hello,
I noticed that the function util :: var_dump () with large variable has a large RAM consumption.
We are talking about a relatively large object from a total of 75 properties (Smarty variables, as well as project-related variables).

Allowed memory size of 268435456 bytes exhausted (tried to allocate 551 bytes) in ../abnahme/core/classes/Util.class.php on line 230

We use an Apache web server with PHP 5.5.18 on a Ubuntu server.

filter_var is much easier to maintain than a giant regex.

All the time constants are inaccurate, at least under certain circumstances. Time math is more complex than that (leap years and seconds, DST changes etc.) and requires a proper time library to be accurate. PHP already comes with a pretty competent implementation in the form of the DateTime class.

This package needs composer support.

If I get spare time this weekend, I'll add it.

OK,

I propose you change the scope level of all of util's public properties to private. There is very little good reason for the end-dev to ever use them, and if there becomes a need, a getter method can be provided.

This is a minor BC break, so I don't think it'd require an upping of the major version to 2.

Hi,

It's a very cool lib, could you add a function against xss attack please ?

Cheers,
Arrowbaz.

PHP is already an extremely high-level "framework" and it has functions for practically everything. Are you sure you want to obfuscate the standard library with aliases like array_first and array_last?

public static function array_first( array $array )
{
    return reset( $array );
}

public static function array_last( array $array )
{
    return end( $array );
}

If someone doesn't know how to use the reset and end functions it's not doing them any favors to wrap them in another name.

As far as human time diff, why not just use [1] DateTime::diff()?

As mentioned by ircmaxell on reddit. DateTime will take into account leap years and all those other date problems.

The slugify function contains this code for replacement:

$slug = preg_replace( '/([^A-Za-z0-9\-]+)/', '-', strtolower( self::remove_accents( $string ) ) );
$slug = preg_replace( '/(\-+)/', '-', $slug );

However, it can be optimized in the following ways:

• Remove A-Z from the match regex - this is not needed since strtolower is used
• Remove \- from the 1st match regex and remove the second preg_replace. This causes 1 or more sequences of - (and other characters) to be replaced in the first preg_replace call.

The final replace call would then be:

$slug = preg_replace( '/([^a-z0-9]+)/', '-', strtolower( self::remove_accents( $string ) ) );

Also it might help to wrap that output in trim(..., '-') since characters outside the [a-z0-9] range might occur at the beginning or end of a string -- and you probably wouldn't want a title like -a-simple-title.

Your implementation of remove_accents has been lifted off WordPress (https://github.com/WordPress/WordPress/blob/master/wp-includes/formatting.php#L822) which is licensed under the GPL. This means that as long as you're using their code, you have to release your library under the GPL too.

Also, the function is really inefficient as it builds that huge replacement table every time it's called. If you have to generate many slugs, you start to spend more and more time calling chr() instead of really doing something useful.

These replacement tables are static and you really don't need to generate them every time the function is called.

Is it just me or the array_get function is just returning the value that you pass to it?

util::_linkify() & util::_linkify_callback both are public methods. Just typo or there are reasons for that ?

I am wandering whether it would be good to use multi-byte string functions by default or have a wrapper for both e.g. strlen and mb_strlen?

My code is "return Util::request_var(['r']);"

wampserver said
Parse error: syntax error, unexpected '[', expecting ')'

(sorry)

I'm referring to the text at http://brandonwamboldt.github.io/utilphp/

The name of the class is that "handy" that you will likely clash existing util classes. Name it "ptil" maybe. Or "until" in the sense until that PHP provides that missing functionality. Okay not that a good suggestion, so I better keep it simple:

As this is still PHP 5.2 based code, choose some name-spacing that will not crush that easily here. Also it might be useful to divide packages later on, so even if your concept is already monolithic, it can become modular at least.

Just my 2 cents. And thanks for sharing.

get_current_url - you're missing a BUNCH of information that could be lost (username, password, port, etc)

Thanks to ircmaxell's comment on reddit

A verbatim copy of utilphp exists in the $58 PixelGrade Wordpress theme, bucket (http://themeforest.net/item/bucket-a-digital-magazine-style-wordpress-theme/6107209), but they seem to have both

1. removed all references to UtilPHP,
2. removed your copyright claim,
3. claimed direct authorship of all of the code, and
4. labeled your code as proprietary property of their company, expressly forbidding permissions to copy or redistribute it.

Evidence: https://github.com/madison-plus/madison-plus/blob/master/wp-content/themes/bucket/theme-utilities/bucket.php

Because it only postdates the release of utilphp by 33 days, this is a more serious matter and all efforts to reach out to the project maintainer should be taken, including a cease and desist letter to them if no response after 60 days, followed by a DMCA takedown (for just that file) to Github and various sites that include PixelGrade's bucket theme.

Besides, it's ethically and legally wrong to commandeer MIT-licensed work as one's own while simultaneously forbidding others the right to even reproduce it. It also violates clause 2 of your of license.

The seems_utf8 function is superfluous and simply reimplements a subset of the already existing mb_check_encoding functionality in a complicated regex. Both appear to be working exactly the same, as can be demonstrated with this simple script:

require 'util.php';

while (true) {

    $str = null;

    for ($i = 0, $end = mt_rand(1, 100); $i <= $end; $i++) {
        $str .= chr(mt_rand(0, 255));
    }

    $mb = mb_check_encoding($str, 'UTF-8');
    $util = util::seems_utf8($str);

    if ($mb != $util) {
        echo bin2hex($str), PHP_EOL, 'Not in agreement!', PHP_EOL;
        exit;
    } else if ($mb) {
        echo PHP_EOL, bin2hex($str), PHP_EOL;
    } else {
        echo '.';
    }

}

I am not aware of any case that seems_utf8 would catch that mb_check_encoding doesn't.

starts_with($haysack, $needle) and ends_with($haysack, $needle) required.

mt_rand is the preferred replacement for rand and shuffle as it is more entropic and 4x faster.

http://nz2.php.net/manual/en/function.mt-rand.php

https://github.com/php/php-src/blob/fc33f52d8c25997dd0711de3e07d0dc260a18c11/ext/standard/array.c#L1916

HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP (and any other HTTP_* header) are arbitrary values sent by the client. Only REMOTE_ADDR is a trustable value as confirmed by the TCP/IP handshake. You should never use any other value for the client's IP, or anybody can spoof their own IP address trivially.

I like UtilPHP. I also like how the project maintainer actively addresses pull requests and even includes a lot of them.

The main reason I can personally and corporately use UtilPHP is because it is permissively licensed under a non-copyleft license (currently the MIT License). But this could change, may have changed already, if just one function is committed from a GPL, LGPL, or APL licensed project.

Ideally, you would add language stating that only code which is specifically created for this project will be accepted, unless the submitter puts an appropriate source-of-origin comment in both the source code and the pull request.

Also, it would be helpful to add a requirement that forbids code from viral (so-called "copyleft") licenses, like all of the Free Software Foundation licenses and even the Creative Commons ShareAlike licenses.

This is doubly important as UtilPHP is a library.

Thanks.

https://github.com/brandonwamboldt/utilphp/blob/master/src/utilphp/util.php#L775

Most of the mentioned systems can add an extra header to the request which is usually:

X_FORWARDED_PROTO = "https"

I agree that there is no standard (known to me) for this header-value solution, but common setups suggest the above example.

Extending the checks, to look for this header, and the right value would enable is_https to detect SSL Proxy setups.

I found a possible solution here: http://amal.net/?p=3991

function is_ssl() {
    if ( isset($_SERVER['HTTPS']) ) {
        if ( 'on' == strtolower($_SERVER['HTTPS']) ) return true;
        if ( '1' == $_SERVER['HTTPS'] ) return true;
    } elseif ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && ( 'https' == strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) ) ) {
        return true;
    } elseif ( isset($_SERVER['X_FORWARDED_PROTO']) && ( 'https' == strtolower($_SERVER['X_FORWARDED_PROTO']) ) ) {
        return true;
    }
    return false;
}

Maybe this library should support versions of PHP that are still receiving security updates? The reason I say this, is because the web is about moving forward and not living in the past! If you support 5.3+, then you're encouraging developers not to upgrade to supported versions of PHP. Thanks for listening.

For the case of a return you use !foo() for all other cases isset() and empty() will work just fine. This wrapper is just redundant and not needed.

function which would convert seconds to human time would actually be very useful

echo util::sec_to_human(3600); // 1h

or bit more verbose like

echo util::sec_to_human(12345); // 3 hours, 25 minutes, 45 seconds

seems_utf8 - That will match invalid characters. The real regex to check for proper UTF8 is much more complicated:

'/(
    | [\xF8-\xFF] # Invalid UTF-8 Bytes
    | [\xC0-\xDF](?![\x80-\xBF]) # Invalid UTF-8 Sequence Start
    | [\xE0-\xEF](?![\x80-\xBF]{2}) # Invalid UTF-8 Sequence Start
    | [\xF0-\xF7](?![\x80-\xBF]{3}) # Invalid UTF-8 Sequence Start
    | (?<=[\x0-\x7F\xF8-\xFF])[\x80-\xBF] # Invalid UTF-8 Sequence Middle
    | (?<![\xC0-\xDF]|[\xE0-\xEF]|[\xE0-\xEF][\x80-\xBF]|[\xF0-\xF7]|[\xF0-\xF7][\x80-\xBF]|[\xF0-\xF7][\x80-\xBF]{2})[\x80-\xBF] # Overlong Sequence
    | (?<=[\xE0-\xEF])[\x80-\xBF](?![\x80-\xBF]) # Short 3 byte sequence
    | (?<=[\xF0-\xF7])[\x80-\xBF](?![\x80-\xBF]{2}) # Short 4 byte sequence
    | (?<=[\xF0-\xF7][\x80-\xBF])[\x80-\xBF](?![\x80-\xBF]) # Short 4 byte sequence (2)
)/x',

If that regex matches, there are invalid UTF8 bytes...

Thanks to ircmaxell on reddit

Why not just implement it as the following?

function array_get(& $var, $default)
{
    if (isset($var))
        return $var;
    else
        return $default;
}

Then you can use it as

$action = array_get($_GET['action']['do'], 'index');

Instead of a hard-to-maintain and hard to understand regex, util::validate_email should be:

return filter_var($email, FILTER_VALIDATE_EMAIL);

On the other hand, that means util::validate_email is not really needed.

https://github.com/brandonwamboldt/utilphp/blob/master/util.php#L1670

Unless I'm doing something wrong, it seems var_dump can't always handle some classes. I tried the following from $ php -a (interactive):

php > include "util.php";
php > $mysqli = new mysqli("host", "user", "pword", "dbname"); // change these values to an actual mysql db
php > util::var_dump($mysqli);
PHP Fatal error: Call to undefined function mb_internal_encoding() in /opt/kaltura/app/alpha/web/jorge/util.php on line 759
$

and yes php quits. so when this happens on apache of course there's a 500 HTTP error (and no error message is printed).

I am using PHP 5.3.3 in an environment where I can't re-compile it to include the mb_ functions (which are not part of a default php extension). This might actually be an issue of compatibility which will break util randomly as I continue to try and use it.

I feel the requirement for the mbstring extension should be expressed clearly in the README. Alternatively, if the 6 calls to mb_ functions can be substituted in util.php this would make the project more compatible.

Apparently, overdependence on Illuminate/Support from Laravel is a pressing problem for the PHP community, since it is depended on by over 6,000 packages, mostly for superfluous needs primarily around its utility functions related to arrays.

I nominate that we implement the functions in their Collection class that we currently do not implement. And then we market this project as The Solution to the over-reliance of the heavy-requirements Illuminate/Support.

http://mattallan.org/2016/dont-use-illuminate-support/

We discovered this issue, because a webhoster kept deleting the util.php from out webspace.

The file you uploaded, util.php.txt, contains a virus so the upload was canceled: YARA.WebShell_Generic_PHP_5.UNOFFICIAL FOUND

For a more detailed report, have a look here: https://analysis.yararules.com/analysis/591d803de41a9c62f87be693 and https://twitter.com/cyb3rops/status/688010864255983616

may you try to raise to version 5.4 min

It is fundamentally impossible to 100% accurately guess the encoding of a string and convert it based on that guess. You need to know what encoding a string is in and convert it according to that knowledge. If you do not know what encoding a string is in, you should solve that problem first.

When you know the encoding, iconv or mb_convert_encoding are perfectly adequate to convert from anything to anything else.

Hi all, just to let you know: PHPUnit does not run any longer.

Error message:

➜ utilphp git:(master) ✗ phpunit
PHPUnit 4.5.0 by Sebastian Bergmann and contributors.

Cannot open file "/var/www/html/utilphp/vendor/autoload.php".

This started happening when I checked out the latest repository.

Is it just my PHPUnit or is there something wrong with the repo unit testing?

Thanks.

var_dump_plain() is not listed in the documentation, and it seems to just be a worker for var_dump(). Should it be a protected method?

Also, I cannot easily use PHP's internal var_dump() with Postman for debugging REST responses, because when xdebug is installed, var_dump() returns HTML output. I could actually really use a HTML-stripped var_dump(), which var_dump_plain() sounds like it should provide.

is_https does something silly by checking the port. You can listen to 443 without having the connection be secure. Stick with the first check.

Thanks to ircmaxell on reddit for pointing this out

I've tried to install via composer but return "Could not parse version constraint utilphp: Invalid version string "utilphp"

Any suggestion?

Please see http://www.reddit.com/r/PHP/comments/x3rbr/just_released_utilphp_lots_of_useful_functions/c5j3rzy for (some) details.

All the tests pass, but when I try to render "50" with util::number_to_word it renders blank. I have a list of numbers 25, 50, 75, & 100 that all render correctly other than 50. Why would this be?

already, thank you for this excellent library that saves time!
by cons there is a small bug in the example of the doc for xxlinkifyxx function

util :: Linkify ('this string: has a link to www.google.com');
=> Returns 'this string: has a link to www.google.com'

this returns the text without the link

I must specify the http:// for than the link is converted

> util :: Linkify ('this string: has a link to http://www.google.com');
> => Returns 'this string: has a link to <a href="http://wwww.google.com/" > http://www.google.com </a>'

There is no use case where util::absint($var) has any advantage over a simple abs($var).
The method should be removed.

var_dump cannot work correctly in CLI mode,it needs to output plain text instead of html in shell

Hi,

I can't use the newest version, because some time ago the class was renamed to Util from util, without renaming the file. That leads to problems on systems without case-insensitive filesystems.

Hello,

In line 852 in the function "add_query_arg" you wrote :
} elseif (!is_null($uri)) { $uri = $uri;

For me the $uri = $uri; is absurd ?

You can erase it ? non ?

Thanks

The perfectly valid UTF-8 string, \xC3\x9CTF-8 F\xC2\xB5\xC3\xB1 [ÜTF-8 Fµñ] is being improperly detected as invalid UTF-8 by the pure PHP UTF-8 detection routine.

Demo: http://sandbox.onlinephpfunctions.com/code/209ff179240e378a40f00f456cc49d2eb8bd821a
See PR #61 for the unit test code, etc.

If i use the function like in the example:

util::array_search_deep('rogue_coder', $users, 'username');

I get a PHP error.

The correct usage is:

util::array_search_deep($users, 'rogue_coder', 'username');