Distilleries / Expendable

src/Distilleries/Expendable/Helpers/Security.php

Doc Comments +5 added lines, -1 removed lines

@@ -301,6 +301,10 @@ 
       * @param boolean $is_image TRUE if this is an image
       * @return string The string with the evil attributes removed
       */
+
+    /**
+     * @param boolean $evilAttribute
+     */
     protected function _remove_evil_attributes($str, $is_image, $evilAttribute)
     {
         // All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns
@@ -429,7 +433,7 @@ 
      * things like j a v a s c r i p t
      *
      * @param	type
-     * @return	type
+     * @return	string
      */
     protected function _compact_exploded_words($matches)
     {

Spacing +23 added lines, -23 removed lines

@@ -19,7 +19,7 @@ 
      * @var string
      * @access protected
      */
-    protected $_xss_hash			= '';
+    protected $_xss_hash = '';
 
     /**
      * List of never allowed strings
@@ -174,7 +174,7 @@ 
         }
         else
         {
-            $str = str_replace(array('<?', '?' . '>'), array('&lt;?', '?&gt;'), $str);
+            $str = str_replace(array('<?', '?'.'>'), array('&lt;?', '?&gt;'), $str);
         }
 
         /*
@@ -194,12 +194,12 @@ 
 
             for ($i = 0, $wordlen = strlen($word); $i < $wordlen; $i++)
             {
-                $temp .= substr($word, $i, 1) . "\s*";
+                $temp .= substr($word, $i, 1)."\s*";
             }
 
             // We only want to do this when it is followed by a non-word character
             // That way valid stuff like "dealer to" does not become "dealerto"
-            $str = preg_replace_callback('#(' . substr($temp, 0, -3) . ')(\W)#is', array($this, '_compact_exploded_words'), $str);
+            $str = preg_replace_callback('#('.substr($temp, 0, -3).')(\W)#is', array($this, '_compact_exploded_words'), $str);
         }
 
         /*
@@ -244,7 +244,7 @@ 
            * Becomes: &lt;blink&gt;
            */
         $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
-        $str     = preg_replace_callback('#<(/*\s*)(' . $naughty . ')([^><]*)([><]*)#is', array($this, '_sanitize_naughty_html'), $str);
+        $str     = preg_replace_callback('#<(/*\s*)('.$naughty.')([^><]*)([><]*)#is', array($this, '_sanitize_naughty_html'), $str);
 
         /*
            * Sanitize naughty scripting elements
@@ -325,7 +325,7 @@ 
         do
         {
             $str = preg_replace(
-                "#<(/?[^><]+?)([^A-Za-z\-])(" . implode('|', $evil_attributes) . ")(\s*=\s*)([\"][^>]*?[\"]|[\'][^>]*?[\']|[^>]*?)([\s><])([><]*)#i",
+                "#<(/?[^><]+?)([^A-Za-z\-])(".implode('|', $evil_attributes).")(\s*=\s*)([\"][^>]*?[\"]|[\'][^>]*?[\']|[^>]*?)([\s><])([><]*)#i",
                 "<$1$6",
                 $str, -1, $count
             );
@@ -353,7 +353,7 @@ 
      * @param	string
      * @return	string
      */
-    public function entity_decode($str, $charset='UTF-8')
+    public function entity_decode($str, $charset = 'UTF-8')
     {
         if (stristr($str, '&') === FALSE)
         {
@@ -396,21 +396,21 @@ 
             '?',
             "%20",
             "%22",
-            "%3c",		// <
-            "%253c",	// <
-            "%3e",		// >
-            "%0e",		// >
-            "%28",		// (
-            "%29",		// )
-            "%2528",	// (
-            "%26",		// &
-            "%24",		// $
-            "%3f",		// ?
-            "%3b",		// ;
+            "%3c", // <
+            "%253c", // <
+            "%3e", // >
+            "%0e", // >
+            "%28", // (
+            "%29", // )
+            "%2528", // (
+            "%26", // &
+            "%24", // $
+            "%3f", // ?
+            "%3b", // ;
             "%3d"		// =
         );
 
-        if ( ! $relative_path)
+        if (!$relative_path)
         {
             $bad[] = './';
             $bad[] = '/';
@@ -600,7 +600,7 @@ 
          * Just as above, adds a semicolon if missing.
          *
          */
-        $str = preg_replace('#(&\#x?)([0-9A-F]+);?#i',"\\1\\2;",$str);
+        $str = preg_replace('#(&\#x?)([0-9A-F]+);?#i', "\\1\\2;", $str);
 
 
         return $str;
@@ -638,11 +638,11 @@ 
 
         if ($url_encoded)
         {
-            $non_displayables[] = '/%0[0-8bcef]/';	// url encoded 00-08, 11, 12, 14, 15
-            $non_displayables[] = '/%1[0-9a-f]/';	// url encoded 16-31
+            $non_displayables[] = '/%0[0-8bcef]/'; // url encoded 00-08, 11, 12, 14, 15
+            $non_displayables[] = '/%1[0-9a-f]/'; // url encoded 16-31
         }
 
-        $non_displayables[] = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S';	// 00-08, 11, 12, 14-31, 127
+        $non_displayables[] = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S'; // 00-08, 11, 12, 14-31, 127
 
         do
         {

Braces +2 added lines, -4 removed lines

@@ -171,8 +171,7 @@ 
             // closing tags every so often so we skip those and only
             // do the long opening tags.
             $str = preg_replace('/<\?(php)/i', "&lt;?\\1", $str);
-        }
-        else
+        } else
         {
             $str = str_replace(array('<?', '?' . '>'), array('&lt;?', '?&gt;'), $str);
         }
@@ -307,8 +306,7 @@ 
         if ($evilAttribute)
         {
             $evil_attributes = array('on\w*', 'style', 'xmlns');
-        }
-        else
+        } else
         {
             $evil_attributes = array('on\w*', 'xmlns');
         }

src/Distilleries/Expendable/Http/Middleware/XSS.php

Spacing +1 added lines, -1 removed lines

@@ -13,7 +13,7 @@
 
         $input = $request->all();
 
-        array_walk_recursive($input, function (&$input) {
+        array_walk_recursive($input, function(&$input) {
 
             $input = (new Security)->xss_clean($input);