Merge branch 'PHP-7.0' into PHP-7.1

* PHP-7.0:
  Fixed bug #73655 Spoofchecker::isSuspicious behavior change due to upstream changes
  Add test for newer ICU version

ext/intl/spoofchecker/spoofchecker_class.h

@@ -78,4 +78,6 @@ extern zend_class_entry *Spoofchecker_ce_ptr;
         RETURN_FALSE;                                                           \
     }                                                                           \
 
+#define SPOOFCHECKER_DEFAULT_RESTRICTION_LEVEL USPOOF_MODERATELY_RESTRICTIVE
+
 #endif // #ifndef SPOOFCHECKER_CLASS_H

ext/intl/spoofchecker/spoofchecker_create.c

@@ -43,12 +43,25 @@ PHP_METHOD(Spoofchecker, __construct)
 	co->uspoof = uspoof_open(SPOOFCHECKER_ERROR_CODE_P(co));
 	INTL_METHOD_CHECK_STATUS(co, "spoofchecker: unable to open ICU Spoof Checker");
 
+#if U_ICU_VERSION_MAJOR_NUM >= 58
+	/* TODO save it into the object for further suspiction check comparison. */
+	/* ICU 58 removes WSC and MSC handling. However there are restriction
+	 levels as defined in
+	 http://www.unicode.org/reports/tr39/tr39-15.html#Restriction_Level_Detection
+	 and the default is high restrictive. However the moderately restrictive
+	 level is what seems to correspond to the setting below applicable to
+	 ICU < 58. In further, we might want to utilize uspoof_check2 APIs when
+	 it became stable, to use extended check result APIs. Subsequent changes
+	 in the unicode security algos are to be watched.*/
+	uspoof_setRestrictionLevel(co->uspoof, SPOOFCHECKER_DEFAULT_RESTRICTION_LEVEL);
+#else
 	/* Single-script enforcement is on by default. This fails for languages
 	 like Japanese that legally use multiple scripts within a single word,
 	 so we turn it off.
 	*/
 	checks = uspoof_getChecks(co->uspoof, SPOOFCHECKER_ERROR_CODE_P(co));
 	uspoof_setChecks(co->uspoof, checks & ~USPOOF_SINGLE_SCRIPT, SPOOFCHECKER_ERROR_CODE_P(co));
+#endif
 	zend_restore_error_handling(&error_handling);
 }
 /* }}} */

ext/intl/tests/formatter_get_locale_variant3.phpt

@@ -0,0 +1,50 @@
+--TEST--
+numfmt_get_locale()
+--SKIPIF--
+<?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?>
+<?php if (version_compare(INTL_ICU_VERSION, '58.1') < 0) die('skip for ICU >= 58.1'); ?>
+--FILE--
+<?php
+
+/*
+ * Get locale.
+ */
+
+function ut_main()
+{
+    $locales = array(
+        'en_UK',
+        'en_US',
+        'fr_CA',
+    );
+
+    $loc_types = array(
+        Locale::ACTUAL_LOCALE    => 'actual',
+        Locale::VALID_LOCALE     => 'valid',
+    );
+
+    $res_str = '';
+
+    foreach( $locales as $locale )
+    {
+        $fmt = ut_nfmt_create( $locale, NumberFormatter::DECIMAL );
+        $res_str .= "$locale: ";
+        foreach( $loc_types as $loc_type => $loc_type_name )
+            $res_str .= sprintf( " %s=%s",
+            $loc_type_name,
+            dump( ut_nfmt_get_locale( $fmt, $loc_type ) ) );
+        $res_str .= "\n";
+    }
+
+    return $res_str;
+}
+
+include_once( 'ut_common.inc' );
+
+// Run the test
+ut_run();
+?>
+--EXPECT--
+en_UK:  actual='en' valid='en'
+en_US:  actual='en' valid='en_US'
+fr_CA:  actual='fr' valid='fr_CA'

ext/intl/tests/spoofchecker_006.phpt

@@ -0,0 +1,26 @@
+--TEST--
+spoofchecker suspicious character checker
+--SKIPIF--
+<?php if(!extension_loaded('intl') || !class_exists("Spoofchecker")) print 'skip'; ?>
+<?php if (version_compare(INTL_ICU_VERSION, '57.1') < 0) die('skip for ICU >= 58.1'); ?>
+--FILE--
+<?php
+
+echo "paypal with Cyrillic spoof characters\n";
+$x = new Spoofchecker();
+var_dump($x->isSuspicious("http://www.payp\u{0430}l.com"));
+var_dump($x->isSuspicious("\u{041F}aypal.com"));
+
+echo "certain all-uppercase Latin sequences can be spoof of Greek\n";
+$x = new Spoofchecker();
+$x->setAllowedLocales("gr_GR");
+var_dump($x->isSuspicious("NAPKIN PEZ"));
+var_dump($x->isSuspicious("napkin pez"));
+?>
+--EXPECTF--
+paypal with Cyrillic spoof characters
+bool(true)
+bool(true)
+certain all-uppercase Latin sequences can be spoof of Greek
+bool(true)
+bool(true)