fisharebest /
webtrees
| Total Complexity | 53 |
| Total Lines | 490 |
| Duplicated Lines | 0 % |
| Changes | 1 | ||
| Bugs | 0 | Features | 0 |
Complex classes like Filter often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use Filter, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 25 | class Filter |
||
| 26 | { |
||
| 27 | // REGEX to match a URL |
||
| 28 | // Some versions of RFC3987 have an appendix B which gives the following regex |
||
| 29 | // (([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))? |
||
| 30 | // This matches far too much while a “precise” regex is several pages long. |
||
| 31 | // This is a compromise. |
||
| 32 | const URL_REGEX = '((https?|ftp]):)(//([^\s/?#<>]*))?([^\s?#<>]*)(\?([^\s#<>]*))?(#[^\s?#<>]+)?'; |
||
| 33 | |||
| 34 | /** |
||
| 35 | * Escape a string for use in HTML |
||
| 36 | * |
||
| 37 | * @param string $string |
||
| 38 | * |
||
| 39 | * @return string |
||
| 40 | */ |
||
| 41 | public static function escapeHtml($string) |
||
| 42 | { |
||
| 43 | if (defined('ENT_SUBSTITUTE')) { |
||
| 44 | // PHP5.4 allows us to substitute invalid UTF8 sequences |
||
| 45 | return htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); |
||
| 46 | } else { |
||
| 47 | return htmlspecialchars($string, ENT_QUOTES, 'UTF-8'); |
||
| 48 | } |
||
| 49 | } |
||
| 50 | |||
| 51 | /** |
||
| 52 | * Escape a string for use in a URL |
||
| 53 | * |
||
| 54 | * @param string $string |
||
| 55 | * |
||
| 56 | * @return string |
||
| 57 | */ |
||
| 58 | public static function escapeUrl($string) |
||
| 59 | { |
||
| 60 | return rawurlencode($string); |
||
| 61 | } |
||
| 62 | |||
| 63 | /** |
||
| 64 | * Escape a string for use in Javascript |
||
| 65 | * |
||
| 66 | * @param string $string |
||
| 67 | * |
||
| 68 | * @return string |
||
| 69 | */ |
||
| 70 | public static function escapeJs($string) |
||
| 71 | { |
||
| 72 | return preg_replace_callback('/[^A-Za-z0-9,. _]/Su', function ($x) { |
||
| 73 | if (strlen($x[0]) == 1) { |
||
| 74 | return sprintf('\\x%02X', ord($x[0])); |
||
| 75 | } elseif (function_exists('iconv')) { |
||
| 76 | return sprintf('\\u%04s', strtoupper(bin2hex(iconv('UTF-8', 'UTF-16BE', $x[0])))); |
||
| 77 | } elseif (function_exists('mb_convert_encoding')) { |
||
| 78 | return sprintf('\\u%04s', strtoupper(bin2hex(mb_convert_encoding($x[0], 'UTF-16BE', 'UTF-8')))); |
||
|
Bug
introduced
by
|
|||
| 79 | } else { |
||
| 80 | return $x[0]; |
||
| 81 | } |
||
| 82 | }, $string); |
||
| 83 | } |
||
| 84 | |||
| 85 | /** |
||
| 86 | * Escape a string for use in a SQL "LIKE" clause |
||
| 87 | * |
||
| 88 | * @param string $string |
||
| 89 | * |
||
| 90 | * @return string |
||
| 91 | */ |
||
| 92 | public static function escapeLike($string) |
||
| 93 | { |
||
| 94 | return strtr( |
||
| 95 | $string, |
||
| 96 | array( |
||
| 97 | '\\' => '\\\\', |
||
| 98 | '%' => '\%', |
||
| 99 | '_' => '\_', |
||
| 100 | ) |
||
| 101 | ); |
||
| 102 | } |
||
| 103 | |||
| 104 | /** |
||
| 105 | * Unescape an HTML string, giving just the literal text |
||
| 106 | * |
||
| 107 | * @param string $string |
||
| 108 | * |
||
| 109 | * @return string |
||
| 110 | */ |
||
| 111 | public static function unescapeHtml($string) |
||
| 112 | { |
||
| 113 | return html_entity_decode(strip_tags($string), ENT_QUOTES, 'UTF-8'); |
||
| 114 | } |
||
| 115 | |||
| 116 | /** |
||
| 117 | * Format block-level text such as notes or transcripts, etc. |
||
| 118 | * |
||
| 119 | * @param string $text |
||
| 120 | * @param Tree $WT_TREE |
||
| 121 | * |
||
| 122 | * @return string |
||
| 123 | */ |
||
| 124 | public static function formatText($text, Tree $WT_TREE) |
||
| 125 | { |
||
| 126 | switch ($WT_TREE->getPreference('FORMAT_TEXT')) { |
||
| 127 | case 'markdown': |
||
| 128 | return '<div class="markdown" dir="auto">' . self::markdown($text) . '</div>'; |
||
| 129 | default: |
||
| 130 | return '<div style="white-space: pre-wrap;" dir="auto">' . self::expandUrls($text) . '</div>'; |
||
| 131 | } |
||
| 132 | } |
||
| 133 | |||
| 134 | /** |
||
| 135 | * Escape a string for use in HTML, and additionally convert URLs to links. |
||
| 136 | * |
||
| 137 | * @param string $text |
||
| 138 | * |
||
| 139 | * @return string |
||
| 140 | */ |
||
| 141 | public static function expandUrls($text) |
||
| 149 | ); |
||
| 150 | } |
||
| 151 | |||
| 152 | /** |
||
| 153 | * Format a block of text, using "Markdown". |
||
| 154 | * |
||
| 155 | * @param string $text |
||
| 156 | * |
||
| 157 | * @return string |
||
| 158 | */ |
||
| 159 | public static function markdown($text) |
||
| 160 | { |
||
| 161 | $parser = new MarkdownExtra; |
||
| 162 | $parser->empty_element_suffix = '>'; |
||
| 163 | $parser->no_markup = true; |
||
| 164 | $text = $parser->transform($text); |
||
| 165 | |||
| 166 | // HTMLPurifier needs somewhere to write temporary files |
||
| 167 | $HTML_PURIFIER_CACHE_DIR = WT_DATA_DIR . 'html_purifier_cache'; |
||
| 168 | |||
| 169 | if (!is_dir($HTML_PURIFIER_CACHE_DIR)) { |
||
| 170 | mkdir($HTML_PURIFIER_CACHE_DIR); |
||
| 171 | } |
||
| 172 | |||
| 173 | $config = HTMLPurifier_Config::createDefault(); |
||
| 174 | $config->set('Cache.SerializerPath', $HTML_PURIFIER_CACHE_DIR); |
||
| 175 | $purifier = new HTMLPurifier($config); |
||
| 176 | $text = $purifier->purify($text); |
||
| 177 | |||
| 178 | return $text; |
||
| 179 | } |
||
| 180 | |||
| 181 | /** |
||
| 182 | * Validate INPUT parameters |
||
| 183 | * |
||
| 184 | * @param string $source |
||
| 185 | * @param string $variable |
||
| 186 | * @param string|null $regexp |
||
| 187 | * @param string|null $default |
||
| 188 | * |
||
| 189 | * @return string|null |
||
| 190 | */ |
||
| 191 | private static function input($source, $variable, $regexp = null, $default = null) |
||
| 218 | } |
||
| 219 | } |
||
| 220 | |||
| 221 | /** |
||
| 222 | * Validate array INPUT parameters |
||
| 223 | * |
||
| 224 | * @param string $source |
||
| 225 | * @param string $variable |
||
| 226 | * @param string|null $regexp |
||
| 227 | * @param string|null $default |
||
| 228 | * |
||
| 229 | * @return string[] |
||
| 230 | */ |
||
| 231 | private static function inputArray($source, $variable, $regexp = null, $default = null) |
||
| 232 | { |
||
| 233 | if ($regexp) { |
||
| 234 | // PHP5.3 requires the $tmp variable |
||
| 235 | $tmp = filter_input_array( |
||
| 236 | $source, |
||
| 237 | array( |
||
| 238 | $variable => array( |
||
| 239 | 'flags' => FILTER_REQUIRE_ARRAY, |
||
| 240 | 'filter' => FILTER_VALIDATE_REGEXP, |
||
| 241 | 'options' => array( |
||
| 242 | 'regexp' => '/^(' . $regexp . ')$/u', |
||
| 243 | 'default' => $default, |
||
| 244 | ), |
||
| 245 | ), |
||
| 246 | ) |
||
| 247 | ); |
||
| 248 | |||
| 249 | return $tmp[$variable] ?: array(); |
||
| 250 | } else { |
||
| 251 | // PHP5.3 requires the $tmp variable |
||
| 252 | $tmp = filter_input_array( |
||
| 253 | $source, |
||
| 254 | array( |
||
| 255 | $variable => array( |
||
| 256 | 'flags' => FILTER_REQUIRE_ARRAY, |
||
| 257 | 'filter' => FILTER_CALLBACK, |
||
| 258 | 'options' => function ($x) { |
||
| 259 | return !function_exists('mb_convert_encoding') || mb_check_encoding($x, 'UTF-8') ? $x : false; |
||
| 260 | }, |
||
| 261 | ), |
||
| 262 | ) |
||
| 263 | ); |
||
| 264 | |||
| 265 | if (is_array($tmp)) { |
||
| 266 | return $tmp[$variable] ?: array(); |
||
| 267 | } |
||
| 268 | } |
||
| 269 | } |
||
| 270 | |||
| 271 | /** |
||
| 272 | * Validate GET parameters |
||
| 273 | * |
||
| 274 | * @param string $variable |
||
| 275 | * @param string|null $regexp |
||
| 276 | * @param string|null $default |
||
| 277 | * |
||
| 278 | * @return null|string |
||
| 279 | */ |
||
| 280 | public static function get($variable, $regexp = null, $default = null) |
||
| 283 | } |
||
| 284 | |||
| 285 | /** |
||
| 286 | * Validate array GET parameters |
||
| 287 | * |
||
| 288 | * @param string $variable |
||
| 289 | * @param string|null $regexp |
||
| 290 | * @param string|null $default |
||
| 291 | * |
||
| 292 | * @return string[] |
||
| 293 | */ |
||
| 294 | public static function getArray($variable, $regexp = null, $default = null) |
||
| 295 | { |
||
| 296 | return self::inputArray(INPUT_GET, $variable, $regexp, $default); |
||
| 297 | } |
||
| 298 | |||
| 299 | /** |
||
| 300 | * Validate boolean GET parameters |
||
| 301 | * |
||
| 302 | * @param string $variable |
||
| 303 | * |
||
| 304 | * @return bool |
||
| 305 | */ |
||
| 306 | public static function getBool($variable) |
||
| 307 | { |
||
| 308 | return (bool) filter_input(INPUT_GET, $variable, FILTER_VALIDATE_BOOLEAN); |
||
| 309 | } |
||
| 310 | |||
| 311 | /** |
||
| 312 | * Validate integer GET parameters |
||
| 313 | * |
||
| 314 | * @param string $variable |
||
| 315 | * @param int $min |
||
| 316 | * @param int $max |
||
| 317 | * @param int $default |
||
| 318 | * |
||
| 319 | * @return int |
||
| 320 | */ |
||
| 321 | public static function getInteger($variable, $min = 0, $max = PHP_INT_MAX, $default = 0) |
||
| 322 | { |
||
| 323 | return filter_input(INPUT_GET, $variable, FILTER_VALIDATE_INT, array('options' => array('min_range' => $min, 'max_range' => $max, 'default' => $default))); |
||
| 324 | } |
||
| 325 | |||
| 326 | /** |
||
| 327 | * Validate email GET parameters |
||
| 328 | * |
||
| 329 | * @param string $variable |
||
| 330 | * @param string|null $default |
||
| 331 | * |
||
| 332 | * @return null|string |
||
| 333 | */ |
||
| 334 | public static function getEmail($variable, $default = null) |
||
| 335 | { |
||
| 336 | return filter_input(INPUT_GET, $variable, FILTER_VALIDATE_EMAIL) ?: $default; |
||
| 337 | } |
||
| 338 | |||
| 339 | /** |
||
| 340 | * Validate URL GET parameters |
||
| 341 | * |
||
| 342 | * @param string $variable |
||
| 343 | * @param string|null $default |
||
| 344 | * |
||
| 345 | * @return null|string |
||
| 346 | */ |
||
| 347 | public static function getUrl($variable, $default = null) |
||
| 348 | { |
||
| 349 | return filter_input(INPUT_GET, $variable, FILTER_VALIDATE_URL) ?: $default; |
||
| 350 | } |
||
| 351 | |||
| 352 | /** |
||
| 353 | * Validate POST parameters |
||
| 354 | * |
||
| 355 | * @param string $variable |
||
| 356 | * @param string|null $regexp |
||
| 357 | * @param string|null $default |
||
| 358 | * |
||
| 359 | * @return null|string |
||
| 360 | */ |
||
| 361 | public static function post($variable, $regexp = null, $default = null) |
||
| 362 | { |
||
| 363 | return self::input(INPUT_POST, $variable, $regexp, $default); |
||
| 364 | } |
||
| 365 | |||
| 366 | /** |
||
| 367 | * Validate array POST parameters |
||
| 368 | * |
||
| 369 | * @param string $variable |
||
| 370 | * @param string|null $regexp |
||
| 371 | * @param string|null $default |
||
| 372 | * |
||
| 373 | * @return string[] |
||
| 374 | */ |
||
| 375 | public static function postArray($variable, $regexp = null, $default = null) |
||
| 376 | { |
||
| 377 | return self::inputArray(INPUT_POST, $variable, $regexp, $default); |
||
| 378 | } |
||
| 379 | |||
| 380 | /** |
||
| 381 | * Validate boolean POST parameters |
||
| 382 | * |
||
| 383 | * @param string $variable |
||
| 384 | * |
||
| 385 | * @return bool |
||
| 386 | */ |
||
| 387 | public static function postBool($variable) |
||
| 388 | { |
||
| 389 | return (bool) filter_input(INPUT_POST, $variable, FILTER_VALIDATE_BOOLEAN); |
||
| 390 | } |
||
| 391 | |||
| 392 | /** |
||
| 393 | * Validate integer POST parameters |
||
| 394 | * |
||
| 395 | * @param string $variable |
||
| 396 | * @param int $min |
||
| 397 | * @param int $max |
||
| 398 | * @param int $default |
||
| 399 | * |
||
| 400 | * @return int |
||
| 401 | */ |
||
| 402 | public static function postInteger($variable, $min = 0, $max = PHP_INT_MAX, $default = 0) |
||
| 403 | { |
||
| 404 | return filter_input(INPUT_POST, $variable, FILTER_VALIDATE_INT, array('options' => array('min_range' => $min, 'max_range' => $max, 'default' => $default))); |
||
| 405 | } |
||
| 406 | |||
| 407 | /** |
||
| 408 | * Validate email POST parameters |
||
| 409 | * |
||
| 410 | * @param string $variable |
||
| 411 | * @param string|null $default |
||
| 412 | * |
||
| 413 | * @return null|string |
||
| 414 | */ |
||
| 415 | public static function postEmail($variable, $default = null) |
||
| 416 | { |
||
| 417 | return filter_input(INPUT_POST, $variable, FILTER_VALIDATE_EMAIL) ?: $default; |
||
| 418 | } |
||
| 419 | |||
| 420 | /** |
||
| 421 | * Validate URL GET parameters |
||
| 422 | * |
||
| 423 | * @param string $variable |
||
| 424 | * @param string|null $default |
||
| 425 | * |
||
| 426 | * @return null|string |
||
| 427 | */ |
||
| 428 | public static function postUrl($variable, $default = null) |
||
| 429 | { |
||
| 430 | return filter_input(INPUT_POST, $variable, FILTER_VALIDATE_URL) ?: $default; |
||
| 431 | } |
||
| 432 | |||
| 433 | /** |
||
| 434 | * Validate COOKIE parameters |
||
| 435 | * |
||
| 436 | * @param string $variable |
||
| 437 | * @param string|null $regexp |
||
| 438 | * @param string|null $default |
||
| 439 | * |
||
| 440 | * @return null|string |
||
| 441 | */ |
||
| 442 | public static function cookie($variable, $regexp = null, $default = null) |
||
| 443 | { |
||
| 444 | return self::input(INPUT_COOKIE, $variable, $regexp, $default); |
||
| 445 | } |
||
| 446 | |||
| 447 | /** |
||
| 448 | * Validate SERVER parameters |
||
| 449 | * |
||
| 450 | * @param string $variable |
||
| 451 | * @param string|null $regexp |
||
| 452 | * @param string|null $default |
||
| 453 | * |
||
| 454 | * @return null|string |
||
| 455 | */ |
||
| 456 | public static function server($variable, $regexp = null, $default = null) |
||
| 457 | { |
||
| 458 | // On some servers, variables that are present in $_SERVER cannot be |
||
| 459 | // found via filter_input(INPUT_SERVER). Instead, they are found via |
||
| 460 | // filter_input(INPUT_ENV). Since we cannot rely on filter_input(), |
||
| 461 | // we must use the superglobal directly. |
||
| 462 | if (array_key_exists($variable, $_SERVER) && ($regexp === null || preg_match('/^(' . $regexp . ')$/', |
||
| 463 | $_SERVER[$variable]))) { |
||
| 464 | return $_SERVER[$variable]; |
||
| 465 | } else { |
||
| 466 | return $default; |
||
| 467 | } |
||
| 468 | } |
||
| 469 | |||
| 470 | /** |
||
| 471 | * Cross-Site Request Forgery tokens - ensure that the user is submitting |
||
| 472 | * a form that was generated by the current session. |
||
| 473 | * |
||
| 474 | * @return string |
||
| 475 | */ |
||
| 476 | public static function getCsrfToken() |
||
| 488 | } |
||
| 489 | |||
| 490 | /** |
||
| 491 | * Generate an <input> element - to protect the current form from CSRF attacks. |
||
| 492 | * |
||
| 493 | * @return string |
||
| 494 | */ |
||
| 495 | public static function getCsrf() |
||
| 496 | { |
||
| 497 | return '<input type="hidden" name="csrf" value="' . self::getCsrfToken() . '">'; |
||
| 498 | } |
||
| 499 | |||
| 500 | /** |
||
| 501 | * Check that the POST request contains the CSRF token generated above. |
||
| 502 | * |
||
| 503 | * @return bool |
||
| 504 | */ |
||
| 505 | public static function checkCsrf() |
||
| 515 | } |
||
| 516 | } |
||
| 517 |
Loading history...
