1<?php
2
3/**
4 *  Class to safely store UTF-8 in a Filename
5 *
6 *  Encodes a utf8 string using only the following characters 0-9a-z_.-%
7 *  characters 0-9a-z in the original string are preserved, "plain".
8 *  all other characters are represented in a substring that starts
9 *  with '%' are "converted".
10 *  The transition from converted substrings to plain characters is
11 *  marked with a '.'
12 *
13 * @author   Christopher Smith <chris@jalakai.co.uk>
14 *  @date     2010-04-02
15 */
16class SafeFN {
17
18    // 'safe' characters are a superset of $plain, $pre_indicator and $post_indicator
19    private static $plain = '-./[_0123456789abcdefghijklmnopqrstuvwxyz'; // these characters aren't converted
20    private static $pre_indicator = '%';
21    private static $post_indicator = ']';
22
23    /**
24     * Convert an UTF-8 string to a safe ASCII String
25     *
26     *  conversion process
27     *    - if codepoint is a plain or post_indicator character,
28     *      - if previous character was "converted", append post_indicator to output, clear "converted" flag
29     *      - append ascii byte for character to output
30     *      (continue to next character)
31     *
32     *    - if codepoint is a pre_indicator character,
33     *      - append ascii byte for character to output, set "converted" flag
34     *      (continue to next character)
35     *
36     *    (all remaining characters)
37     *    - reduce codepoint value for non-printable ASCII characters (0x00 - 0x1f).  Space becomes our zero.
38     *    - convert reduced value to base36 (0-9a-z)
39     *    - append $pre_indicator characater followed by base36 string to output, set converted flag
40     *    (continue to next character)
41     *
42     * @param    string    $filename     a utf8 string, should only include printable characters - not 0x00-0x1f
43     * @return   string    an encoded representation of $filename using only 'safe' ASCII characters
44     *
45     * @author   Christopher Smith <chris@jalakai.co.uk>
46     */
47    public static function encode($filename) {
48        return self::unicode_to_safe(utf8_to_unicode($filename));
49    }
50
51    /**
52     *  decoding process
53     *    - split the string into substrings at any occurrence of pre or post indicator characters
54     *    - check the first character of the substring
55     *      - if its not a pre_indicator character
56     *        - if previous character was converted, skip over post_indicator character
57     *        - copy codepoint values of remaining characters to the output array
58     *        - clear any converted flag
59     *      (continue to next substring)
60     *
61     *     _ else (its a pre_indicator character)
62     *       - if string length is 1, copy the post_indicator character to the output array
63     *       (continue to next substring)
64     *
65     *       - else (string length > 1)
66     *         - skip the pre-indicator character and convert remaining string from base36 to base10
67     *         - increase codepoint value for non-printable ASCII characters (add 0x20)
68     *         - append codepoint to output array
69     *       (continue to next substring)
70     *
71     * @param    string    $filename     a 'safe' encoded ASCII string,
72     * @return   string    decoded utf8 representation of $filename
73     *
74     * @author   Christopher Smith <chris@jalakai.co.uk>
75     */
76    public static function decode($filename) {
77        return unicode_to_utf8(self::safe_to_unicode(strtolower($filename)));
78    }
79
80    public static function validate_printable_utf8($printable_utf8) {
81        return !preg_match('#[\x01-\x1f]#',$printable_utf8);
82    }
83
84    public static function validate_safe($safe) {
85        return !preg_match('#[^'.self::$plain.self::$post_indicator.self::$pre_indicator.']#',$safe);
86    }
87
88    /**
89     * convert an array of unicode codepoints into 'safe_filename' format
90     *
91     * @param    array  int    $unicode    an array of unicode codepoints
92     * @return   string        the unicode represented in 'safe_filename' format
93     *
94     * @author   Christopher Smith <chris@jalakai.co.uk>
95     */
96    private static function unicode_to_safe($unicode) {
97
98        $safe = '';
99        $converted = false;
100
101        foreach ($unicode as $codepoint) {
102            if ($codepoint < 127 && (strpos(self::$plain.self::$post_indicator,chr($codepoint))!==false)) {
103                if ($converted) {
104                    $safe .= self::$post_indicator;
105                    $converted = false;
106                }
107                $safe .= chr($codepoint);
108
109            } else if ($codepoint == ord(self::$pre_indicator)) {
110                $safe .= self::$pre_indicator;
111                $converted = true;
112            } else {
113                $safe .= self::$pre_indicator.base_convert((string)($codepoint-32),10,36);
114                $converted = true;
115            }
116        }
117        if($converted) $safe .= self::$post_indicator;
118        return $safe;
119    }
120
121    /**
122     * convert a 'safe_filename' string into an array of unicode codepoints
123     *
124     * @param   string         $safe     a filename in 'safe_filename' format
125     * @return  array   int    an array of unicode codepoints
126     *
127     * @author   Christopher Smith <chris@jalakai.co.uk>
128     */
129    private static function safe_to_unicode($safe) {
130
131        $unicode = array();
132        $split = preg_split('#(?=['.self::$post_indicator.self::$pre_indicator.'])#',$safe,-1,PREG_SPLIT_NO_EMPTY);
133
134        $converted = false;
135        foreach ($split as $sub) {
136            $len = strlen($sub);
137            if ($sub[0] != self::$pre_indicator) {
138                // plain (unconverted) characters, optionally starting with a post_indicator
139                // set initial value to skip any post_indicator
140                for ($i=($converted?1:0); $i < $len; $i++) {
141                    $unicode[] = ord($sub[$i]);
142                }
143                $converted = false;
144            } else if ($len==1) {
145                // a pre_indicator character in the real data
146                $unicode[] = ord($sub);
147                $converted = true;
148            } else {
149                // a single codepoint in base36, adjusted for initial 32 non-printable chars
150                $unicode[] = 32 + (int)base_convert(substr($sub,1),36,10);
151                $converted = true;
152            }
153        }
154
155        return $unicode;
156    }
157
158}
159
160/**
161 * Encode a UTF-8 filename to use on any filesystem
162 *
163 * Uses the 'fnencode' option to determine encoding
164 *
165 * When the second parameter is true the string will
166 * be encoded only if non ASCII characters are detected -
167 * This makes it safe to run it multiple times on the
168 * same string (default is true)
169 *
170 * @author Andreas Gohr <andi@splitbrain.org>
171 * @see    urlencode
172 */
173function dwiki_encodeFN($file,$safe=true){
174    global $Dwfck_conf_values;
175    if($Dwfck_conf_values['fnencode'] == 'utf-8') return $file;
176
177    if($safe && preg_match('#^[a-zA-Z0-9/_\-\\]%]+$#',$file)){
178        return $file;
179    }
180
181    if($Dwfck_conf_values['fnencode'] == 'safe'){
182        return SafeFN::encode($file);
183    }
184
185    $file = urlencode($file);
186    $file = str_replace('%2F','/',$file);
187    return $file;
188}
189
190/**
191 * Decode a filename back to UTF-8
192 *
193 * Uses the 'fnencode' option to determine encoding
194 *
195 * @author Andreas Gohr <andi@splitbrain.org>
196 * @see    urldecode
197 */
198function dwiki_decodeFN($file){
199    global $Dwfck_conf_values;
200    if($Dwfck_conf_values['fnencode'] == 'utf-8') return $file;
201
202    if($Dwfck_conf_values['fnencode'] == 'safe'){
203        return SafeFN::decode($file);
204    }
205
206    return urldecode($file);
207}
208
209
210function safe_write_debug($what) {
211return;
212if(is_array($what)) {
213   $what = print_r($what,true);
214}
215$dwfckFHandle = fopen("safe_dbg.txt", "a");
216fwrite($dwfckFHandle, "$what\n");
217fclose($dwfckFHandle);
218}
219