public static function isValid($value)
{
$value = (string) $value;
// Look for:
// \n not preceded by \r, OR
// \r not followed by \n, OR
// \r\n not followed by space or horizontal tab; these are all CRLF attacks
if (preg_match("#(?:(?:(?<!\r)\n)|(?:\r(?!\n))|(?:\r\n(?![ \t])))#", $value)) {
return false;
}
$length = strlen($value);
for ($i = 0; $i < $length; $i += 1) {
$ascii = ord($value[$i]);
// Non-visible, non-whitespace characters
// 9 === horizontal tab
// 10 === line feed
// 13 === carriage return
// 32-126, 128-254 === visible
// 127 === DEL
// 255 === null byte
if ($ascii < 32 && !in_array($ascii, [9, 10, 13], true) || $ascii === 127 || $ascii > 254) {
return false;
}
}
return true;
}