Distilleries /
Security
| Conditions | 5 |
| Paths | 2 |
| Total Lines | 28 |
| Code Lines | 14 |
| Lines | 0 |
| Ratio | 0 % |
| Tests | 16 |
| CRAP Score | 5 |
| Changes | 1 | ||
| Bugs | 0 | Features | 0 |
| 1 | <?php |
||
| 11 | 10 | public function handle(Request $request, Closure $next) |
|
| 12 | { |
||
| 13 | |||
| 14 | 10 | if (config('security.xss_enable') || config('security.html_purifier')) { |
|
| 15 | 8 | $input = $request->all(); |
|
| 16 | |||
| 17 | |||
| 18 | 8 | $config = \HTMLPurifier_Config::createDefault(); |
|
| 19 | 8 | $config->set('AutoFormat.RemoveSpansWithoutAttributes', true); |
|
| 20 | 8 | $config->set('AutoFormat.RemoveEmpty', true); |
|
| 21 | 8 | $config->set('HTML.TidyLevel', 'heavy'); |
|
| 22 | 8 | $config->set('Cache.DefinitionImpl', null); |
|
| 23 | //$config->set('HTML.SafeIframe', true); |
||
| 24 | |||
| 25 | 4 | array_walk_recursive($input, function(&$input) use ($config) { |
|
| 26 | 6 | if (config('security.html_purifier')) { |
|
| 27 | 4 | $input = (new \HTMLPurifier($config))->purify($input); |
|
| 28 | } |
||
| 29 | 6 | if (config('security.xss_enable')) { |
|
| 30 | 4 | $input = (new Security)->xss_clean($input); |
|
| 31 | } |
||
| 32 | |||
| 33 | 8 | }); |
|
| 34 | |||
| 35 | 8 | $request->merge($input); |
|
| 36 | } |
||
| 37 | |||
| 38 | 10 | return $next($request); |
|
| 39 | |||
| 42 | } |
