devtoolboxuk /
soteria
@@ -107,7 +107,7 @@ discard block |
||
| 107 | 107 | /** |
| 108 | 108 | * @param StringResource $str |
| 109 | 109 | * |
| 110 | - * @return mixed |
|
| 110 | + * @return string |
|
| 111 | 111 | */ |
| 112 | 112 | private function _do($str) |
| 113 | 113 | { |
@@ -187,6 +187,9 @@ discard block |
||
| 187 | 187 | return $str; |
| 188 | 188 | } |
| 189 | 189 | |
| 190 | + /** |
|
| 191 | + * @param string $str |
|
| 192 | + */ |
|
| 190 | 193 | public function decodeString($str) |
| 191 | 194 | { |
| 192 | 195 | // init |
@@ -195,6 +198,10 @@ discard block |
||
| 195 | 198 | if (\strpos($str, '<') !== false && \preg_match($regExForHtmlTags, $str, $matches) === 1) { |
| 196 | 199 | $str = (string)\preg_replace_callback( |
| 197 | 200 | $regExForHtmlTags, |
| 201 | + |
|
| 202 | + /** |
|
| 203 | + * @param string $matches |
|
| 204 | + */ |
|
| 198 | 205 | function ($matches) { |
| 199 | 206 | return $this->decodeEntity($matches); |
| 200 | 207 | }, |
@@ -233,7 +240,7 @@ discard block |
||
| 233 | 240 | } |
| 234 | 241 | |
| 235 | 242 | /** |
| 236 | - * @return null |
|
| 243 | + * @return null|boolean |
|
| 237 | 244 | */ |
| 238 | 245 | public function isXssFound() |
| 239 | 246 | { |
@@ -245,7 +252,7 @@ discard block |
||
| 245 | 252 | * |
| 246 | 253 | * @param StringResource $str |
| 247 | 254 | * |
| 248 | - * @return StringResource |
|
| 255 | + * @return string |
|
| 249 | 256 | */ |
| 250 | 257 | private function _entity_decode($str) |
| 251 | 258 | { |
@@ -348,6 +355,9 @@ discard block |
||
| 348 | 355 | return $str; |
| 349 | 356 | } |
| 350 | 357 | |
| 358 | + /** |
|
| 359 | + * @param string $file |
|
| 360 | + */ |
|
| 351 | 361 | private function _get_data($file) |
| 352 | 362 | { |
| 353 | 363 | /** @noinspection PhpIncludeInspection */ |
@@ -3,12 +3,10 @@ |
||
| 3 | 3 | namespace devtoolboxuk\soteria\handlers; |
| 4 | 4 | |
| 5 | 5 | use devtoolboxuk\soteria\voku\Resources\Attributes; |
| 6 | - |
|
| 7 | 6 | use devtoolboxuk\soteria\voku\Resources\Exploded; |
| 8 | 7 | use devtoolboxuk\soteria\voku\Resources\Html; |
| 9 | 8 | use devtoolboxuk\soteria\voku\Resources\JavaScript; |
| 10 | 9 | use devtoolboxuk\soteria\voku\Resources\NeverAllowed; |
| 11 | - |
|
| 12 | 10 | use devtoolboxuk\soteria\voku\Resources\System; |
| 13 | 11 | use devtoolboxuk\soteria\voku\Resources\Utf7; |
| 14 | 12 | use devtoolboxuk\soteria\voku\Resources\Utf8; |
@@ -12,6 +12,9 @@ |
||
| 12 | 12 | $this->_evil_attributes_regex = $evil->regEx(); |
| 13 | 13 | } |
| 14 | 14 | |
| 15 | + /** |
|
| 16 | + * @param string $str |
|
| 17 | + */ |
|
| 15 | 18 | public function removeEvilAttributes($str) |
| 16 | 19 | { |
| 17 | 20 | // replace style-attribute, first (if needed) |
@@ -2,8 +2,6 @@ |
||
| 2 | 2 | |
| 3 | 3 | namespace devtoolboxuk\soteria\voku\Resources; |
| 4 | 4 | |
| 5 | -use devtoolboxuk\soteria\handlers\XssClean; |
|
| 6 | - |
|
| 7 | 5 | class Decode |
| 8 | 6 | { |
| 9 | 7 | |
@@ -13,6 +13,9 @@ discard block |
||
| 13 | 13 | $this->_evil_html_tags = $evil->html(); |
| 14 | 14 | } |
| 15 | 15 | |
| 16 | + /** |
|
| 17 | + * @param string $str |
|
| 18 | + */ |
|
| 16 | 19 | public function naughtyHtml($str) |
| 17 | 20 | { |
| 18 | 21 | $evil_html_tags = \implode('|', $this->_evil_html_tags); |
@@ -20,6 +23,10 @@ discard block |
||
| 20 | 23 | |
| 21 | 24 | $str = (string) \preg_replace_callback( |
| 22 | 25 | '#<(?<start>/*\s*)(?<content>' . $evil_html_tags . ')(?<end>[^><]*)(?<rest>[><]*)#ius', |
| 26 | + |
|
| 27 | + /** |
|
| 28 | + * @param string $matches |
|
| 29 | + */ |
|
| 23 | 30 | function ($matches) { |
| 24 | 31 | return $this->naughtyHtmlCallback($matches); |
| 25 | 32 | }, |
@@ -310,6 +310,9 @@ |
||
| 310 | 310 | return $this->_never_allowed_str; |
| 311 | 311 | } |
| 312 | 312 | |
| 313 | + /** |
|
| 314 | + * @param string $str |
|
| 315 | + */ |
|
| 313 | 316 | public function doNeverAllowedAfterwards($str) |
| 314 | 317 | { |
| 315 | 318 | if (\stripos($str, 'on') !== false) { |
@@ -257,6 +257,11 @@ discard block |
||
| 257 | 257 | return include __DIR__ . '/../Data/' . $file . '.php'; |
| 258 | 258 | } |
| 259 | 259 | |
| 260 | + /** |
|
| 261 | + * @param integer $flags |
|
| 262 | + * |
|
| 263 | + * @return string |
|
| 264 | + */ |
|
| 260 | 265 | public function html_entity_decode($str, $flags = null, $encoding = 'UTF-8') |
| 261 | 266 | { |
| 262 | 267 | if ( |
@@ -601,6 +606,9 @@ discard block |
||
| 601 | 606 | return $buf; |
| 602 | 607 | } |
| 603 | 608 | |
| 609 | + /** |
|
| 610 | + * @param string $input |
|
| 611 | + */ |
|
| 604 | 612 | private function to_utf8_convert_helper($input) |
| 605 | 613 | { |
| 606 | 614 | // init |
@@ -630,6 +638,9 @@ discard block |
||
| 630 | 638 | return $buf; |
| 631 | 639 | } |
| 632 | 640 | |
| 641 | + /** |
|
| 642 | + * @param integer $code_point |
|
| 643 | + */ |
|
| 633 | 644 | public function chr($code_point, $encoding = 'UTF-8') |
| 634 | 645 | { |
| 635 | 646 | // init |
@@ -733,6 +744,9 @@ discard block |
||
| 733 | 744 | return $CHAR_CACHE[$cacheKey] = $chr; |
| 734 | 745 | } |
| 735 | 746 | |
| 747 | + /** |
|
| 748 | + * @return string |
|
| 749 | + */ |
|
| 736 | 750 | public function encode( |
| 737 | 751 | $toEncoding, |
| 738 | 752 | $str, |
@@ -942,6 +956,9 @@ discard block |
||
| 942 | 956 | return $var; |
| 943 | 957 | } |
| 944 | 958 | |
| 959 | + /** |
|
| 960 | + * @param string $str |
|
| 961 | + */ |
|
| 945 | 962 | public function normalize_line_ending($str) |
| 946 | 963 | { |
| 947 | 964 | return \str_replace(["\r\n", "\r"], "\n", $str); |
@@ -998,6 +1015,9 @@ discard block |
||
| 998 | 1015 | ); |
| 999 | 1016 | } |
| 1000 | 1017 | |
| 1018 | + /** |
|
| 1019 | + * @param string $char |
|
| 1020 | + */ |
|
| 1001 | 1021 | public function single_chr_html_encode($char, $keepAsciiChars = false, $encoding = 'UTF-8') |
| 1002 | 1022 | { |
| 1003 | 1023 | if ($char === '') { |
@@ -1524,6 +1544,9 @@ discard block |
||
| 1524 | 1544 | return false; |
| 1525 | 1545 | } |
| 1526 | 1546 | |
| 1547 | + /** |
|
| 1548 | + * @param string $input |
|
| 1549 | + */ |
|
| 1527 | 1550 | public function is_binary($input, $strict = false) |
| 1528 | 1551 | { |
| 1529 | 1552 | $input = (string)$input; |
@@ -1561,6 +1584,9 @@ discard block |
||
| 1561 | 1584 | return false; |
| 1562 | 1585 | } |
| 1563 | 1586 | |
| 1587 | + /** |
|
| 1588 | + * @param string $str |
|
| 1589 | + */ |
|
| 1564 | 1590 | public function get_file_type( |
| 1565 | 1591 | $str, |
| 1566 | 1592 | $fallback = [ |
@@ -1653,6 +1679,9 @@ discard block |
||
| 1653 | 1679 | ]; |
| 1654 | 1680 | } |
| 1655 | 1681 | |
| 1682 | + /** |
|
| 1683 | + * @param string $str |
|
| 1684 | + */ |
|
| 1656 | 1685 | public function is_utf16($str, $checkIfStringIsBinary = true) |
| 1657 | 1686 | { |
| 1658 | 1687 | |
@@ -1742,6 +1771,9 @@ discard block |
||
| 1742 | 1771 | ); |
| 1743 | 1772 | } |
| 1744 | 1773 | |
| 1774 | + /** |
|
| 1775 | + * @param integer $int |
|
| 1776 | + */ |
|
| 1745 | 1777 | public function decimal_to_chr($int) |
| 1746 | 1778 | { |
| 1747 | 1779 | return $this->html_entity_decode('&#' . $int . ';', \ENT_QUOTES | \ENT_HTML5); |
