View GitHub Repository Security

Schedule Inspection
Subscribe
Completed
Push — master ( 39c88f...30c586 )
by Maxime
04:31
created
Status
Category
Toggle Patches
src/Distilleries/Security/Helpers/Security.php 1 patch
Spacing   +12 added lines, -12 removed lines patch added patch discarded remove patch 
@@ -156,7 +156,7 @@  discard block
 
 block discarded – undo
156 156 
             // do the long opening tags.
157 157 
             $str = preg_replace('/<\?(php)/i', "&lt;?\\1", $str);
158 158 
         } else {
159 
-            $str = str_replace(['<?', '?' . '>'], ['&lt;?', '?&gt;'], $str);
159 
+            $str = str_replace(['<?', '?'.'>'], ['&lt;?', '?&gt;'], $str);
160 160 
         }
161 161
162 162 
         $str = $this->compactedWords([
 
@@ -188,7 +188,7 @@  discard block
 
 block discarded – undo
188 188 
            * Becomes: &lt;blink&gt;
189 189 
            */
190 190 
         $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
191 
-        $str = preg_replace_callback('#<(/*\s*)(' . $naughty . ')([^><]*)([><]*)#is', [$this, '_sanitize_naughty_html'],
191 
+        $str = preg_replace_callback('#<(/*\s*)('.$naughty.')([^><]*)([><]*)#is', [$this, '_sanitize_naughty_html'],
192 192 
             $str);
193 193
194 194 
         /*
 
@@ -227,12 +227,12 @@  discard block
 
 block discarded – undo
227 227 
             $temp = '';
228 228
229 229 
             for ($i = 0, $wordlen = strlen($word); $i < $wordlen; $i++) {
230 
-                $temp .= substr($word, $i, 1) . "\s*";
230 
+                $temp .= substr($word, $i, 1)."\s*";
231 231 
             }
232 232
233 233 
             // We only want to do this when it is followed by a non-word character
234 234 
             // That way valid stuff like "dealer to" does not become "dealerto"
235 
-            $str = preg_replace_callback('#(' . substr($temp, 0, -3) . ')(\W)#is', [$this, '_compact_exploded_words'],
235 
+            $str = preg_replace_callback('#('.substr($temp, 0, -3).')(\W)#is', [$this, '_compact_exploded_words'],
236 236 
                 $str);
237 237 
         }
238 238 
 
@@ -319,8 +319,8 @@  discard block
 
 block discarded – undo
319 319
320 320 
         do {
321 321 
             $str = preg_replace(
322 
-                "#<(/?[^><]+?)([^A-Za-z\-])(" . implode('|',
323 
-                    $evil_attributes) . ")(\s*=\s*)([\"][^>]*?[\"]|[\'][^>]*?[\']|[^>]*?)([\s><])([><]*)#i",
322 
+                "#<(/?[^><]+?)([^A-Za-z\-])(".implode('|',
323 
+                    $evil_attributes).")(\s*=\s*)([\"][^>]*?[\"]|[\'][^>]*?[\']|[^>]*?)([\s><])([><]*)#i",
324 324 
                 "<$1$6",
325 325 
                 $str, -1, $count
326 326 
             );
 
@@ -355,10 +355,10 @@  discard block
 
 block discarded – undo
355 355 
         }
356 356
357 357 
         $str = html_entity_decode($str, ENT_COMPAT, $charset);
358 
-        $str = preg_replace_callback('~&#x(0*[0-9a-f]{2,5})~i', function ($matches) {
358 
+        $str = preg_replace_callback('~&#x(0*[0-9a-f]{2,5})~i', function($matches) {
359 359 
             return chr(intval(hexdec($matches[1])));
360 360 
         }, $str);
361 
-        return preg_replace_callback('~&#([0-9]{2,4})~', function ($matches) {
361 
+        return preg_replace_callback('~&#([0-9]{2,4})~', function($matches) {
362 362 
             return chr($matches[1]);
363 363 
         }, $str);
364 364 
     }
 
@@ -431,7 +431,7 @@  discard block
 
 block discarded – undo
431 431 
      */
432 432 
     protected function _compact_exploded_words($matches)
433 433 
     {
434 
-        return preg_replace('/\s+/s', '', $matches[1]) . $matches[2];
434 
+        return preg_replace('/\s+/s', '', $matches[1]).$matches[2];
435 435 
     }
436 436
437 437 
     // --------------------------------------------------------------------
 
@@ -447,7 +447,7 @@  discard block
 
 block discarded – undo
447 447 
     protected function _sanitize_naughty_html($matches)
448 448 
     {
449 449 
         // encode opening brace
450 
-        $str = '&lt;' . $matches[1] . $matches[2] . $matches[3];
450 
+        $str = '&lt;'.$matches[1].$matches[2].$matches[3];
451 451
452 452 
         // encode captured opening or closing brace to prevent recursive vectors
453 453 
         $str .= str_replace(['>', '<'], ['&gt;', '&lt;'],
 
@@ -579,7 +579,7 @@  discard block
 
 block discarded – undo
579 579
580 580 
         // 901119URL5918AMP18930PROTECT8198
581 581
582 
-        $str = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-]+)|i', $this->xss_hash() . "\\1=\\2", $str);
582 
+        $str = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-]+)|i', $this->xss_hash()."\\1=\\2", $str);
583 583
584 584 
         /*
585 585 
          * Validate standard character entities
 
@@ -617,7 +617,7 @@  discard block
 
 block discarded – undo
617 617 
         $str = str_replace(array_keys($this->_never_allowed_str), $this->_never_allowed_str, $str);
618 618
619 619 
         foreach ($this->_never_allowed_regex as $regex) {
620 
-            $str = preg_replace('#' . $regex . '#is', '[removed]', $str);
620 
+            $str = preg_replace('#'.$regex.'#is', '[removed]', $str);
621 621 
         }
622 622
623 623 
         return $str;
Please login to merge, or discard this patch.