PHP 欺骗检查器类

Question

我正在阅读 PHP 手册并遇到了 Spoofchecker class在intl extension文档页面。类中的方法、它们的参数以及类本身目前都没有记录，所以我想知道它的目的是什么。

Answer 1

类(class)正在调用ICU' library所以你可能会找到更多细节。那里they say ,

Because Unicode contains such a large number of characters and incorporates the varied writing systems of the world, incorrect usage can expose programs or systems to possible security attacks. This document specifies mechanisms that can be used to detect possible security problems.

这是我使用 Spoofchecker 类的简短示例代码。我自己还没有将它用于真实站点，但我认为当您需要从用户输入的 URL 生成和显示外部链接时它会很有用。如果恶意人员试图将其他访问者带到虚假网站而不是 Google、Paypal、URL 缩短器等，您可以取消链接或拒绝其提交。

if(!extension_loaded('intl') || !class_exists("Spoofchecker")) {
    exit ('turn on php_intl extension first');
}

$checker = new Spoofchecker();

// false: all letters are in ASCII
var_dump($checker->isSuspicious("goog1e.com"));
// true: the first Cyrillic letter is from different set
var_dump($checker->isSuspicious("Рaypal.com"));

// true: digit one instead of small L
var_dump(
    $checker->areConfusable(
        'google.com',
        'goog1e.com'
    )
);

// false: digit zero and small O are not confusable
var_dump(
    $checker->areConfusable(
        'google.com',
        'g00g1e.com'
    )
);

// true: Cyrillic letter instead of P
var_dump(
    $checker->areConfusable(
        'Рaypal.com',
        'Paypal.com'
    )
);

// true: Japanese Katakana and Hiragana 'he'
var_dump(
    $checker->areConfusable(
        'ヘいせい.com',
        'ヘいせい.com'
    )
);

// true: identical detected as confusable so you might check === first
var_dump(
    $checker->areConfusable(
        'google.com',
        'google.com'
    )
);

您可以在 this table 上查看哪些字符被认为容易混淆.