GitHub Access Token became invalid

It seems like the GitHub access token used for retrieving details about this repository from GitHub became invalid. This might prevent certain types of inspections from being run (in particular, everything related to pull requests).
Please ask an admin of your repository to re-new the access token on this website.

Sanitize   A
last analyzed

Complexity

Total Complexity 18

Size/Duplication

Total Lines 205
Duplicated Lines 0 %

Coupling/Cohesion

Components 0
Dependencies 0

Importance

Changes 0
Metric Value
dl 0
loc 205
rs 10
c 0
b 0
f 0
wmc 18
lcom 0
cbo 0

13 Methods

Rating   Name   Duplication   Size   Complexity  
A removeNullCharacters() 0 4 1
A validateStandardCharacterEntities() 0 4 1
A validateUTF16TwoByteEncoding() 0 4 1
A strangeThingsAreSubmitted() 0 4 1
A convertCharacterEntitiesToASCII() 0 19 3
A convertAllTabsToSpaces() 0 4 1
A makesPhpTagsSafe() 0 8 1
A compactAnyExplodedWords() 0 16 3
A removeDisallowedJavaScriptInLinksOrImgTags() 0 15 1
A removeJavaScriptEventHandlers() 0 9 1
A healNaughtyHTMLElements() 0 10 1
A healNaughtyScriptingElements() 0 9 1
A removeJavaScriptHardRedirects() 0 17 2
1
<?php
2
/**
3
 * Util
4
 *
5
 * @copyright Copyright (c)  Gjero Krsteski (http://krsteski.de)
6
 * @license   http://opensource.org/licenses/MIT MIT License
7
 */
8
namespace Pimf\Util\Character;
9
10
/**
11
 * String
12
 *
13
 * @package Util_String
14
 * @author  Gjero Krsteski <[email protected]>
15
 */
16
class Sanitize
17
{
18
19
    /**
20
     * @param string $string String to check
21
     *
22
     * @return mixed
23
     */
24
    public static function removeNullCharacters($string)
25
    {
26
        return preg_replace(array('/\0+/', '/(\\\\0)+/'), '', $string);
27
    }
28
29
    /**
30
     * @param string $string String to check
31
     *
32
     * @return mixed
33
     */
34
    public static function validateStandardCharacterEntities($string)
35
    {
36
        return preg_replace('#(&\#*\w+)[\x00-\x20]+;#u', "\\1;", $string);
37
    }
38
39
    /**
40
     * @param string $string String to check
41
     *
42
     * @return mixed
43
     */
44
    public static function validateUTF16TwoByteEncoding($string)
45
    {
46
        return preg_replace('#(&\#x*)([0-9A-F]+);*#iu', "\\1\\2;", $string);
47
    }
48
49
    /**
50
     * @param string $string String to check
51
     *
52
     * @return mixed
53
     */
54
    public static function strangeThingsAreSubmitted($string)
55
    {
56
        return preg_replace(array("/%u0([a-z0-9]{3})/i", "/%([a-z0-9]{2})/i"), "&#x\\1;", $string);
57
    }
58
59
    /**
60
     * @param string $string  String to check
61
     * @param string $charset Character set (default ISO-8859-1)
62
     *
63
     * @return mixed
64
     */
65
    public static function convertCharacterEntitiesToASCII($string, $charset)
66
    {
67
        $matches = array();
68
69
        if (preg_match_all("/<(.+?)>/si", $string, $matches)) {
70
71
            $count = count($matches['0']);
72
73
            for ($i = 0; $i < $count; $i++) {
74
                $string = str_replace(
75
                    $matches['1'][$i],
76
                    html_entity_decode($matches['1'][$i], ENT_COMPAT, $charset),
77
                    $string
78
                );
79
            }
80
        }
81
82
        return $string;
83
    }
84
85
    /**
86
     * @param string $string String to check
87
     *
88
     * @return mixed
89
     */
90
    public static function convertAllTabsToSpaces($string)
91
    {
92
        return preg_replace("#\t+#", " ", $string);
93
    }
94
95
    /**
96
     * @param string $string String to check
97
     *
98
     * @return mixed
99
     */
100
    public static function makesPhpTagsSafe($string)
101
    {
102
        return str_replace(
103
            array('<?php', '<?PHP', '<?', '?>'),
104
            array('&lt;?php', '&lt;?PHP', '&lt;?', '?&gt;'),
105
            $string
106
        );
107
    }
108
109
    /**
110
     * @param string $string String to check
111
     *
112
     * @return mixed
113
     */
114
    public static function compactAnyExplodedWords($string)
115
    {
116
        $words = array('javascript', 'vbscript', 'script', 'applet', 'alert', 'document', 'write', 'cookie', 'window');
117
        foreach ($words as $word) {
118
            $temp = '';
119
            $len = strlen($word);
120
            for ($i = 0; $i < $len; $i++) {
121
                $temp .= substr($word, $i, 1) . "\s*";
122
            }
123
            $temp = substr($temp, 0, -3);
124
            $string = preg_replace('#' . $temp . '#s', $word, $string);
125
            $string = preg_replace('#' . ucfirst($temp) . '#s', ucfirst($word), $string);
126
        }
127
128
        return $string;
129
    }
130
131
    /**
132
     * @param string $string String to check
133
     *
134
     * @return mixed
135
     */
136
    public static function removeDisallowedJavaScriptInLinksOrImgTags($string)
137
    {
138
        $string = preg_replace(
139
            "#<a.+?href=.*?(alert\(|alert&\#40;|javascript\:|window\.|document\.|\.cookie|<script|<xss).*?\>.*?</a>#si",
140
            "",
141
            $string
142
        );
143
        $string = preg_replace(
144
            "#<img.+?src=.*?(alert\(|alert&\#40;|javascript\:|window\.|document\.|\.cookie|<script|<xss).*?\>#si",
145
            "",
146
            $string
147
        );
148
149
        return preg_replace("#<(script|xss).*?\>#si", "", $string);
150
    }
151
152
    /**
153
     * @param string $string String to check
154
     *
155
     * @return mixed
156
     */
157
    public static function removeJavaScriptEventHandlers($string)
158
    {
159
        return preg_replace(
160
            '#(<[^>]+.*?)(onblur|onchange|onclick|onfocus|onload|onmouseover|onmouseup|'
161
            . 'onmousedown|onselect|onsubmit|onunload|onkeypress|onkeydown|onkeyup|onresize)[^>]*>#iU',
162
            "\\1>",
163
            $string
164
        );
165
    }
166
167
    /**
168
     * @param string $string String to check
169
     *
170
     * @return mixed
171
     */
172
    public static function healNaughtyHTMLElements($string)
173
    {
174
        return preg_replace(
175
            '#<(/*\s*)(alert|applet|basefont|base|behavior|bgsound|'
176
            . 'blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input'
177
            . '|layer|link|meta|object|plaintext|style|script|textarea|title|xml|xss)([^>]*)>#is',
178
            "&lt;\\1\\2\\3&gt;",
179
            $string
180
        );
181
    }
182
183
    /**
184
     * @param string $string String to check
185
     *
186
     * @return mixed
187
     */
188
    public static function healNaughtyScriptingElements($string)
189
    {
190
        return preg_replace(
191
            '#(alert|cmd|passthru|eval|exec|system|fopen|fsockopen|'
192
            . 'file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si',
193
            "\\1\\2&#40;\\3&#41;",
194
            $string
195
        );
196
    }
197
198
    /**
199
     * @param string $string String to check
200
     *
201
     * @return mixed
202
     */
203
    public static function removeJavaScriptHardRedirects($string)
204
    {
205
        $bad = array(
206
            'document.cookie' => '',
207
            'document.write'  => '',
208
            'window.location' => '',
209
            "javascript\s*:"  => '',
210
            "Redirect\s+302"  => '',
211
            '<!--'            => '&lt;!--',
212
            '-->'             => '--&gt;'
213
        );
214
        foreach ($bad as $key => $val) {
215
            $string = preg_replace("#" . $key . "#i", $val, $string);
216
        }
217
218
        return $string;
219
    }
220
}
221