Attributes::removeEvilAttributes() - Code Metrics - Inspection of "Soteria Updated" - devtoolboxuk/soteria - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( e96f63...7cd0ea )

by Rob

created 2019-05-19 20:31 UTC

Attributes::removeEvilAttributes() A

↳ Parent: Attributes

Complexity

Conditions	5
Paths	2

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	15
CRAP Score	5

Importance

Changes

Metric	Value
dl	0
loc	27
ccs	15
cts	15
cp	1
rs	9.1768
c	0
b	0
f	0
cc	5
nc	2
nop	1
crap	5

<?php

namespace devtoolboxuk\soteria\voku\Resources;

class Attributes extends Resources

{
    private $_evil_attributes_regex;

    function __construct()

    {
        $evil = new Evil();
        $this->_evil_attributes_regex = $evil->regEx();
    }

    public function removeEvilAttributes($str)

    {
        // replace style-attribute, first (if needed)
        if (stripos($str, 'style') !== false && in_array('style', $this->_evil_attributes_regex, true)) {
            do {
                $count = $temp_count = 0;

                $str = (string)preg_replace('/(<[^>]+)(?<!\p{L})(style\s*=\s*"(?:[^"]*?)"|style\s*=\s*\'(?:[^\']*?)\')/iu', '$1' . $this->_replacement, $str, -1, $temp_count);
                $count += $temp_count;
            } while ($count);
        }

        $evil_attributes_string = implode('|', $this->_evil_attributes_regex);


        do {
            $count = $temp_count = 0;

            // find occurrences of illegal attribute strings with and without quotes (042 ["] and 047 ['] are octal quotes)
            $str = (string)preg_replace('/(.*)((?:<[^>]+)(?<!\p{L}))(?:' . $evil_attributes_string . ')(?:\s*=\s*)(?:(?:\'|\047)(?:.*?)(?:\'|\047)|(?:"|\042)(?:.*?)(?:"|\042))(.*)/ius', '$1$2' . $this->_replacement . '$3$4', $str, -1, $temp_count);
            $count += $temp_count;

            $str = (string)\preg_replace('/(.*)(<[^>]+)(?<!\p{L})(?:' . $evil_attributes_string . ')\s*=\s*(?:[^\s>]*)(.*)/ius', '$1$2' . $this->_replacement . '$3', $str, -1, $temp_count);
            $count += $temp_count;
        } while ($count);

        return (string)$str;
    }

}

1		<?php
2
3		namespace devtoolboxuk\soteria\voku\Resources;
4
5		class Attributes extends Resources
		0 ignored issues – show Coding Style introduced 2019-05-19 08:43 UTC by Report Bug Copy Issue Report The property $_evil_attributes_regex is not named in camelCase. This check marks property names that have not been written in camelCase. In camelCase names are written without any punctuation, the start of each new word being marked by a capital letter. Thus the name database connection string becomes `databaseConnectionString`. Loading history...
6		{
7		private $_evil_attributes_regex;
8
9	6	function __construct()
		0 ignored issues – show Best Practice introduced 2019-05-19 08:43 UTC by Report Bug Copy Issue Report It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history... Comprehensibility Best Practice introduced 2019-05-19 08:43 UTC by Report Bug Copy Issue Report It is recommend to declare an explicit visibility for `__construct`. Generally, we recommend to declare visibility for all methods in your source code. This has the advantage of clearly communication to other developers, and also yourself, how this method should be consumed. If you are not sure which visibility to choose, it is a good idea to start with the most restrictive visibility, and then raise visibility as needed, i.e. start with `private`, and only raise it to `protected` if a sub-class needs to have access, or `public` if an external class needs access. Loading history...
10		{
11	6	$evil = new Evil();
12	6	$this->_evil_attributes_regex = $evil->regEx();
13	6	}
14
15	6	public function removeEvilAttributes($str)
		0 ignored issues – show Coding Style Naming introduced 2019-05-19 08:43 UTC by Report Bug Copy Issue Report The variable $temp_count is not named in camelCase. This check marks variable names that have not been written in camelCase. In camelCase names are written without any punctuation, the start of each new word being marked by a capital letter. Thus the name database connection string becomes `databaseConnectionString`. Loading history... Coding Style Naming introduced 2019-05-19 08:43 UTC by Report Bug Copy Issue Report The variable $evil_attributes_string is not named in camelCase. This check marks variable names that have not been written in camelCase. In camelCase names are written without any punctuation, the start of each new word being marked by a capital letter. Thus the name database connection string becomes `databaseConnectionString`. Loading history...
16		{
17		// replace style-attribute, first (if needed)
18	6	if (stripos($str, 'style') !== false && in_array('style', $this->_evil_attributes_regex, true)) {
19		do {
20	6	$count = $temp_count = 0;
21
22	6	$str = (string)preg_replace('/(<[^>]+)(?<!\p{L})(style\s=\s"(?:[^"]?)"\|style\s=\s\'(?:[^\']?)\')/iu', '$1' . $this->_replacement, $str, -1, $temp_count);
23	6	$count += $temp_count;
24	6	} while ($count);
25	6	}
26
27	6	$evil_attributes_string = implode('\|', $this->_evil_attributes_regex);
		0 ignored issues – show Comprehensibility Naming introduced 2019-05-19 08:43 UTC by Report Bug Copy Issue Report The variable name `$evil_attributes_string` exceeds the maximum configured length of `20`. Very long variable names usually make code harder to read. It is therefore recommended not to make variable names too verbose. Loading history...
28
29		do {
30	6	$count = $temp_count = 0;
31
32		// find occurrences of illegal attribute strings with and without quotes (042 ["] and 047 ['] are octal quotes)
33	6	$str = (string)preg_replace('/(.)((?:<[^>]+)(?<!\p{L}))(?:' . $evil_attributes_string . ')(?:\s=\s)(?:(?:\'\|\047)(?:.?)(?:\'\|\047)\|(?:"\|\042)(?:.?)(?:"\|\042))(.)/ius', '$1$2' . $this->_replacement . '$3$4', $str, -1, $temp_count);
34	6	$count += $temp_count;
35
36	6	$str = (string)\preg_replace('/(.)(<[^>]+)(?<!\p{L})(?:' . $evil_attributes_string . ')\s=\s(?:[^\s>])(.*)/ius', '$1$2' . $this->_replacement . '$3', $str, -1, $temp_count);
37	6	$count += $temp_count;
38	6	} while ($count);
39
40	6	return (string)$str;
41		}
42
43		}

devtoolboxuk / soteria

Push — master ( e96f63...7cd0ea )

Attributes::removeEvilAttributes() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like