View GitHub Repository Security

Schedule Inspection
Subscribe
Completed
Push — master ( f5a958...6ea638 )
by Maxime
03:34
created
Status
Category
Toggle Patches
src/Distilleries/Security/Helpers/Security.php 1 patch
Spacing   +12 added lines, -12 removed lines patch added patch discarded remove patch 
@@ -164,7 +164,7 @@  discard block
 
 block discarded – undo
164 164 
             // do the long opening tags.
165 165 
             $str = preg_replace('/<\?(php)/i', "&lt;?\\1", $str);
166 166 
         } else {
167 
-            $str = str_replace(['<?', '?' . '>'], ['&lt;?', '?&gt;'], $str);
167 
+            $str = str_replace(['<?', '?'.'>'], ['&lt;?', '?&gt;'], $str);
168 168 
         }
169 169
170 170 
         /*
 
@@ -190,12 +190,12 @@  discard block
 
 block discarded – undo
190 190 
             $temp = '';
191 191
192 192 
             for ($i = 0, $wordlen = strlen($word); $i < $wordlen; $i++) {
193 
-                $temp .= substr($word, $i, 1) . "\s*";
193 
+                $temp .= substr($word, $i, 1)."\s*";
194 194 
             }
195 195
196 196 
             // We only want to do this when it is followed by a non-word character
197 197 
             // That way valid stuff like "dealer to" does not become "dealerto"
198 
-            $str = preg_replace_callback('#(' . substr($temp, 0, -3) . ')(\W)#is', [$this, '_compact_exploded_words'],
198 
+            $str = preg_replace_callback('#('.substr($temp, 0, -3).')(\W)#is', [$this, '_compact_exploded_words'],
199 199 
                 $str);
200 200 
         }
201 201 
 
@@ -236,7 +236,7 @@  discard block
 
 block discarded – undo
236 236 
            * Becomes: &lt;blink&gt;
237 237 
            */
238 238 
         $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
239 
-        $str = preg_replace_callback('#<(/*\s*)(' . $naughty . ')([^><]*)([><]*)#is', [$this, '_sanitize_naughty_html'],
239 
+        $str = preg_replace_callback('#<(/*\s*)('.$naughty.')([^><]*)([><]*)#is', [$this, '_sanitize_naughty_html'],
240 240 
             $str);
241 241
242 242 
         /*
 
@@ -299,8 +299,8 @@  discard block
 
 block discarded – undo
299 299
300 300 
         do {
301 301 
             $str = preg_replace(
302 
-                "#<(/?[^><]+?)([^A-Za-z\-])(" . implode('|',
303 
-                    $evil_attributes) . ")(\s*=\s*)([\"][^>]*?[\"]|[\'][^>]*?[\']|[^>]*?)([\s><])([><]*)#i",
302 
+                "#<(/?[^><]+?)([^A-Za-z\-])(".implode('|',
303 
+                    $evil_attributes).")(\s*=\s*)([\"][^>]*?[\"]|[\'][^>]*?[\']|[^>]*?)([\s><])([><]*)#i",
304 304 
                 "<$1$6",
305 305 
                 $str, -1, $count
306 306 
             );
 
@@ -335,10 +335,10 @@  discard block
 
 block discarded – undo
335 335 
         }
336 336
337 337 
         $str = html_entity_decode($str, ENT_COMPAT, $charset);
338 
-        $str = preg_replace_callback('~&#x(0*[0-9a-f]{2,5})~i', function ($matches) {
338 
+        $str = preg_replace_callback('~&#x(0*[0-9a-f]{2,5})~i', function($matches) {
339 339 
             return chr(hexdec($matches[1]));
340 340 
         }, $str);
341 
-        return preg_replace_callback('~&#([0-9]{2,4})~', function ($matches) {
341 
+        return preg_replace_callback('~&#([0-9]{2,4})~', function($matches) {
342 342 
             return chr($matches[1]);
343 343 
         }, $str);
344 344 
     }
 
@@ -411,7 +411,7 @@  discard block
 
 block discarded – undo
411 411 
      */
412 412 
     protected function _compact_exploded_words($matches)
413 413 
     {
414 
-        return preg_replace('/\s+/s', '', $matches[1]) . $matches[2];
414 
+        return preg_replace('/\s+/s', '', $matches[1]).$matches[2];
415 415 
     }
416 416
417 417 
     // --------------------------------------------------------------------
 
@@ -427,7 +427,7 @@  discard block
 
 block discarded – undo
427 427 
     protected function _sanitize_naughty_html($matches)
428 428 
     {
429 429 
         // encode opening brace
430 
-        $str = '&lt;' . $matches[1] . $matches[2] . $matches[3];
430 
+        $str = '&lt;'.$matches[1].$matches[2].$matches[3];
431 431
432 432 
         // encode captured opening or closing brace to prevent recursive vectors
433 433 
         $str .= str_replace(['>', '<'], ['&gt;', '&lt;'],
 
@@ -559,7 +559,7 @@  discard block
 
 block discarded – undo
559 559
560 560 
         // 901119URL5918AMP18930PROTECT8198
561 561
562 
-        $str = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-]+)|i', $this->xss_hash() . "\\1=\\2", $str);
562 
+        $str = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-]+)|i', $this->xss_hash()."\\1=\\2", $str);
563 563
564 564 
         /*
565 565 
          * Validate standard character entities
 
@@ -597,7 +597,7 @@  discard block
 
 block discarded – undo
597 597 
         $str = str_replace(array_keys($this->_never_allowed_str), $this->_never_allowed_str, $str);
598 598
599 599 
         foreach ($this->_never_allowed_regex as $regex) {
600 
-            $str = preg_replace('#' . $regex . '#is', '[removed]', $str);
600 
+            $str = preg_replace('#'.$regex.'#is', '[removed]', $str);
601 601 
         }
602 602
603 603 
         return $str;
Please login to merge, or discard this patch.