Use ctype_* functions to check valid characters

gapple · gapple · commit 99780534182c · 2025-01-13T00:34:43.000-08:00
diff --git a/src/Parser.php b/src/Parser.php
@@ -272,7 +272,7 @@ private static function parseString(ParsingInput $input): string
                 }
             } elseif ($char === '"') {
                 return $output;
-            } elseif (ord($char) <= 0x1f || ord($char) >= 0x7f) {
+            } elseif (!ctype_print($char)) {
                 throw new ParseException('Invalid character in string at position ' . ($input->position() - 1));
             }
 
@@ -298,18 +298,21 @@ private static function parseDisplayString(ParsingInput $string): DisplayString
         while (!$string->empty()) {
             $char = $string->consumeChar();
 
-            if (ord($char) <= 0x1f || ord($char) >= 0x7f) {
+            if (!ctype_print($char)) {
                 throw new ParseException(
                     'Invalid character in display string at position ' . ($string->position() - 1)
                 );
             } elseif ($char === '%') {
-                try {
-                    $encodedString .= '%' . $string->consumeRegex('/^[0-9a-f]{2}/');
-                } catch (\RuntimeException) {
+                if ($string->remainingLength() < 2) {
+                    break;
+                }
+                $encodedChar = $string->consume(2);
+                if (!ctype_xdigit($encodedChar) || ctype_upper($encodedChar)) {
                     throw new ParseException(
                         'Invalid hex values in display string at position ' . ($string->position() - 1)
                     );
                 }
+                $encodedString .= '%' . $encodedChar;
             } elseif ($char === '"') {
                 $displayString = new DisplayString(rawurldecode($encodedString));
                 // An invalid UTF-8 subject will cause the preg_* function to match nothing.
diff --git a/src/Serializer.php b/src/Serializer.php
@@ -205,7 +205,7 @@ private static function serializeDecimal(float $value): string
 
     private static function serializeString(string $value): string
     {
-        if (preg_match('/[^\x20-\x7E]/i', $value)) {
+        if (!empty($value) && !ctype_print($value)) {
             throw new SerializeException("Invalid characters in string");
         }
 

Original file line number	Diff line number	Diff line change
`@@ -205,7 +205,7 @@ private static function serializeDecimal(float $value): string`
`205`	`205`
`206`	`206`	`private static function serializeString(string $value): string`
`207`	`207`	`{`
`208`		`- if (preg_match('/[^\x20-\x7E]/i', $value)) {`
	`208`	`+ if (!empty($value) && !ctype_print($value)) {`
`209`	`209`	`throw new SerializeException("Invalid characters in string");`
`210`	`210`	`}`
`211`	`211`