address
709 public static function maskEmail($email, $maskChar = '*', $percent = 50) {
710 list($user, $domain) = preg_split("/@/", $email);
711 $len = strlen($user);
712 $maskCount = floor($len * $percent / 100);
713 $offset = floor(($len - $maskCount) / 2);
715 $masked = substr($user, 0, $offset)
716 . str_repeat($maskChar, $maskCount)
717 . substr($user, $maskCount +
$offset);
719 return ($masked . '@' . $domain);
723 * This function compares two strings.
725 * @param string $strOne
727 * @param string $strTwo
730 * Boolean indicating whether you want the comparison to be case sensitive or not.
733 * TRUE (string are identical); FALSE (strings are not identical)
735 public static function compareStr($strOne, $strTwo, $case) {
737 // Convert to lowercase and trim white spaces
738 if (strtolower(trim($strOne)) == strtolower(trim($strTwo))) {
739 // yes - they are identical
747 if ($case == FALSE) {
749 if (trim($strOne) == trim($strTwo)) {
750 // yes - they are identical
761 * Many parts of the codebase have a convention of internally passing around
762 * HTML-encoded URLs. This effectively means that "&" is replaced by "&"
763 * (because most other odd characters are %-escaped in URLs; and %-escaped
764 * strings don't need any extra escaping in HTML).
766 * @param string $htmlUrl
767 * URL with HTML entities.
769 * URL without HTML entities
771 public static function unstupifyUrl($htmlUrl) {
772 return str_replace('&', '&', $htmlUrl);
776 * When a user supplies a URL (e.g. to an image), we'd like to:
777 * - Remove the protocol and domain name if the URL points to the current
779 * - Keep the domain name for remote URLs.
780 * - Optionally, force remote URLs to use https instead of http (which is
784 * The URL to simplify. Examples:
785 * "https://example.org/sites/default/files/coffee-mug.jpg"
786 * "sites/default/files/coffee-mug.jpg"
787 * "http://i.stack.imgur.com/9jb2ial01b.png"
788 * @param bool $forceHttps = FALSE
789 * If TRUE, ensure that remote URLs use https. If a URL with
790 * http is supplied, then we'll change it to https.
791 * This is useful for situations like showing a premium product on a
792 * contribution, because (as reported in CRM-14283) if the user gets a
793 * browser warning like "page contains insecure elements" on a contribution
794 * page, that's a very bad thing. Thus, even if changing http to https
795 * breaks the image, that's better than leaving http content in a
799 * The simplified URL. Examples:
800 * "/sites/default/files/coffee-mug.jpg"
801 * "https://i.stack.imgur.com/9jb2ial01b.png"
803 public static function simplifyURL($url, $forceHttps = FALSE) {
804 $config = CRM_Core_Config
::singleton();
805 $siteURLParts = self
::simpleParseUrl($config->userFrameworkBaseURL
);
806 $urlParts = self
::simpleParseUrl($url);
808 // If the image is locally hosted, then only give the path to the image
810 = ($urlParts['host+port'] == '')
811 |
($urlParts['host+port'] == $siteURLParts['host+port']);
813 // and make sure it begins with one forward slash
814 return preg_replace('_^/*(?=.)_', '/', $urlParts['path+query']);
817 // If the URL is external, then keep the full URL as supplied
819 return $forceHttps ?
preg_replace('_^http://_', 'https://', $url) : $url;
824 * A simplified version of PHP's parse_url() function.
827 * e.g. "https://example.com:8000/foo/bar/?id=1#fragment"
830 * Will always contain keys 'host+port' and 'path+query', even if they're
831 * empty strings. Example:
833 * 'host+port' => "example.com:8000",
834 * 'path+query' => "/foo/bar/?id=1",
837 public static function simpleParseUrl($url) {
838 $parts = parse_url($url);
839 $host = $parts['host'] ??
'';
840 $port = isset($parts['port']) ?
':' . $parts['port'] : '';
841 $path = $parts['path'] ??
'';
842 $query = isset($parts['query']) ?
'?' . $parts['query'] : '';
844 'host+port' => "$host$port",
845 'path+query' => "$path$query",
850 * Formats a string of attributes for insertion in an html tag.
852 * @param array $attributes
856 public static function htmlAttributes($attributes) {
858 foreach ($attributes as $name => $vals) {
859 $output .= " $name=\"" . htmlspecialchars(implode(' ', (array) $vals)) . '"';
861 return ltrim($output);
865 * Determine if $string starts with $fragment.
867 * @param string $string
869 * @param string $fragment
870 * The fragment to look for.
873 public static function startsWith($string, $fragment) {
874 if ($fragment === '') {
877 $len = strlen($fragment);
878 return substr($string, 0, $len) === $fragment;
882 * Determine if $string ends with $fragment.
884 * @param string $string
886 * @param string $fragment
887 * The fragment to look for.
890 public static function endsWith($string, $fragment) {
891 if ($fragment === '') {
894 $len = strlen($fragment);
895 return substr($string, -1 * $len) === $fragment;
899 * @param string|array $patterns
900 * @param array $allStrings
901 * @param bool $allowNew
902 * Whether to return new, unrecognized names.
905 public static function filterByWildcards($patterns, $allStrings, $allowNew = FALSE) {
906 $patterns = (array) $patterns;
908 foreach ($patterns as $pattern) {
909 if (!\CRM_Utils_String
::endsWith($pattern, '*')) {
910 if ($allowNew ||
in_array($pattern, $allStrings)) {
911 $result[] = $pattern;
915 $prefix = rtrim($pattern, '*');
916 foreach ($allStrings as $key) {
917 if (\CRM_Utils_String
::startsWith($key, $prefix)) {
923 return array_values(array_unique($result));
927 * Safely unserialize a string of scalar or array values (but not objects!)
929 * Use `xkerman/restricted-unserialize` to unserialize strings using PHP's
930 * serialization format. `restricted-unserialize` works like PHP's built-in
931 * `unserialize` function except that it does not deserialize object instances,
932 * making it immune to PHP Object Injection {@see https://www.owasp.org/index.php/PHP_Object_Injection}
935 * Note: When dealing with user inputs, it is generally recommended to use
936 * safe, standard data interchange formats such as JSON rather than PHP's
937 * serialization format when dealing with user input.
939 * @param string|NULL $string
943 public static function unserialize($string) {
944 if (!is_string($string)) {
948 return unserialize($string);
950 catch (UnserializeFailedException
$e) {
956 * Returns the plural form of an English word.
961 public static function pluralize($str) {
962 switch (substr($str, -1)) {
967 return substr($str, 0, -1) . 'ies';
975 * Generic check as to whether any tokens are in the given string.
977 * It might be a smarty token OR a CiviCRM token. In both cases the
978 * absence of a '{' indicates no token is present.
980 * @param string $string
984 public static function stringContainsTokens(string $string) {
985 return strpos($string, '{') !== FALSE;
989 * Parse a string through smarty without creating a smarty template file per string.
991 * This function is for swapping out any smarty tokens that appear in a string
992 * and are not re-used much if at all. For example parsing a contact's greeting
993 * does not need to be cached are there are some minor security / data privacy benefits
994 * to not caching them per file. We also save disk space, reduce I/O and disk clearing time.
996 * Doing this is cleaning in Smarty3 which we are alas not using
997 * https://www.smarty.net/docs/en/resources.string.tpl
999 * However, it highlights that smarty-eval is not evil-eval and still have the security applied.
1001 * In order to replicate that in Smarty2 I'm using {eval} per
1002 * https://www.smarty.net/docsv2/en/language.function.eval.tpl#id2820446
1004 * - Evaluated variables are treated the same as templates. They follow the same escapement and security features just as if they were templates.
1005 * - Evaluated variables are compiled on every invocation, the compiled versions are not saved! However if you have caching enabled, the output
1006 * will be cached with the rest of the template.
1008 * Our set up does not have caching enabled and my testing suggests this still works fine with it
1009 * enabled so turning it off before running this is out of caution based on the above.
1011 * When this function is run only one template file is created (for the eval) tag no matter how
1012 * many times it is run. This compares to it otherwise creating one file for every parsed string.
1014 * @param string $templateString
1018 public static function parseOneOffStringThroughSmarty($templateString) {
1019 if (!CRM_Utils_String
::stringContainsTokens($templateString)) {
1020 // Skip expensive smarty processing.
1021 return $templateString;
1023 $smarty = CRM_Core_Smarty
::singleton();
1024 $cachingValue = $smarty->caching
;
1025 $smarty->caching
= 0;
1026 $smarty->assign('smartySingleUseString', $templateString);
1027 $templateString = $smarty->fetch('string:{eval var=$smartySingleUseString}');
1028 $smarty->caching
= $cachingValue;
1029 $smarty->assign('smartySingleUseString', NULL);
1030 return $templateString;