Issues in Sanitization.php (master) - Issues in master - multidimension-al/array-sanitization - Measure and Improve Code Quality continuously with Scrutinizer

Issues (5)

lib/Sanitization.php (1 issue)

Labels

Severity

Major 1

<?php
/**
 *       __  ___      ____  _     ___                           _                    __
 *      /  |/  /_  __/ / /_(_)___/ (_)___ ___  ___  ____  _____(_)___  ____   ____ _/ /
 *     / /|_/ / / / / / __/ / __  / / __ `__ \/ _ \/ __ \/ ___/ / __ \/ __ \ / __ `/ /
 *    / /  / / /_/ / / /_/ / /_/ / / / / / / /  __/ / / (__  ) / /_/ / / / // /_/ / /
 *   /_/  /_/\__,_/_/\__/_/\__,_/_/_/ /_/ /_/\___/_/ /_/____/_/\____/_/ /_(_)__,_/_/
 *
 *  Array Sanitization Library
 *  Copyright (c) Multidimension.al (http://multidimension.al)
 *  Github : https://github.com/multidimension-al/array-sanitization
 *
 *  Licensed under The MIT License
 *  For full copyright and license information, please see the LICENSE file
 *  Redistributions of files must retain the above copyright notice.
 *
 *  @copyright  Copyright © 2017-2019 Multidimension.al (http://multidimension.al)
 *  @link       https://github.com/multidimension-al/array-sanitization Github
 *  @license    http://www.opensource.org/licenses/mit-license.php MIT License
 */

namespace Multidimensional\ArraySanitization;

class Sanitization
{

    /**
     * @param array $array
     * @param array $rules
     * @return array
     */
    public static function sanitize($array, $rules)
    {
        $newArray = [];
        if (is_array($array)) {
            foreach ($array as $key => $value) {
                if (is_array($value) && isset($rules[$key]['type']) && strtolower($rules[$key]['type']) == 'array' && isset($rules[$key]['fields'])) {
                    $newArray[$key] = self::sanitize($value, $rules[$key]['fields']);
                } elseif (in_array($key, array_keys($rules))) {
                    $newArray[$key] = self::sanitizeField($value, $rules[$key]);
                }
            }
        }

        return $newArray;
    }

    /**
     * @param string $value
     * @param array $rules
     * @return string $value
     * @internal param string $key
     */
    public static function sanitizeField($value, $rules)
    {
        if (is_array($value) && isset($rules['type']) && strtolower($rules['type']) == 'group' && isset($rules['fields'])) {
            foreach ($value as $k => $v) {
                if (is_array($v) && !isset($rules['fields'][$k])) {
                    $value[$k] = self::sanitize($v, $rules['fields']);
                } elseif (isset($rules['fields'][$k])) {
                    $value[$k] = self::sanitizeField($v, $rules['fields'][$k]);
                }
            }
        } else {
            if (isset($rules['pattern'])) {
                if (strtoupper($rules['pattern']) == 'ISO 8601' || strtoupper($rules['pattern']) == 'ISO8601') {
                    $value = self::sanitizeISO8601($value);
                } else if (strtoupper($rules['pattern']) == 'URL') {
                    $value = self::sanitizeURL($value);
                } else if (strtoupper($rules['pattern']) == 'EMAIL') {
                    $value = self::sanitizeEmail($value);
                } else if (strtoupper($rules['pattern']) == 'IP') {
                    $value = self::sanitizeIP($value);
                } else if (strtoupper($rules['pattern']) == 'MAC') {
                    $value = self::sanitizeMAC($value);
                } else {
                    $value = self::sanitizePattern($value, $rules['pattern']);
                }
            }

            if (isset($rules['values'])) {
                $value = self::sanitizeValues($value, $rules['values']);
            }

            if (isset($rules['type'])) {
                if ($rules['type'] == 'integer') {
                    $value = self::sanitizeInteger($value);
                } elseif ($rules['type'] == 'string') {
                    $value = self::sanitizeString($value);
                } elseif ($rules['type'] == 'decimal') {
                    $value = self::sanitizeDecimal($value);
                } elseif ($rules['type'] == 'boolean') {
                    $value = self::sanitizeBoolean($value);
                }
            }
        }

        return $value;

    }

    /**
     * @param string $value
     * @return string
     */
    protected static function sanitizeISO8601($value)
    {
        $pattern = '(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)T(?:[01]\d|2[0-3]):[0-5]\d:[0-5]\d(?:Z|[+-][01]\d:[0-5]\d)';
        $value = trim($value);

        if (preg_match('/^' . $pattern . '$/', $value)
            || preg_match('/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}[+-]\d{2}:\d{2}$/', $value)
            || preg_match('/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$/', $value)
        ) {
            return $value;
        }

        return preg_replace('/[^0-9TZ\:\-\+]/', '', $value);
    }

    /**
     * @param string $value
     * @param string $pattern
     * @return string
     */
    protected static function sanitizePattern($value, $pattern)
    {
        if (preg_match('/^' . $pattern . '$/', $value)) {
            return $value;
        }

        return preg_replace('/[^' . $pattern . ']/', '', $value);
    }

    /**
     * @param string $value
     * @param array|string $array
     * @return string
     */
    protected static function sanitizeValues($value, $array)
    {
        if (is_array($array)) {
            foreach ($array as $key) {
                if (strcasecmp($value, $key) === 0) {
                    return $key;
                }
            }
        } elseif (strcasecmp($value, $array) === 0) {
            return $array;
        }

        return $value;
    }

    /**
     * @param string|int $value
     * @return int
     */
    protected static function sanitizeInteger($value)
    {
        return (int)filter_var(intval($value), FILTER_SANITIZE_NUMBER_INT);
    }

    /**
     * @param string $value
     * @return string
     */
    protected static function sanitizeString($value)
    {
        return (string)filter_var(strval($value), FILTER_SANITIZE_STRING);
    }

    /**
     * @param string|float $value
     * @return float
     */
    protected static function sanitizeDecimal($value)
    {
        return (float)filter_var(floatval($value), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
    }

    /**
     * @param string|bool $value
     * @return true|false|null
     */
    protected static function sanitizeBoolean($value)
    {
        return filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
    }

    /**
     * @param string $value
     * @return string
     */
    protected static function sanitizeURL($value)
    {
        return (string)filter_var(strval($value), FILTER_SANITIZE_URL);
    }

    /**
     * @param string $value
     * @return string
     */
    protected static function sanitizeEmail($value)
    {
        return (string)filter_var(strval($value), FILTER_SANITIZE_EMAIL);
    }

    /**
     * @param string $value
     * @return string
     */
    protected static function sanitizeMAC($value)
    {
        if(filter_var($value, FILTER_VALIDATE_MAC)) {
            return (string)$value;
        }

        return (string)preg_replace('/[\x00-\x2C\x3B-\x40\x47-\x60\x67-\xFF]/', '', $value);

    }

    /**
     * @param string $value
     * @return string
     */
    protected static function sanitizeIP($value)
    {
        if(filter_var($value, FILTER_VALIDATE_IP)) {
            return (string)$value;
        }

        return (string)preg_replace('/[\x00-\x2D\x2F\x3B-\x40\x47-\x60\x67-\xFF]/', '', $value);

    }
}


1		<?php
2		/**
3		* __ ___ ____ _ ___ _ __
4		* / \|/ /_ __/ / /_(_)___/ (_)___ ___ ___ ____ _____(_)___ ____ ____ _/ /
5		* / /\|_/ / / / / / __/ / __ / / __ `__ \/ _ \/ __ \/ ___/ / __ \/ __ \ / __ `/ /
6		* / / / / /_/ / / /_/ / /_/ / / / / / / / __/ / / (__ ) / /_/ / / / // /_/ / /
7		* /_/ /_/\__,_/_/\__/_/\__,_/_/_/ /_/ /_/\___/_/ /_/____/_/\____/_/ /_(_)__,_/_/
8		*
9		* Array Sanitization Library
10		* Copyright (c) Multidimension.al (http://multidimension.al)
11		* Github : https://github.com/multidimension-al/array-sanitization
12		*
13		* Licensed under The MIT License
14		* For full copyright and license information, please see the LICENSE file
15		* Redistributions of files must retain the above copyright notice.
16		*
17		* @copyright Copyright © 2017-2019 Multidimension.al (http://multidimension.al)
18		* @link https://github.com/multidimension-al/array-sanitization Github
19		* @license http://www.opensource.org/licenses/mit-license.php MIT License
20		*/
21
22		namespace Multidimensional\ArraySanitization;
23
24		class Sanitization
25		{
26
27		/**
28		* @param array $array
29		* @param array $rules
30		* @return array
31		*/
32	32	public static function sanitize($array, $rules)
33		{
34	32	$newArray = [];
35	32	if (is_array($array)) {
36	32	foreach ($array as $key => $value) {
37	32	if (is_array($value) && isset($rules[$key]['type']) && strtolower($rules[$key]['type']) == 'array' && isset($rules[$key]['fields'])) {
38	6	$newArray[$key] = self::sanitize($value, $rules[$key]['fields']);
39	32	} elseif (in_array($key, array_keys($rules))) {
40	32	$newArray[$key] = self::sanitizeField($value, $rules[$key]);
41	32	}
42	32	}
43	32	}
44
45	32	return $newArray;
46		}
47
48		/**
49		* @param string $value
50		* @param array $rules
51		* @return string $value
52		* @internal param string $key
53		*/
54	32	public static function sanitizeField($value, $rules)
55		{
56	32	if (is_array($value) && isset($rules['type']) && strtolower($rules['type']) == 'group' && isset($rules['fields'])) {
57	6	foreach ($value as $k => $v) {
58	6	if (is_array($v) && !isset($rules['fields'][$k])) {
59	6	$value[$k] = self::sanitize($v, $rules['fields']);
60	6	} elseif (isset($rules['fields'][$k])) {
61	2	$value[$k] = self::sanitizeField($v, $rules['fields'][$k]);
62	2	}
63	6	}
64	6	} else {
65	32	if (isset($rules['pattern'])) {
66	16	if (strtoupper($rules['pattern']) == 'ISO 8601' \|\| strtoupper($rules['pattern']) == 'ISO8601') {
67	4	$value = self::sanitizeISO8601($value);
68	16	} else if (strtoupper($rules['pattern']) == 'URL') {
69	2	$value = self::sanitizeURL($value);
70	14	} else if (strtoupper($rules['pattern']) == 'EMAIL') {
71	2	$value = self::sanitizeEmail($value);
72	12	} else if (strtoupper($rules['pattern']) == 'IP') {
73	2	$value = self::sanitizeIP($value);
74	10	} else if (strtoupper($rules['pattern']) == 'MAC') {
75	2	$value = self::sanitizeMAC($value);
76	2	} else {
77	6	$value = self::sanitizePattern($value, $rules['pattern']);
78		}
79	16	}
80
81	32	if (isset($rules['values'])) {
82	8	$value = self::sanitizeValues($value, $rules['values']);
83	8	}
84
85	32	if (isset($rules['type'])) {
86	28	if ($rules['type'] == 'integer') {
87	12	$value = self::sanitizeInteger($value);
88	28	} elseif ($rules['type'] == 'string') {
89	18	$value = self::sanitizeString($value);
90	24	} elseif ($rules['type'] == 'decimal') {
91	6	$value = self::sanitizeDecimal($value);
92	10	} elseif ($rules['type'] == 'boolean') {
93	6	$value = self::sanitizeBoolean($value);
94	6	}
95	28	}
96		}
97
98	32	return $value;
		0 ignored issues – show Bug Best Practice introduced 2019-02-19 05:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return $value` also could return the type `boolean` which is incompatible with the documented return type `string`. Loading history...
99		}
100
101		/**
102		* @param string $value
103		* @return string
104		*/
105	4	protected static function sanitizeISO8601($value)
106		{
107	4	$pattern = '(?:[1-9]\d{3}-(?:(?:0[1-9]\|1[0-2])-(?:0[1-9]\|1\d\|2[0-8])\|(?:0[13-9]\|1[0-2])-(?:29\|30)\|(?:0[13578]\|1[02])-31)\|(?:[1-9]\d(?:0[48]\|[2468][048]\|[13579][26])\|(?:[2468][048]\|[13579][26])00)-02-29)T(?:[01]\d\|2[0-3]):[0-5]\d:[0-5]\d(?:Z\|[+-][01]\d:[0-5]\d)';
108	4	$value = trim($value);
109
110	4	if (preg_match('/^' . $pattern . '$/', $value)
111	4	\|\| preg_match('/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}[+-]\d{2}:\d{2}$/', $value)
112	4	\|\| preg_match('/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$/', $value)
113	4	) {
114	2	return $value;
115		}
116
117	4	return preg_replace('/[^0-9TZ\:\-\+]/', '', $value);
118		}
119
120		/**
121		* @param string $value
122		* @param string $pattern
123		* @return string
124		*/
125	6	protected static function sanitizePattern($value, $pattern)
126		{
127	6	if (preg_match('/^' . $pattern . '$/', $value)) {
128	6	return $value;
129		}
130
131	2	return preg_replace('/[^' . $pattern . ']/', '', $value);
132		}
133
134		/**
135		* @param string $value
136		* @param array\|string $array
137		* @return string
138		*/
139	8	protected static function sanitizeValues($value, $array)
140		{
141	8	if (is_array($array)) {
142	8	foreach ($array as $key) {
143	8	if (strcasecmp($value, $key) === 0) {
144	6	return $key;
145		}
146	4	}
147	4	} elseif (strcasecmp($value, $array) === 0) {
148	2	return $array;
149		}
150
151	2	return $value;
152		}
153
154		/**
155		* @param string\|int $value
156		* @return int
157		*/
158	12	protected static function sanitizeInteger($value)
159		{
160	12	return (int)filter_var(intval($value), FILTER_SANITIZE_NUMBER_INT);
161		}
162
163		/**
164		* @param string $value
165		* @return string
166		*/
167	18	protected static function sanitizeString($value)
168		{
169	18	return (string)filter_var(strval($value), FILTER_SANITIZE_STRING);
170		}
171
172		/**
173		* @param string\|float $value
174		* @return float
175		*/
176	6	protected static function sanitizeDecimal($value)
177		{
178	6	return (float)filter_var(floatval($value), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
179		}
180
181		/**
182		* @param string\|bool $value
183		* @return true\|false\|null
184		*/
185	6	protected static function sanitizeBoolean($value)
186		{
187	6	return filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
188		}
189
190		/**
191		* @param string $value
192		* @return string
193		*/
194	2	protected static function sanitizeURL($value)
195		{
196	2	return (string)filter_var(strval($value), FILTER_SANITIZE_URL);
197		}
198
199		/**
200		* @param string $value
201		* @return string
202		*/
203	2	protected static function sanitizeEmail($value)
204		{
205	2	return (string)filter_var(strval($value), FILTER_SANITIZE_EMAIL);
206		}
207
208		/**
209		* @param string $value
210		* @return string
211		*/
212	2	protected static function sanitizeMAC($value)
213		{
214	2	if(filter_var($value, FILTER_VALIDATE_MAC)) {
215	2	return (string)$value;
216		}
217
218	2	return (string)preg_replace('/[\x00-\x2C\x3B-\x40\x47-\x60\x67-\xFF]/', '', $value);
219
220		}
221
222		/**
223		* @param string $value
224		* @return string
225		*/
226	2	protected static function sanitizeIP($value)
227		{
228	2	if(filter_var($value, FILTER_VALIDATE_IP)) {
229	2	return (string)$value;
230		}
231
232	2	return (string)preg_replace('/[\x00-\x2D\x2F\x3B-\x40\x47-\x60\x67-\xFF]/', '', $value);
233
234		}
235		}
236

multidimension-al / array-sanitization

Issues (5)

lib/Sanitization.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like