devtoolboxuk /
soteria
@@ -3,12 +3,10 @@ |
||
| 3 | 3 | namespace devtoolboxuk\soteria\handlers; |
| 4 | 4 | |
| 5 | 5 | use devtoolboxuk\soteria\voku\Resources\Attributes; |
| 6 | - |
|
| 7 | 6 | use devtoolboxuk\soteria\voku\Resources\Exploded; |
| 8 | 7 | use devtoolboxuk\soteria\voku\Resources\Html; |
| 9 | 8 | use devtoolboxuk\soteria\voku\Resources\JavaScript; |
| 10 | 9 | use devtoolboxuk\soteria\voku\Resources\NeverAllowed; |
| 11 | - |
|
| 12 | 10 | use devtoolboxuk\soteria\voku\Resources\System; |
| 13 | 11 | use devtoolboxuk\soteria\voku\Resources\Utf7; |
| 14 | 12 | use devtoolboxuk\soteria\voku\Resources\Utf8; |
@@ -107,7 +107,7 @@ discard block |
||
| 107 | 107 | /** |
| 108 | 108 | * @param StringResource $str |
| 109 | 109 | * |
| 110 | - * @return mixed |
|
| 110 | + * @return string |
|
| 111 | 111 | */ |
| 112 | 112 | private function _do($str) |
| 113 | 113 | { |
@@ -176,6 +176,9 @@ discard block |
||
| 176 | 176 | return $str; |
| 177 | 177 | } |
| 178 | 178 | |
| 179 | + /** |
|
| 180 | + * @param string $str |
|
| 181 | + */ |
|
| 179 | 182 | public function decodeString($str) |
| 180 | 183 | { |
| 181 | 184 | // init |
@@ -184,6 +187,10 @@ discard block |
||
| 184 | 187 | if (strpos($str, '<') !== false && preg_match($regExForHtmlTags, $str, $matches) === 1) { |
| 185 | 188 | $str = (string)preg_replace_callback( |
| 186 | 189 | $regExForHtmlTags, |
| 190 | + |
|
| 191 | + /** |
|
| 192 | + * @param string $matches |
|
| 193 | + */ |
|
| 187 | 194 | function ($matches) { |
| 188 | 195 | return $this->decodeEntity($matches); |
| 189 | 196 | }, |
@@ -222,7 +229,7 @@ discard block |
||
| 222 | 229 | } |
| 223 | 230 | |
| 224 | 231 | /** |
| 225 | - * @return null |
|
| 232 | + * @return null|boolean |
|
| 226 | 233 | */ |
| 227 | 234 | public function isXssFound() |
| 228 | 235 | { |
@@ -234,7 +241,7 @@ discard block |
||
| 234 | 241 | * |
| 235 | 242 | * @param StringResource $str |
| 236 | 243 | * |
| 237 | - * @return StringResource |
|
| 244 | + * @return string |
|
| 238 | 245 | */ |
| 239 | 246 | private function _entity_decode($str) |
| 240 | 247 | { |
@@ -337,6 +344,9 @@ discard block |
||
| 337 | 344 | return $str; |
| 338 | 345 | } |
| 339 | 346 | |
| 347 | + /** |
|
| 348 | + * @param string $file |
|
| 349 | + */ |
|
| 340 | 350 | private function _get_data($file) |
| 341 | 351 | { |
| 342 | 352 | /** @noinspection PhpIncludeInspection */ |
@@ -12,6 +12,9 @@ |
||
| 12 | 12 | $this->_evil_attributes_regex = $evil->regEx(); |
| 13 | 13 | } |
| 14 | 14 | |
| 15 | + /** |
|
| 16 | + * @param string $str |
|
| 17 | + */ |
|
| 15 | 18 | public function removeEvilAttributes($str) |
| 16 | 19 | { |
| 17 | 20 | // replace style-attribute, first (if needed) |
@@ -13,6 +13,9 @@ discard block |
||
| 13 | 13 | $this->_evil_html_tags = $evil->html(); |
| 14 | 14 | } |
| 15 | 15 | |
| 16 | + /** |
|
| 17 | + * @param string $str |
|
| 18 | + */ |
|
| 16 | 19 | public function naughtyHtml($str) |
| 17 | 20 | { |
| 18 | 21 | $evil_html_tags = implode('|', $this->_evil_html_tags); |
@@ -20,6 +23,10 @@ discard block |
||
| 20 | 23 | |
| 21 | 24 | $str = (string)preg_replace_callback( |
| 22 | 25 | '#<(?<start>/*\s*)(?<content>' . $evil_html_tags . ')(?<end>[^><]*)(?<rest>[><]*)#ius', |
| 26 | + |
|
| 27 | + /** |
|
| 28 | + * @param string $matches |
|
| 29 | + */ |
|
| 23 | 30 | function ($matches) { |
| 24 | 31 | return $this->naughtyHtmlCallback($matches); |
| 25 | 32 | }, |
@@ -236,12 +236,20 @@ discard block |
||
| 236 | 236 | return str_replace($BROKEN_UTF8_TO_UTF8_KEYS_CACHE, $BROKEN_UTF8_TO_UTF8_VALUES_CACHE, $str); |
| 237 | 237 | } |
| 238 | 238 | |
| 239 | + /** |
|
| 240 | + * @param string $file |
|
| 241 | + */ |
|
| 239 | 242 | private function getData($file) |
| 240 | 243 | { |
| 241 | 244 | |
| 242 | 245 | return include __DIR__ . '/../Data/' . $file . '.php'; |
| 243 | 246 | } |
| 244 | 247 | |
| 248 | + /** |
|
| 249 | + * @param integer $flags |
|
| 250 | + * |
|
| 251 | + * @return string |
|
| 252 | + */ |
|
| 245 | 253 | private function htmlEntityDecode($str, $flags = null, $encoding = 'UTF-8') |
| 246 | 254 | { |
| 247 | 255 | if ( |
@@ -547,6 +555,9 @@ discard block |
||
| 547 | 555 | return $buf; |
| 548 | 556 | } |
| 549 | 557 | |
| 558 | + /** |
|
| 559 | + * @param string $input |
|
| 560 | + */ |
|
| 550 | 561 | private function toUtf8ConvertHelper($input) |
| 551 | 562 | { |
| 552 | 563 | // init |
@@ -576,6 +587,9 @@ discard block |
||
| 576 | 587 | return $buf; |
| 577 | 588 | } |
| 578 | 589 | |
| 590 | + /** |
|
| 591 | + * @param integer $code_point |
|
| 592 | + */ |
|
| 579 | 593 | private function chr($code_point, $encoding = 'UTF-8') |
| 580 | 594 | { |
| 581 | 595 | // init |
@@ -671,6 +685,9 @@ discard block |
||
| 671 | 685 | return $CHAR_CACHE[$cacheKey] = $chr; |
| 672 | 686 | } |
| 673 | 687 | |
| 688 | + /** |
|
| 689 | + * @return string |
|
| 690 | + */ |
|
| 674 | 691 | private function encode($toEncoding, $str) |
| 675 | 692 | { |
| 676 | 693 | if ($str === '' || $toEncoding === '') { |
@@ -838,6 +855,9 @@ discard block |
||
| 838 | 855 | return $var; |
| 839 | 856 | } |
| 840 | 857 | |
| 858 | + /** |
|
| 859 | + * @param string $str |
|
| 860 | + */ |
|
| 841 | 861 | private function normalizeLineEnding($str) |
| 842 | 862 | { |
| 843 | 863 | return str_replace(["\r\n", "\r"], "\n", $str); |
@@ -894,6 +914,9 @@ discard block |
||
| 894 | 914 | ); |
| 895 | 915 | } |
| 896 | 916 | |
| 917 | + /** |
|
| 918 | + * @param string $char |
|
| 919 | + */ |
|
| 897 | 920 | private function singleChrHtmlEncode($char, $keepAsciiChars = false, $encoding = 'UTF-8') |
| 898 | 921 | { |
| 899 | 922 | if ($char === '') { |
@@ -1400,6 +1423,9 @@ discard block |
||
| 1400 | 1423 | // return false; |
| 1401 | 1424 | // } |
| 1402 | 1425 | |
| 1426 | + /** |
|
| 1427 | + * @param integer $int |
|
| 1428 | + */ |
|
| 1403 | 1429 | private function decimalToChr($int) |
| 1404 | 1430 | { |
| 1405 | 1431 | return $this->htmlEntityDecode('&#' . $int . ';', \ENT_QUOTES | \ENT_HTML5); |
@@ -1553,6 +1579,9 @@ discard block |
||
| 1553 | 1579 | return false; |
| 1554 | 1580 | } |
| 1555 | 1581 | |
| 1582 | + /** |
|
| 1583 | + * @param string $input |
|
| 1584 | + */ |
|
| 1556 | 1585 | private function is_binary($input, $strict = false) |
| 1557 | 1586 | { |
| 1558 | 1587 | $input = (string)$input; |
@@ -1590,6 +1619,9 @@ discard block |
||
| 1590 | 1619 | return false; |
| 1591 | 1620 | } |
| 1592 | 1621 | |
| 1622 | + /** |
|
| 1623 | + * @param string $str |
|
| 1624 | + */ |
|
| 1593 | 1625 | private function get_file_type( |
| 1594 | 1626 | $str, |
| 1595 | 1627 | $fallback = [ |
@@ -1709,7 +1741,6 @@ discard block |
||
| 1709 | 1741 | * @see http://hsivonen.iki.fi/php-utf8/ |
| 1710 | 1742 | * |
| 1711 | 1743 | * @param string|string[] $str <p>The string to be checked.</p> |
| 1712 | - * @param bool $strict <p>Check also if the string is not UTF-16 or UTF-32.</p> |
|
| 1713 | 1744 | * |
| 1714 | 1745 | * @return bool |
| 1715 | 1746 | */ |
@@ -1918,9 +1949,7 @@ discard block |
||
| 1918 | 1949 | } |
| 1919 | 1950 | |
| 1920 | 1951 | /** |
| 1921 | - * @param $str |
|
| 1922 | - * @param string $encoding |
|
| 1923 | - * @param bool $cleanUtf8 |
|
| 1952 | + * @param string $str |
|
| 1924 | 1953 | * @return bool|int |
| 1925 | 1954 | */ |
| 1926 | 1955 | private function stringLength($str) |
